Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Killing Hazard Pop Up


  • This topic is locked This topic is locked
31 replies to this topic

#1 Tomie

Tomie

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow
  • Local time:09:36 AM

Posted 30 September 2010 - 07:38 PM

I am running Windows 7, I use Opera and Firefox browsers, recently whenever I am browsing the internet I get a pop up message saying

"Warning! [IP Address] On your computer detected the malicious code.
Should immediately make sure that your system is safe! Killing Hazard
® for Microsoft Windows XP immediately started to work"
There's always a random IP address within the message and the page it redirects to.

I tried running MBAM and Avira Anti Virus, both programs detected malware and removed files, but the problem still persists.
I have followed the prep guide and attached requested files.

The same thing is happening when I browse the internet using my iPod Touch, I cannot scan it as the computer doesn't read it as a drive.

Any help would be greatly appreciated.

Tomie

Attached Files


Posted Image


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:36 AM

Posted 05 October 2010 - 06:59 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Tomie

Tomie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow
  • Local time:09:36 AM

Posted 05 October 2010 - 09:39 AM

Hallo myrti,

Thank you so much for getting back to me. So far the only programs I have used are MBAM and AntiVir Free, both these programs found infections and removed them but the problem still persisits. Especially when using Google Chrome.

Here are the OTL reports:

OTLText

OTL logfile created on: 10/5/2010 3:16:55 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Madzy\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 23.85 Gb Free Space | 21.33% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 4.38 Gb Free Space | 99.88% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 661.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MADZY-PC
Current User Name: Madzy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/05 15:16:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Madzy\Downloads\OTL.exe
PRC - [2010/09/28 15:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/27 14:01:24 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/08/27 13:59:38 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/05 02:13:53 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Madzy\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/26 05:00:52 | 000,429,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
PRC - [2009/09/26 05:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/17 12:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/29 11:51:02 | 000,651,264 | ---- | M] () -- C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
PRC - [2008/08/14 10:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 15:16:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Madzy\Downloads\OTL.exe
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/28 19:32:55 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/08/27 13:59:38 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/08/27 13:56:30 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/05 03:02:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/10/29 10:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/12/17 23:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/09/28 02:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/13 22:09:58 | 000,060,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/08/09 22:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/01 22:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/12/05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006/11/19 22:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/07/06 13:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMV1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1240005926-99492120-819423886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1240005926-99492120-819423886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1240005926-99492120-819423886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1240005926-99492120-819423886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 5E 11 88 DB 1B CB 01 [binary data]
IE - HKU\S-1-5-21-1240005926-99492120-819423886-1001\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1240005926-99492120-819423886-1001\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMV1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1240005926-99492120-819423886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1240005926-99492120-819423886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.9.8
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2010/09/08 22:00:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/01 15:43:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/01 15:43:52 | 000,000,000 | ---D | M]

[2010/09/11 14:44:35 | 000,000,000 | ---D | M] -- C:\Users\Madzy\AppData\Roaming\Mozilla\Extensions
[2010/09/11 14:44:35 | 000,000,000 | ---D | M] -- C:\Users\Madzy\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/09/27 08:11:33 | 000,000,000 | ---D | M] -- C:\Users\Madzy\AppData\Roaming\Mozilla\Firefox\Profiles\bjbs7wdb.default\extensions
[2010/09/08 04:30:54 | 000,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Users\Madzy\AppData\Roaming\Mozilla\Firefox\Profiles\bjbs7wdb.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
[2010/09/27 08:11:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Madzy\AppData\Roaming\Mozilla\Firefox\Profiles\bjbs7wdb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/27 08:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/08 15:49:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/25 01:24:53 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/25 01:24:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/25 01:24:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/25 01:24:53 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMV1.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMV1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1240005926-99492120-819423886-1001\..\Toolbar\WebBrowser: (no name) - {193D7001-BD9F-48C2-B5C7-69775AA2201D} - No CLSID value found.
O3 - HKU\S-1-5-21-1240005926-99492120-819423886-1001\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1240005926-99492120-819423886-1001\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1240005926-99492120-819423886-1001\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\tbIMV1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-21-1240005926-99492120-819423886-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Madzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Madzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MySurvey Messenger.lnk = C:\Users\Madzy\AppData\Roaming\Microsoft\Installer\{3CFCDC11-4584-464B-9194-594D6E1CB246}\Icon3CFCDC11.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1240005926-99492120-819423886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.149 213.109.74.115
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A59B76D1-5E3B-4893-BB7F-AF69B2570A73} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/04 23:19:54 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Roaming\Regensoft
[2010/10/04 23:19:52 | 000,000,000 | ---D | C] -- C:\Users\Madzy\Documents\Red Kawa
[2010/10/04 23:19:52 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Roaming\Red Kawa
[2010/10/04 22:49:13 | 000,356,352 | ---- | C] (Gabest) -- C:\Windows\System32\RealMediaSplitter.ax
[2010/10/04 22:49:13 | 000,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\Windows\System32\GplMpgDec.ax
[2010/10/04 22:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Free iPod Video Converter
[2010/10/04 22:44:46 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Local\Geckofx
[2010/10/04 22:44:20 | 000,000,000 | ---D | C] -- C:\Users\Madzy\Documents\Regensoft
[2010/10/04 22:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Regensoft
[2010/10/04 22:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/10/04 22:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2010/10/04 20:07:31 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Local\Adobe
[2010/10/04 01:06:05 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Roaming\ImgBurn
[2010/10/04 01:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/10/04 00:54:39 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Roaming\Canneverbe Limited
[2010/10/04 00:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010/10/04 00:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/10/02 08:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\Free WMA to MP3 Converter
[2010/10/01 15:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/01 15:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/01 15:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/01 06:18:02 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Local\Apple
[2010/10/01 00:54:49 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/01 00:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/01 00:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/30 03:01:20 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/09/29 04:35:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/25 00:23:01 | 000,000,000 | ---D | C] -- C:\Users\Madzy\Documents\PS Patterns
[2010/09/25 00:22:20 | 000,000,000 | ---D | C] -- C:\Users\Madzy\Documents\PS Brushes
[2010/09/12 17:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/11 14:54:53 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Roaming\Vivox
[2010/09/11 14:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\IMVU_Inc
[2010/09/11 14:44:31 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Roaming\IMVU
[2010/09/11 14:44:16 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Roaming\IMVUClient
[2010/09/10 13:22:14 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Local\Unity
[2010/09/10 00:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\FarmVille Cash Generator Tool
[2010/09/08 22:03:28 | 000,000,000 | ---D | C] -- C:\Users\Madzy\Documents\Fiddler2
[2010/09/08 22:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Fiddler2
[2010/09/08 15:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/08 15:49:12 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/09/08 15:49:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/09/08 15:49:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/09/08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/09/08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/09/08 04:37:27 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Roaming\Charles
[2010/09/08 04:29:29 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Roaming\Mozilla
[2010/09/08 04:29:29 | 000,000,000 | ---D | C] -- C:\Users\Madzy\AppData\Local\Mozilla
[2010/09/08 04:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/08 04:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Charles
[2010/07/21 19:47:48 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd2.dll
[2010/07/21 19:47:48 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd2.dll
[2010/07/21 19:47:48 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd2.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/05 15:19:27 | 002,359,296 | ---- | M] () -- C:\Users\Madzy\NTUSER.DAT
[2010/10/05 15:19:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1240005926-99492120-819423886-1001UA.job
[2010/10/05 14:56:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1240005926-99492120-819423886-1003UA.job
[2010/10/05 09:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/05 02:18:04 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1240005926-99492120-819423886-1001Core.job
[2010/10/05 02:08:55 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 02:08:55 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 02:01:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/05 01:58:10 | 001,883,065 | -H-- | M] () -- C:\Users\Madzy\AppData\Local\IconCache.db
[2010/10/04 22:49:14 | 000,001,054 | ---- | M] () -- C:\Users\Madzy\Desktop\Jodix Free iPod Video Converter.lnk
[2010/10/04 22:44:20 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader App.lnk
[2010/10/04 22:44:03 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Videora iPod Converter.lnk
[2010/10/04 15:56:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1240005926-99492120-819423886-1003Core.job
[2010/10/04 01:04:26 | 000,001,807 | ---- | M] () -- C:\Users\Madzy\Desktop\ImgBurn.lnk
[2010/10/04 00:54:17 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010/10/01 18:05:40 | 000,007,605 | ---- | M] () -- C:\Users\Madzy\AppData\Local\resmon.resmoncfg
[2010/10/01 17:17:10 | 002,550,666 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/10/01 17:17:10 | 000,669,660 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/10/01 17:17:10 | 000,640,132 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/01 17:17:10 | 000,472,234 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2010/10/01 17:17:10 | 000,380,456 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2010/10/01 17:17:10 | 000,139,372 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/10/01 17:17:10 | 000,115,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/01 17:17:10 | 000,113,342 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2010/10/01 17:17:10 | 000,086,484 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2010/10/01 01:09:26 | 193,278,377 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/01 01:04:23 | 000,000,000 | ---- | M] () -- C:\Users\Madzy\defogger_reenable
[2010/10/01 00:54:40 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/10 12:04:11 | 000,002,503 | ---- | M] () -- C:\Users\Madzy\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/09/08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/09/08 04:27:51 | 000,001,905 | ---- | M] () -- C:\Users\Madzy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/08 04:27:51 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/04 22:49:14 | 000,001,054 | ---- | C] () -- C:\Users\Madzy\Desktop\Jodix Free iPod Video Converter.lnk
[2010/10/04 22:49:13 | 000,417,792 | ---- | C] () -- C:\Windows\System32\ac3filter.ax
[2010/10/04 22:44:20 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader App.lnk
[2010/10/04 22:44:03 | 000,002,148 | ---- | C] () -- C:\Users\Public\Desktop\Videora iPod Converter.lnk
[2010/10/04 01:04:26 | 000,001,807 | ---- | C] () -- C:\Users\Madzy\Desktop\ImgBurn.lnk
[2010/10/04 00:54:17 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010/10/01 18:04:57 | 000,007,605 | ---- | C] () -- C:\Users\Madzy\AppData\Local\resmon.resmoncfg
[2010/10/01 01:09:26 | 193,278,377 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/01 01:04:23 | 000,000,000 | ---- | C] () -- C:\Users\Madzy\defogger_reenable
[2010/10/01 00:54:40 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/08 04:27:51 | 000,001,905 | ---- | C] () -- C:\Users\Madzy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/08 04:27:51 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/21 19:47:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd2.dll
[2010/07/21 19:47:56 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd2.ini
[2010/07/21 19:47:50 | 000,347,264 | ---- | C] () -- C:\Windows\System32\drivers\snpstd2.sys
[2010/07/12 13:52:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/12/01 20:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[1999/07/07 01:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F8D65F32
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:1C6D843F
< End of report >

Extras

OTL Extras logfile created on: 10/5/2010 3:16:55 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Madzy\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 23.85 Gb Free Space | 21.33% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 4.38 Gb Free Space | 99.88% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 661.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MADZY-PC
Current User Name: Madzy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1240005926-99492120-819423886-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Madzy\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1AD60CB1-D97B-4E5D-9A01-D33C1969A5FA}_is1" = Version 1.0
"{1C52C859-8E8E-4E69-9608-C923644AC1E0}" = LG PC Suite III
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CFCDC11-4584-464B-9194-594D6E1CB246}" = MySurvey Messenger International
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision®
"{401879D1-AC26-43CD-BDDE-E0D5D5608083}" = TOSHIBA Supervisor Password
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64B408B8-068B-4EE0-B16C-658A24E75B8B}" = Active@ UNDELETE
"{680B6877-75C2-4CEF-866D-7DBE26DBB772}" = openCanvas4.5.18e Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BFCB1F6F-E16B-4015-8C47-1D8445EC1685}_is1" = FreeZ Online TV v1.35
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}" = USB PC Camera (SN9C103)
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Celestia_is1" = Celestia 1.6.0
"Charles_XK72" = Charles
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX Setup
"Fiddler2" = Fiddler2
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"ImgBurn" = ImgBurn
"IMVU_Inc Toolbar" = IMVU Inc Toolbar
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity™
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Mystery Legends - Sleepy Hollow 1.00" = Mystery Legends - Sleepy Hollow 1.00
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SopCast" = SopCast 3.2.9
"Storybook" = Storybook
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Serpent of Isis 1.00" = The Serpent of Isis 1.00
"TuneUp Utilities" = TuneUp Utilities
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"Videora iPod Converter" = Videora iPod Converter 6
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YouTube Downloader App" = YouTube Downloader App 3.00
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1240005926-99492120-819423886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BingoLinerUK" = BingoLinerUK
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/5/2010 4:09:58 AM | Computer Name = Madzy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2308

Error - 10/5/2010 4:51:40 AM | Computer Name = Madzy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/5/2010 4:51:40 AM | Computer Name = Madzy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2503706

Error - 10/5/2010 4:51:40 AM | Computer Name = Madzy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2503706

Error - 10/5/2010 4:51:41 AM | Computer Name = Madzy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/5/2010 4:51:41 AM | Computer Name = Madzy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2504705

Error - 10/5/2010 4:51:41 AM | Computer Name = Madzy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2504705

Error - 10/5/2010 4:51:42 AM | Computer Name = Madzy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/5/2010 4:51:42 AM | Computer Name = Madzy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2505703

Error - 10/5/2010 4:51:42 AM | Computer Name = Madzy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2505703

[ Media Center Events ]
Error - 9/1/2010 1:36:35 PM | Computer Name = Madzy-PC | Source = MCUpdate | ID = 0
Description = 18:36:35 - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 9/1/2010 1:36:38 PM | Computer Name = Madzy-PC | Source = MCUpdate | ID = 0
Description = 18:36:37 - Failed to retrieve MCESpotlight (Error: Unable to connect
to the remote server)

Error - 9/1/2010 1:36:40 PM | Computer Name = Madzy-PC | Source = MCUpdate | ID = 0
Description = 18:36:39 - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 9/1/2010 1:36:47 PM | Computer Name = Madzy-PC | Source = MCUpdate | ID = 0
Description = 18:36:41 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 10/5/2010 4:09:59 AM | Computer Name = Madzy-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 10/5/2010 4:51:58 AM | Computer Name = Madzy-PC | Source = PNRPSvc | ID = 102
Description =

Error - 10/5/2010 4:51:58 AM | Computer Name = Madzy-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 10/5/2010 4:51:58 AM | Computer Name = Madzy-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 10/5/2010 4:52:01 AM | Computer Name = Madzy-PC | Source = PNRPSvc | ID = 102
Description =

Error - 10/5/2010 4:52:01 AM | Computer Name = Madzy-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 10/5/2010 4:52:01 AM | Computer Name = Madzy-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 10/5/2010 4:52:02 AM | Computer Name = Madzy-PC | Source = PNRPSvc | ID = 102
Description =

Error - 10/5/2010 4:52:02 AM | Computer Name = Madzy-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 10/5/2010 4:52:02 AM | Computer Name = Madzy-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535


< End of report >


Posted Image


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:36 AM

Posted 06 October 2010 - 03:06 AM

Hi,

please run ComboFix next:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Tomie

Tomie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow
  • Local time:09:36 AM

Posted 06 October 2010 - 06:38 AM

Hello, ran ComboFix

Report:


ComboFix 10-10-05.04 - Madzy 06/10/2010 12:21:22.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1534.785 [GMT 1:00]
Running from: c:\users\Madzy\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\users\Madzy\AppData\Local\Microsoft\Windows\Temporary Internet Files\getSilverlight.ashx

.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-06 11:31 . 2010-10-06 11:31 -------- d-----w- c:\users\Mark\AppData\Local\temp
2010-10-06 11:31 . 2010-10-06 11:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-04 22:19 . 2010-10-04 22:19 -------- d-----w- c:\users\Madzy\AppData\Roaming\Regensoft
2010-10-04 22:19 . 2010-10-04 22:19 -------- d-----w- c:\users\Madzy\AppData\Roaming\Red Kawa
2010-10-04 21:49 . 2010-10-04 21:49 -------- d-----w- c:\program files\Free iPod Video Converter
2010-10-04 21:44 . 2010-10-04 21:44 -------- d-----w- c:\users\Madzy\AppData\Local\Geckofx
2010-10-04 21:44 . 2010-10-04 21:44 -------- d-----w- c:\program files\Regensoft
2010-10-04 21:44 . 2010-10-04 21:44 -------- d-----w- c:\program files\AviSynth 2.5
2010-10-04 21:44 . 2010-10-04 21:44 -------- d-----w- c:\program files\Red Kawa
2010-10-04 19:07 . 2010-10-04 19:07 -------- d-----w- c:\users\Madzy\AppData\Local\Adobe
2010-10-04 00:06 . 2010-10-04 00:06 -------- d-----w- c:\users\Madzy\AppData\Roaming\ImgBurn
2010-10-04 00:04 . 2010-10-04 00:04 -------- d-----w- c:\program files\ImgBurn
2010-10-03 23:54 . 2010-10-03 23:54 -------- d-----w- c:\users\Madzy\AppData\Roaming\Canneverbe Limited
2010-10-03 23:54 . 2010-10-03 23:54 -------- d-----w- c:\programdata\Canneverbe Limited
2010-10-03 23:54 . 2010-10-03 23:54 -------- d-----w- c:\program files\CDBurnerXP
2010-10-02 07:06 . 2010-10-02 07:06 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-10-01 14:46 . 2010-10-01 14:46 -------- d-----w- c:\program files\iPod
2010-10-01 14:46 . 2010-10-01 14:47 -------- d-----w- c:\program files\iTunes
2010-10-01 14:43 . 2010-10-01 14:43 -------- d-----w- c:\program files\QuickTime
2010-10-01 14:40 . 2010-10-01 14:40 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-10-01 05:18 . 2010-10-01 05:18 -------- d-----w- c:\users\Madzy\AppData\Local\Apple
2010-10-01 03:48 . 2010-10-01 03:44 193832 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-10-01 03:48 . 2010-10-01 03:48 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-10-01 03:48 . 2010-10-01 03:48 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-10-01 03:48 . 2010-10-01 03:48 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-10-01 03:48 . 2010-10-01 03:48 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-10-01 03:47 . 2010-10-01 03:47 84038 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-10-01 03:47 . 2010-10-01 03:47 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-10-01 03:44 . 2010-10-01 03:44 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-30 23:55 . 2010-09-30 23:55 63488 ----a-w- c:\users\Madzy\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-30 23:55 . 2010-09-30 23:55 52224 ----a-w- c:\users\Madzy\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-30 23:55 . 2010-09-30 23:55 117760 ----a-w- c:\users\Madzy\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-30 23:54 . 2010-09-30 23:54 -------- d-----w- c:\users\Madzy\AppData\Roaming\SUPERAntiSpyware.com
2010-09-30 23:54 . 2010-09-30 23:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-30 23:54 . 2010-09-30 23:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-30 02:01 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-30 02:01 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 03:35 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-15 16:03 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-12 16:19 . 2010-09-12 16:19 -------- d-----w- c:\program files\Bonjour
2010-09-11 13:54 . 2010-09-11 13:54 -------- d-----w- c:\users\Madzy\AppData\Roaming\Vivox
2010-09-11 13:53 . 2010-09-11 13:53 -------- d-----w- c:\program files\IMVU_Inc
2010-09-11 13:44 . 2010-09-11 14:22 -------- d-----w- c:\users\Madzy\AppData\Roaming\IMVU
2010-09-11 13:44 . 2010-09-11 13:44 77390 ----a-w- c:\users\Madzy\AppData\Roaming\IMVUClient\Uninstall.exe
2010-09-11 13:44 . 2010-09-11 13:44 -------- d-----w- c:\users\Madzy\AppData\Roaming\IMVUClient
2010-09-10 15:48 . 2010-09-10 15:48 97200 ----a-w- c:\users\Madzy\AppData\Roaming\IMVUClient\IMVUupdater.exe
2010-09-10 15:48 . 2010-09-10 15:48 21760 ----a-w- c:\users\Madzy\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
2010-09-10 15:48 . 2010-09-10 15:48 52992 ----a-w- c:\users\Madzy\AppData\Roaming\IMVUClient\IMVUClient.exe
2010-09-10 12:22 . 2010-09-10 12:22 -------- d-----w- c:\users\Madzy\AppData\Local\Unity
2010-09-10 11:02 . 2010-09-10 11:02 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
2010-09-09 23:20 . 2010-09-09 23:20 -------- d-----w- c:\program files\FarmVille Cash Generator Tool
2010-09-08 23:39 . 2010-09-08 23:39 1350656 ----a-w- c:\users\Madzy\AppData\Roaming\IMVUClient\SceneWindow.dll
2010-09-08 21:00 . 2010-09-08 21:00 -------- d-----w- c:\program files\Fiddler2
2010-09-08 14:49 . 2010-09-08 14:49 -------- d-----w- c:\program files\Common Files\Java
2010-09-08 03:37 . 2010-09-08 03:54 -------- d-----w- c:\users\Madzy\AppData\Roaming\Charles
2010-09-08 03:29 . 2010-09-08 03:29 -------- d-----w- c:\users\Madzy\AppData\Local\Mozilla
2010-09-08 03:27 . 2010-09-08 03:27 -------- d-----w- c:\program files\Charles
2010-09-07 18:12 . 2010-09-07 18:12 172032 ----a-w- c:\users\Madzy\AppData\Roaming\IMVUClient\IMVUD3D11.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 21:16 . 2010-07-05 01:08 -------- d-----w- c:\users\Madzy\AppData\Roaming\uTorrent
2010-10-01 16:17 . 2010-07-21 20:19 380456 ----a-w- c:\windows\system32\prfh0804.dat
2010-10-01 16:17 . 2010-07-21 20:19 113342 ----a-w- c:\windows\system32\prfc0804.dat
2010-10-01 16:17 . 2010-07-21 19:43 86484 ----a-w- c:\windows\system32\perfc014.dat
2010-10-01 16:17 . 2010-07-21 19:43 472234 ----a-w- c:\windows\system32\perfh014.dat
2010-10-01 16:17 . 2010-07-21 19:36 669660 ----a-w- c:\windows\system32\perfh007.dat
2010-10-01 16:17 . 2010-07-21 19:36 139372 ----a-w- c:\windows\system32\perfc007.dat
2010-10-01 14:46 . 2010-07-05 20:24 -------- d-----w- c:\program files\Common Files\Apple
2010-10-01 03:48 . 2010-07-15 18:44 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-10-01 03:48 . 2010-07-15 18:20 -------- d-----w- c:\program files\DivX
2010-10-01 03:48 . 2010-07-15 18:11 -------- d-----w- c:\programdata\DivX
2010-10-01 03:44 . 2010-07-15 18:30 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-10-01 03:44 . 2010-07-15 18:30 876824 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-10-01 00:04 . 2010-08-20 15:21 -------- d-----w- c:\program files\Safari
2010-09-30 02:19 . 2010-07-05 13:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-24 23:30 . 2010-07-06 23:07 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-08 14:49 . 2010-07-11 21:58 -------- d-----w- c:\program files\Java
2010-09-03 20:46 . 2010-07-05 00:47 109216 ----a-w- c:\users\Madzy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-03 20:40 . 2010-09-03 20:40 -------- d-----w- c:\program files\MSECache
2010-09-03 20:29 . 2010-07-05 02:07 -------- d-----w- c:\programdata\Microsoft Help
2010-09-03 20:24 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-09-03 20:24 . 2010-09-03 20:24 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-03 20:23 . 2010-09-03 20:23 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-09-03 20:23 . 2010-07-08 21:22 -------- d-----w- c:\program files\Microsoft.NET
2010-09-03 20:23 . 2010-07-05 13:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-03 20:21 . 2010-09-03 20:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-03 20:20 . 2010-09-03 20:20 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-09-03 20:02 . 2010-07-05 13:16 -------- d-----w- c:\program files\Microsoft
2010-09-03 19:55 . 2010-09-01 05:37 -------- d-----w- c:\users\Madzy\AppData\Roaming\SoftGrid Client
2010-09-01 18:47 . 2010-09-01 18:47 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-09-01 18:37 . 2010-09-01 18:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-09-01 18:37 . 2010-09-01 18:37 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-09-01 13:04 . 2010-09-01 13:04 -------- d-----w- c:\programdata\VirtualizedApplications
2010-09-01 05:37 . 2010-09-01 05:33 -------- d-----w- c:\users\Madzy\AppData\Roaming\TP
2010-09-01 05:15 . 2010-09-01 05:15 45056 ----a-r- c:\users\Madzy\AppData\Roaming\Microsoft\Installer\{680B6877-75C2-4CEF-866D-7DBE26DBB772}\_597EDA5447AC_4DEE_A5F8_88EF195E1F22.exe
2010-09-01 05:15 . 2010-09-01 05:15 15086 ----a-r- c:\users\Madzy\AppData\Roaming\Microsoft\Installer\{680B6877-75C2-4CEF-866D-7DBE26DBB772}\oC4.exe
2010-09-01 05:15 . 2010-09-01 05:15 -------- d-----w- c:\program files\portalgraphics
2010-09-01 04:58 . 2010-08-15 17:32 -------- d-----w- c:\program files\Opera
2010-09-01 04:55 . 2010-08-30 20:53 -------- d-----w- c:\users\Madzy\AppData\Roaming\CBS Interactive
2010-09-01 04:52 . 2010-08-12 19:55 -------- d-----w- c:\program files\Babylon-English
2010-09-01 04:51 . 2010-09-01 04:51 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-09-01 04:40 . 2010-09-01 04:40 -------- d-----w- c:\program files\Zynga
2010-08-31 00:23 . 2010-08-30 20:53 -------- d-----w- c:\users\Madzy\AppData\Roaming\OpenCandy
2010-08-30 22:43 . 2010-07-10 23:28 -------- d-----w- c:\program files\PeerBlock
2010-08-30 20:57 . 2010-08-30 20:57 -------- d-----w- c:\program files\FreeZ Online TV
2010-08-30 20:53 . 2010-08-30 20:53 257257 ----a-w- c:\users\Madzy\AppData\Roaming\OpenCandy\DLMGR3.exe
2010-08-30 20:44 . 2010-08-30 20:44 -------- d-----w- c:\program files\WinDirStat
2010-08-30 03:23 . 2010-08-08 22:57 -------- d-----w- c:\users\Madzy\AppData\Roaming\Windows Live Writer
2010-08-29 23:41 . 2010-08-29 23:41 35328 ----a-r- c:\users\Madzy\AppData\Roaming\Microsoft\Installer\{3CFCDC11-4584-464B-9194-594D6E1CB246}\Icon3CFCDC11.exe
2010-08-29 23:41 . 2010-08-29 23:41 -------- d-----w- c:\program files\MySurvey Messenger
2010-08-28 18:32 . 2010-07-05 00:40 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-08-28 00:57 . 2010-08-28 00:57 -------- d-----w- c:\users\Madzy\AppData\Roaming\Malwarebytes
2010-08-28 00:57 . 2010-08-28 00:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-28 00:57 . 2010-08-28 00:57 -------- d-----w- c:\programdata\Malwarebytes
2010-08-27 13:02 . 2010-07-05 00:41 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-08-27 12:56 . 2010-08-28 18:32 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-08-27 12:56 . 2010-08-28 18:32 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-08-25 23:29 . 2010-08-25 23:29 54784 ----a-w- c:\users\Madzy\AppData\Roaming\IMVUClient\ui\plugins\nphwndproxy.dll
2010-08-25 23:29 . 2010-08-25 23:29 46592 ----a-w- c:\users\Madzy\AppData\Roaming\IMVUClient\ui\plugins\npvivoxproxy.dll
2010-08-25 23:28 . 2010-08-25 23:28 297984 ----a-w- c:\users\Madzy\AppData\Roaming\IMVUClient\cal3d.dll
2010-08-24 20:36 . 2010-07-11 13:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-24 20:36 . 2010-07-11 13:46 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-24 20:35 . 2010-08-24 20:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-24 20:35 . 2010-07-05 00:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 20:26 . 2010-08-24 20:24 -------- d-----w- c:\program files\MagicDisc
2010-08-24 20:13 . 2010-08-24 20:13 -------- d-----w- c:\program files\Activision
2010-08-20 15:31 . 2010-08-20 15:31 187816 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-20 15:31 . 2010-07-05 20:28 -------- d-----w- c:\users\Madzy\AppData\Roaming\Apple Computer
2010-08-20 15:20 . 2010-08-20 15:20 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-12 19:55 . 2010-08-12 19:55 -------- d-----w- c:\program files\Babylon
2010-08-09 15:03 . 2010-08-09 15:03 -------- d-----w- c:\program files\Storybook
2010-08-01 14:51 . 2010-07-13 20:42 108824 ----a-w- c:\users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-29 06:30 . 2010-08-11 15:54 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 15:54 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 23:15 . 2010-07-27 23:15 82774 ----a-w- c:\windows\Uninstall Jade Empire.exe
2010-07-27 17:44 . 2010-07-27 17:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 17:44 . 2010-07-27 17:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 17:44 . 2010-07-27 17:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 17:44 . 2010-07-27 17:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-21 20:17 . 2010-07-21 20:19 111310 ----a-w- c:\windows\system32\prfi0804.dat
2010-07-21 20:17 . 2010-07-21 20:19 31548 ----a-w- c:\windows\system32\prfd0804.dat
2010-07-21 20:17 . 2010-07-21 20:18 31548 ----a-w- c:\windows\Inf\PERFLIB\0804\perfd.dat
2010-07-21 20:17 . 2010-07-21 20:18 31548 ----a-w- c:\windows\Inf\PERFLIB\0804\perfc.dat
2010-07-21 20:17 . 2010-07-21 20:18 111310 ----a-w- c:\windows\Inf\PERFLIB\0804\perfi.dat
2010-07-21 20:17 . 2010-07-21 20:18 111310 ----a-w- c:\windows\Inf\PERFLIB\0804\perfh.dat
2010-07-21 19:42 . 2010-07-21 19:43 298300 ----a-w- c:\windows\system32\perfi014.dat
2010-07-21 19:42 . 2010-07-21 19:43 36156 ----a-w- c:\windows\system32\perfd014.dat
2010-07-21 19:42 . 2010-07-21 19:43 36156 ----a-w- c:\windows\Inf\PERFLIB\0414\perfd.dat
2010-07-21 19:42 . 2010-07-21 19:43 36156 ----a-w- c:\windows\Inf\PERFLIB\0414\perfc.dat
2010-07-21 19:42 . 2010-07-21 19:43 298300 ----a-w- c:\windows\Inf\PERFLIB\0414\perfi.dat
2010-07-21 19:42 . 2010-07-21 19:43 298300 ----a-w- c:\windows\Inf\PERFLIB\0414\perfh.dat
2010-07-21 19:33 . 2010-07-21 19:36 295922 ----a-w- c:\windows\system32\perfi007.dat
2010-07-21 19:33 . 2010-07-21 19:36 38104 ----a-w- c:\windows\system32\perfd007.dat
2010-07-21 19:33 . 2010-07-21 19:34 38104 ----a-w- c:\windows\Inf\PERFLIB\0407\perfd.dat
2010-07-21 19:33 . 2010-07-21 19:34 38104 ----a-w- c:\windows\Inf\PERFLIB\0407\perfc.dat
2010-07-21 19:33 . 2010-07-21 19:34 295922 ----a-w- c:\windows\Inf\PERFLIB\0407\perfi.dat
2010-07-21 19:33 . 2010-07-21 19:34 295922 ----a-w- c:\windows\Inf\PERFLIB\0407\perfh.dat
2010-07-17 04:00 . 2010-07-11 21:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 15:06 . 2010-07-16 15:06 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-12 12:52 . 2010-07-12 12:52 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files\IMVU_Inc\tbIMV1.dll" [2010-09-11 2735200]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-06-13 18:10 2734688 ----a-w- c:\program files\Zynga\tbZyng.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
2010-09-11 13:54 2735200 ----a-w- c:\program files\IMVU_Inc\tbIMV1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files\IMVU_Inc\tbIMV1.dll" [2010-09-11 2735200]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688]
"{90B49673-5506-483E-B92B-CA0265BD9CA8}"= "c:\program files\IMVU_Inc\tbIMV1.dll" [2010-09-11 2735200]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

c:\users\Madzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-8-24 576000]
MySurvey Messenger.lnk - c:\users\Madzy\AppData\Roaming\Microsoft\Installer\{3CFCDC11-4584-464B-9194-594D6E1CB246}\Icon3CFCDC11.exe [2010-8-30 35328]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Madzy\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-05 1343400]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-08-27 1051968]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1240005926-99492120-819423886-1001Core.job
- c:\users\Madzy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-05 01:13]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1240005926-99492120-819423886-1001UA.job
- c:\users\Madzy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-05 01:13]

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1240005926-99492120-819423886-1003Core.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-01 14:51]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1240005926-99492120-819423886-1003UA.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-01 14:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Madzy\AppData\Roaming\Mozilla\Firefox\Profiles\bjbs7wdb.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Madzy\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Madzy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{193d7001-bd9f-48c2-b5c7-69775aa2201d} - (no file)
WebBrowser-{193D7001-BD9F-48C2-B5C7-69775AA2201D} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1240005926-99492120-819423886-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:51,4b,5c,08,e9,d5,4a,fb,aa,b8,9e,69,3d,94,dc,76,05,b8,89,a9,d4,ef,53,
08,0a,86,72,dc,0a,20,aa,7d,f3,64,98,43,a2,55,f0,b0,c4,2b,7b,1e,e9,1f,f6,ca,\
"??"=hex:f2,ac,1a,b1,36,f6,3f,7b,6e,d0,6a,09,da,89,86,28

[HKEY_USERS\S-1-5-21-1240005926-99492120-819423886-1001\Software\SecuROM\License information*]
"datasecu"=hex:3b,a2,cc,98,29,fd,81,68,c5,c6,04,10,c1,2c,d3,42,e5,93,42,32,3e,
ed,e0,2c,e1,63,1a,fe,e0,9d,bc,b9,ee,ea,08,45,c2,df,c3,27,fd,71,23,5e,c7,b9,\
"rkeysecu"=hex:1c,a8,5a,78,ee,cc,61,46,21,a2,d4,4a,38,30,f3,d9

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-06 12:34:10
ComboFix-quarantined-files.txt 2010-10-06 11:34

Pre-Run: 26,488,647,680 bytes free
Post-Run: 26,482,827,264 bytes free

- - End Of File - - C582CCCEE625092BF35DE4F1B6FB3BE7

Posted Image


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:36 AM

Posted 06 October 2010 - 07:34 AM

Hi,

how is your PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Tomie

Tomie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow
  • Local time:09:36 AM

Posted 06 October 2010 - 01:54 PM

Hallo, just logged on and first thing to pop up was the so called antivirus message. I will get a screenshot next time it happens, perhaps it'll give you better info. Is there anything else I should do?

Tomie

Posted Image


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:36 AM

Posted 07 October 2010 - 04:12 AM

Hi,

please run a scan with Kaspersky too, so that we can see if there are other infected files:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Tomie

Tomie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow
  • Local time:09:36 AM

Posted 09 October 2010 - 01:42 PM

Hi Myrti, sorry about the delay. Here's the report.

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, October 9, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 09, 2010 08:16:29
Records in database: 4230446
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics
Objects scanned 206126
Threats found 1
Infected objects found 1
Suspicious objects found 0
Scan duration 03:39:39

File name Threat Threats count
C:\Users\Madzy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\29aba03e-131e4218 Infected: Trojan-Downloader.Java.Agent.hi 1
Selected area has been scanned.

Posted Image


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:36 AM

Posted 11 October 2010 - 05:06 AM

Hi,

this is looking good, Have you had any more popups?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Tomie

Tomie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow
  • Local time:09:36 AM

Posted 11 October 2010 - 11:04 AM

No pop ups, but I do keep getting random pages opening when I'm doing a Google search, something along the lines of Googleanalytics.com.
Other than that, things seem to be on the up! thumbup.gif

Posted Image


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:36 AM

Posted 14 October 2010 - 06:24 AM

Hi,

do you use a router to go online? Are other PCs using the same router also experiencing issues?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Tomie

Tomie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow
  • Local time:09:36 AM

Posted 15 October 2010 - 04:04 PM

Hi, apologies for the delay. I use a wireless router, and it's only the laptop and iPod touch. It seems to be affecting both, but more so the laptop.

Posted Image


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:36 AM

Posted 16 October 2010 - 11:46 AM

Hi,

coudl you reset the router? Do you have a way of using the internet without using the router?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Tomie

Tomie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glasgow
  • Local time:09:36 AM

Posted 16 October 2010 - 10:13 PM

Hi,

I cannot access the internet without the router. Ive tried resetting it but the same thing happens. And now I can't seem to sign to sign in to iGoogle.

Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users