Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Malware Problems (google redirect, antviri program posing fake virus's, maybe more)


  • This topic is locked This topic is locked
16 replies to this topic

#1 GodlikeRoy

GodlikeRoy

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 23 October 2010 - 08:57 PM

Hi,

I believe I have some malware (and possibly a trojan horse) effecting my PC. One problem that occurs is when I try to search on google, sometimes clicking a result re-directs me to a search engine page or some other type of spam site.

Another issue I have had recently is where a fake anti virus program pops up (and closes all my running programs, such as chrome and even task manager if I try to open it) and then tells me I need to buy a specific anti virus program to get rid of it. I believe it is called something like "antiviri" or some variation of that.

I ran malwarebytes anti-malware and it found quite a few things to remove, however these issues have remained.

I also received some sort of warning from my anti virus program telling me I had a trojan horse which worries me as I have sensitive information on this computer. I changed my passwords from my clean laptop and haven't used this computer to access anything sensitive again, but I would like to know if it's possible to do so or if I need to do a clean format. I'm not 100% sure that what I had was a trojan horse (it may have been a fake program again) but I don't want to risk it without being certain.

Here is my DDS log:



DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by User at 12:37:19.06 on Sun 24/10/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.8189.4838 [GMT 11:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\splwow64.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Users\User\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:29775
mWinlogon: Userinit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {AE3E8210-B33F-49C1-B4E2-860F5F4D732F} - hxxps://kvm.wahw.com.au/dsview/applets/viewerLauncher.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk
IE-X64: {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk
AppInit_DLLs-X64: avgrssta.dll
Hosts: 212.117.178.25 www.google.com
Hosts: 212.117.163.43 search.yahoo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3bhtxwio.default\
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {0C3E9453-0E01-415B-A9F8-33544F72F101} - C:\Users\User\AppData\Local\{0C3E9453-0E01-415B-A9F8-33544F72F101}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-8-12 69152]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-9-5 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-5 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-9-5 317520]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-4-29 203264]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-9-5 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-7-12 1357464]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-3-13 65536]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 GEST Service;GEST Service for program management.;C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-8-28 80392]
S3 B-Service;B-Service;C:\Users\User\AppData\Roaming\Mikogo\B-Service.exe [2010-3-23 185640]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-11-4 25832]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-12 16928]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2009-9-3 11776]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2010-5-6 235008]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2010-5-6 199552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-4 89920]

=============== Created Last 30 ================

2010-10-14 21:45:59 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-14 21:45:59 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-14 21:45:59 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-14 21:45:59 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-14 21:45:59 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-14 21:45:59 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-10-14 21:45:58 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-10-14 21:45:58 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-10-14 21:45:56 343040 ----a-w- C:\Windows\System32\schannel.dll
2010-10-14 21:45:56 274944 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-14 21:45:55 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-14 21:45:55 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-10-13 15:35:06 -------- d-----w- C:\Users\User\AppData\Local\TechSmith
2010-10-13 12:47:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-13 12:47:53 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-11 16:16:53 -------- d-----w- C:\Users\User\AppData\Roaming\postgresql
2010-10-11 07:41:11 -------- d-----w- C:\HMArchive
2010-10-06 16:14:46 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2010-10-06 16:14:33 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-06 16:14:32 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-06 16:14:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-06 16:14:32 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-06 16:01:59 133 ----a-w- C:\Users\User\AppData\Roaming\asdsada.bat
2010-09-30 13:33:16 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2010-09-30 13:32:46 -------- d-----w- C:\Program Files (x86)\DivX
2010-09-30 13:31:47 -------- d-----w- C:\PROGRA~3\DivX
2010-09-29 11:37:53 3518464 ----a-w- C:\Windows\SysWow64\cdintf300.dll
2010-09-29 11:37:53 1843200 ----a-w- C:\Windows\SysWow64\acXMLParser.dll
2010-09-29 11:37:46 -------- d-----w- C:\Program Files (x86)\Common Files\Palo Alto Software
2010-09-29 11:37:40 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2010-09-29 11:37:38 -------- d-----w- C:\Program Files (x86)\Quicken
2010-09-29 11:37:10 -------- d-----w- C:\Program Files (x86)\Business Objects
2010-09-29 11:37:09 -------- d-----w- C:\Program Files (x86)\Common Files\Business Objects
2010-09-29 11:33:15 -------- d-----w- C:\Program Files\Elite
2010-09-29 11:15:29 -------- d-----w- C:\Program Files (x86)\Common Files\Config
2010-09-29 11:14:53 -------- d-----w- C:\Program Files (x86)\Common Files\Inet
2010-09-29 11:06:44 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2010-09-29 11:06:40 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-09-29 11:06:40 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-09-29 11:06:40 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-09-29 11:06:39 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-09-29 11:06:38 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-09-29 11:06:38 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-09-29 11:06:38 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-09-29 11:03:54 -------- d-----w- C:\Users\User\AppData\Roaming\Intuit
2010-09-29 11:03:10 -------- d-----w- C:\PROGRA~3\Intuit
2010-09-29 10:53:58 828912 ----a-w- C:\Windows\System32\drivers\sptd.sys
2010-09-29 10:53:34 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2010-09-29 10:53:16 -------- d-----w- C:\Users\User\AppData\Roaming\DAEMON Tools Pro
2010-09-29 10:53:16 -------- d-----w- C:\PROGRA~3\DAEMON Tools Pro
2010-09-28 22:32:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-28 22:32:26 2048 ----a-w- C:\Windows\System32\tzres.dll

==================== Find3M ====================

2010-10-20 10:14:42 20544 ----a-w- C:\Windows\gdrv.sys
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-08 19:23:12 1032192 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 17:50:13 485376 ----a-w- C:\Windows\System32\html.iec
2010-09-08 17:23:42 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2010-09-08 17:07:35 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 16:43:11 86528 ----a-w- C:\Windows\System32\ieencode.dll
2010-09-08 15:23:27 389632 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-04 22:12:16 13048 ----a-w- C:\Windows\System32\avgrssta.dll
2010-09-04 22:12:14 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-09-04 22:12:09 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-09-04 22:12:08 35536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2010-08-31 17:27:07 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 15:46:37 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 17:46:52 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 16:37:45 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-09 19:15:58 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-08-09 19:15:58 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-07-27 08:55:50 95520 ----a-w- C:\Windows\System32\dnssd.dll
2010-07-27 08:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2010-07-27 08:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2010-07-27 08:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

============= FINISH: 12:37:52.48 ===============


I have attached the "attach.txt" file.

When I tried to run the GMER program I got the following window (with most options grey'd out):

Posted Image

So I did not scan it. If you can tell me how to proceed I would appreciate it.

Thanks,

Roy

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:14 PM

Posted 01 November 2010 - 08:59 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 GodlikeRoy

GodlikeRoy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 01 November 2010 - 09:39 PM

Hi m0le,

I'm here :)

Awaiting instructions.

Thanks!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:14 PM

Posted 02 November 2010 - 11:38 AM

Okay, Godlike.

Please run TDSSKiller so we can see if there's rootkit activity here. Redirects at the moment are all coming through rootkits.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 GodlikeRoy

GodlikeRoy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 02 November 2010 - 02:56 PM

Hi,

There were no infections found. Here is the log:


2010/11/03 06:54:50.0801 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/03 06:54:50.0801 ================================================================================
2010/11/03 06:54:50.0801 SystemInfo:
2010/11/03 06:54:50.0801
2010/11/03 06:54:50.0801 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/03 06:54:50.0801 Product type: Workstation
2010/11/03 06:54:50.0801 ComputerName: USER-PC
2010/11/03 06:54:50.0801 UserName: User
2010/11/03 06:54:50.0801 Windows directory: C:\Windows
2010/11/03 06:54:50.0802 System windows directory: C:\Windows
2010/11/03 06:54:50.0802 Running under WOW64
2010/11/03 06:54:50.0802 Processor architecture: Intel x64
2010/11/03 06:54:50.0802 Number of processors: 4
2010/11/03 06:54:50.0802 Page size: 0x1000
2010/11/03 06:54:50.0802 Boot type: Normal boot
2010/11/03 06:54:50.0802 ================================================================================
2010/11/03 06:54:50.0802 Utility is running under WOW64
2010/11/03 06:54:51.0669 Initialize success
2010/11/03 06:54:56.0473 ================================================================================
2010/11/03 06:54:56.0473 Scan started
2010/11/03 06:54:56.0473 Mode: Manual;
2010/11/03 06:54:56.0473 ================================================================================
2010/11/03 06:54:57.0701 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/11/03 06:54:57.0755 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/11/03 06:54:57.0811 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/11/03 06:54:57.0836 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/11/03 06:54:57.0859 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/11/03 06:54:57.0929 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/11/03 06:54:57.0961 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/11/03 06:54:58.0010 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/11/03 06:54:58.0041 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2010/11/03 06:54:58.0090 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/11/03 06:54:58.0119 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/11/03 06:54:58.0299 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/03 06:54:58.0496 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/11/03 06:54:58.0615 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/11/03 06:54:58.0641 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/11/03 06:54:58.0677 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/03 06:54:58.0740 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/11/03 06:54:58.0761 AtiHdmiService (5f09d597f82923c76c2fed740a95ab9e) C:\Windows\system32\drivers\AtiHdmi.sys
2010/11/03 06:54:58.0891 atikmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/03 06:54:58.0999 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
2010/11/03 06:54:59.0035 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\system32\Drivers\avgmfx64.sys
2010/11/03 06:54:59.0053 AvgTdiA (ce90aec358a809e7bce6bb0f1da84622) C:\Windows\system32\Drivers\avgtdia.sys
2010/11/03 06:54:59.0092 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/11/03 06:54:59.0128 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/03 06:54:59.0157 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/03 06:54:59.0175 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/11/03 06:54:59.0203 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/11/03 06:54:59.0240 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/11/03 06:54:59.0266 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/03 06:54:59.0279 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/11/03 06:54:59.0306 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/11/03 06:54:59.0338 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/03 06:54:59.0404 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/03 06:54:59.0446 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2010/11/03 06:54:59.0497 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/11/03 06:54:59.0560 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/11/03 06:54:59.0597 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2010/11/03 06:54:59.0626 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/03 06:54:59.0716 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
2010/11/03 06:54:59.0803 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/11/03 06:54:59.0860 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/11/03 06:54:59.0935 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/11/03 06:55:00.0003 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/03 06:55:00.0032 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/11/03 06:55:00.0060 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/11/03 06:55:00.0118 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/11/03 06:55:00.0155 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/11/03 06:55:00.0193 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/11/03 06:55:00.0233 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/11/03 06:55:00.0262 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/03 06:55:00.0295 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/11/03 06:55:00.0323 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/11/03 06:55:00.0380 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/03 06:55:00.0425 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/11/03 06:55:00.0473 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/03 06:55:00.0499 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/03 06:55:00.0659 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
2010/11/03 06:55:00.0769 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/11/03 06:55:00.0830 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2010/11/03 06:55:00.0899 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/03 06:55:00.0935 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/11/03 06:55:00.0954 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2010/11/03 06:55:01.0003 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/03 06:55:01.0063 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/11/03 06:55:01.0120 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/11/03 06:55:01.0174 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/11/03 06:55:01.0206 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/03 06:55:01.0244 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/11/03 06:55:01.0286 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/11/03 06:55:01.0353 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys
2010/11/03 06:55:01.0424 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/11/03 06:55:01.0455 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/03 06:55:01.0499 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/03 06:55:01.0568 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/03 06:55:01.0617 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/03 06:55:01.0662 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/11/03 06:55:01.0707 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/11/03 06:55:01.0749 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/03 06:55:01.0782 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/11/03 06:55:01.0824 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/11/03 06:55:01.0867 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/03 06:55:01.0932 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/03 06:55:01.0999 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/03 06:55:02.0019 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/11/03 06:55:02.0134 Lavasoft Kernexplorer (2002853cf2c6328cb6f6fc9dd14393ca) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
2010/11/03 06:55:02.0181 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
2010/11/03 06:55:02.0204 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/03 06:55:02.0257 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/03 06:55:02.0278 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/03 06:55:02.0301 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/03 06:55:02.0330 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/11/03 06:55:02.0394 massfilter (b5e86524918ef32b32d1032e0c8e92a3) C:\Windows\system32\drivers\massfilter.sys
2010/11/03 06:55:02.0426 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/11/03 06:55:02.0473 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/11/03 06:55:02.0519 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/11/03 06:55:02.0555 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/03 06:55:02.0582 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/03 06:55:02.0603 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/03 06:55:02.0630 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/11/03 06:55:02.0672 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/11/03 06:55:02.0705 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/03 06:55:02.0744 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/03 06:55:02.0780 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/03 06:55:02.0832 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/03 06:55:02.0892 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/03 06:55:02.0915 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/03 06:55:02.0941 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2010/11/03 06:55:02.0964 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/11/03 06:55:02.0987 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/11/03 06:55:03.0023 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/11/03 06:55:03.0041 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/03 06:55:03.0077 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/03 06:55:03.0097 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/11/03 06:55:03.0178 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/11/03 06:55:03.0203 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/03 06:55:03.0235 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/11/03 06:55:03.0282 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/11/03 06:55:03.0330 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/03 06:55:03.0388 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/11/03 06:55:03.0422 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/03 06:55:03.0457 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/03 06:55:03.0665 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/03 06:55:03.0687 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/11/03 06:55:03.0703 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/03 06:55:03.0752 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/03 06:55:03.0802 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/11/03 06:55:03.0833 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/11/03 06:55:03.0874 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/03 06:55:03.0951 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/11/03 06:55:03.0992 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/11/03 06:55:04.0057 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/11/03 06:55:04.0092 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/11/03 06:55:04.0124 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/11/03 06:55:04.0232 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/03 06:55:04.0285 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/11/03 06:55:04.0310 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/11/03 06:55:04.0423 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/11/03 06:55:04.0459 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2010/11/03 06:55:04.0493 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/11/03 06:55:04.0544 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/11/03 06:55:04.0660 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/03 06:55:04.0693 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/11/03 06:55:04.0752 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/03 06:55:04.0807 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/11/03 06:55:04.0872 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/11/03 06:55:04.0908 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/03 06:55:04.0931 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/03 06:55:04.0946 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/03 06:55:05.0000 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/03 06:55:05.0058 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/03 06:55:05.0093 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/03 06:55:05.0126 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/03 06:55:05.0161 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/11/03 06:55:05.0176 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/03 06:55:05.0219 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/11/03 06:55:05.0259 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/03 06:55:05.0298 RTL8169 (82b66abf055611024e5dbb9fa556c11d) C:\Windows\system32\DRIVERS\Rtlh64.sys
2010/11/03 06:55:05.0337 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/11/03 06:55:05.0384 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/03 06:55:05.0410 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/03 06:55:05.0429 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2010/11/03 06:55:05.0458 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/11/03 06:55:05.0492 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2010/11/03 06:55:05.0510 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/03 06:55:05.0527 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/03 06:55:05.0548 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/11/03 06:55:05.0578 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/11/03 06:55:05.0606 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/11/03 06:55:05.0670 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/11/03 06:55:05.0730 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/11/03 06:55:05.0808 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\System32\Drivers\sptd.sys
2010/11/03 06:55:05.0879 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2010/11/03 06:55:05.0910 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/03 06:55:05.0934 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/03 06:55:05.0991 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/03 06:55:06.0055 swmsflt (c03779ec476f8f30a9cfcde046ba6b28) C:\Windows\system32\DRIVERS\swmsflt.sys
2010/11/03 06:55:06.0132 SWNC8UA3 (6a7174f929b326cbfae9227aa13652c2) C:\Windows\system32\DRIVERS\swnc8ua3.sys
2010/11/03 06:55:06.0175 SWUMXA3 (6149b0691beb390a0bda3a8e90787fd4) C:\Windows\system32\DRIVERS\swumxa3.sys
2010/11/03 06:55:06.0202 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/11/03 06:55:06.0227 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/11/03 06:55:06.0254 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/11/03 06:55:06.0338 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/11/03 06:55:06.0405 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/03 06:55:06.0465 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/03 06:55:06.0494 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/11/03 06:55:06.0516 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/11/03 06:55:06.0574 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/03 06:55:06.0632 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/03 06:55:06.0676 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/03 06:55:06.0698 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/03 06:55:06.0745 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/03 06:55:06.0802 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/11/03 06:55:06.0849 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/03 06:55:06.0894 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/03 06:55:06.0920 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/11/03 06:55:06.0950 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/11/03 06:55:06.0980 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/11/03 06:55:07.0021 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/03 06:55:07.0080 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2010/11/03 06:55:07.0152 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2010/11/03 06:55:07.0190 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/03 06:55:07.0227 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/11/03 06:55:07.0276 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/03 06:55:07.0300 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/03 06:55:07.0338 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/11/03 06:55:07.0372 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/03 06:55:07.0429 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/03 06:55:07.0486 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/03 06:55:07.0500 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/03 06:55:07.0547 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/03 06:55:07.0591 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/11/03 06:55:07.0624 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/11/03 06:55:07.0676 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/11/03 06:55:07.0730 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/11/03 06:55:07.0800 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/11/03 06:55:07.0840 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/11/03 06:55:07.0881 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/11/03 06:55:07.0956 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/03 06:55:07.0969 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/03 06:55:08.0009 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/11/03 06:55:08.0049 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/03 06:55:08.0162 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2010/11/03 06:55:08.0223 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/03 06:55:08.0257 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/03 06:55:08.0319 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/03 06:55:08.0387 ZTEusbmdm6k (af7abb82478baa645fffa236ffddf71b) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2010/11/03 06:55:08.0434 ZTEusbnmea (af7abb82478baa645fffa236ffddf71b) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2010/11/03 06:55:08.0508 ================================================================================
2010/11/03 06:55:08.0508 Scan finished
2010/11/03 06:55:08.0508 ================================================================================


Thanks,

Roy

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:14 PM

Posted 02 November 2010 - 03:05 PM

That's good. Please run OTL so we can start clearing out the malware

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#7 GodlikeRoy

GodlikeRoy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 02 November 2010 - 05:46 PM

OTL logfile created on: 3/11/2010 9:41:32 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 63.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 345.12 Gb Free Space | 37.05% Space Free | Partition Type: NTFS
Drive D: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 1863.01 Gb Total Space | 967.68 Gb Free Space | 51.94% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\User\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)


========== Modules (SafeList) ==========

MOD - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TVersityMediaServer) -- C:\Users\User\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (B-Service) -- C:\Users\User\AppData\Roaming\Mikogo\B-Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (pgsql-8.3) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\Windows\SysNative\DRIVERS\swnc8ua3.sys (Sierra Wireless Inc.)
DRV:64bit: - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\Windows\SysNative\DRIVERS\swumxa3.sys (Sierra Wireless Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\DRIVERS\swmsflt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 8E D6 A5 E8 76 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {0C3E9453-0E01-415B-A9F8-33544F72F101}:1.9.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.863
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 04:00:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0C3E9453-0E01-415B-A9F8-33544F72F101}: C:\Users\User\AppData\Local\{0C3E9453-0E01-415B-A9F8-33544F72F101} [2010/08/10 09:51:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/10/27 08:40:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 09:44:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/01 05:34:31 | 000,000,000 | ---D | M]

[2010/08/14 08:25:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2010/08/14 08:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/27 09:49:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3bhtxwio.default\extensions
[2010/08/16 09:39:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3bhtxwio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/27 09:49:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/28 09:44:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/13 23:47:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/28 09:44:31 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/10/28 09:44:31 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/28 09:44:32 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/10/25 12:53:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/10/25 12:53:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/10/25 12:53:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/10/25 12:53:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/10/25 12:53:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/10/25 12:53:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/10/25 12:53:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/10/14 11:28:37 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/10/14 11:28:37 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/10/14 11:28:37 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/10/14 11:28:37 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/10/14 11:28:37 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/10/14 11:28:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/10/14 11:28:37 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/19 08:37:24 | 000,000,825 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 212.117.178.25 www.google.com
O1 - Hosts: 212.117.163.43 search.yahoo.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {AE3E8210-B33F-49C1-B4E2-860F5F4D732F} https://kvm.wahw.com.au/dsview/applets/viewerLauncher.cab (Avocent DSView Session Launcher Control)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra64.exe) - C:\Windows\SysWow64\sdra64.exe File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 20:02:01 | 000,000,055 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{14fa2b44-1ede-11df-98a2-001fd02285c5}\Shell - "" = AutoRun
O33 - MountPoints2\{14fa2b44-1ede-11df-98a2-001fd02285c5}\Shell\AutoRun\command - "" = E:\ONSPCLCK.exe -- File not found
O33 - MountPoints2\{455ce3fc-5394-11df-91bc-001d7d0357a5}\Shell - "" = AutoRun
O33 - MountPoints2\{455ce3fc-5394-11df-91bc-001d7d0357a5}\Shell\AutoRun\command - "" = E:\WIN\setup.exe -- File not found
O33 - MountPoints2\{5481f703-939e-11de-910b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5481f703-939e-11de-910b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\BlueBirds.exe -- [2009/04/29 20:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O33 - MountPoints2\{65ce7b8c-cbb8-11df-a465-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{65ce7b8c-cbb8-11df-a465-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/03 09:09:35 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/11/03 06:54:01 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\TDSSKiller.exe
[2010/11/02 13:42:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla-Cache
[2010/11/02 13:40:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\P5
[2010/11/02 13:40:31 | 000,000,000 | ---D | C] -- C:\Betfair
[2010/10/29 21:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TableNinjaFT
[2010/10/29 17:32:47 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\HHs
[2010/10/28 10:28:38 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/10/28 10:28:38 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/10/28 10:28:35 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/10/27 19:02:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/10/27 19:02:11 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/27 19:02:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/27 19:02:11 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/27 19:02:10 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/27 19:02:10 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/27 19:02:10 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/27 19:02:10 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/27 19:02:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/27 19:02:10 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/27 19:02:10 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/27 19:02:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/27 19:02:09 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/27 19:02:09 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/27 19:02:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/10/27 19:02:09 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/10/27 19:02:09 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/10/27 19:02:09 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/10/27 19:02:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/10/27 19:02:09 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/10/27 19:02:09 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/10/27 19:02:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/10/27 19:02:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/10/27 19:02:09 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/10/27 19:02:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/27 19:02:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/27 19:02:08 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/10/27 19:02:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/10/27 18:52:12 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2010/10/27 18:52:12 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2010/10/27 18:52:12 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2010/10/27 18:52:12 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2010/10/27 18:52:12 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2010/10/27 18:52:12 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2010/10/27 18:52:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2010/10/27 18:52:12 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2010/10/27 18:52:12 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\corpol.dll
[2010/10/27 18:52:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll
[2010/10/27 18:52:11 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2010/10/27 18:52:11 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2010/10/27 18:52:11 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2010/10/27 18:52:10 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2010/10/27 18:52:09 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/10/27 18:52:09 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2010/10/27 18:52:09 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2010/10/27 18:52:09 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2010/10/27 18:52:09 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2010/10/27 18:52:09 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2010/10/27 18:52:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2010/10/27 18:52:08 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2010/10/27 18:52:08 | 000,481,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/10/27 18:52:08 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2010/10/27 18:52:08 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2010/10/27 18:52:08 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2010/10/27 18:52:08 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2010/10/27 18:52:07 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2010/10/27 18:52:07 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2010/10/27 18:52:07 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/10/27 18:52:07 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2010/10/27 18:52:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2010/10/27 18:52:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2010/10/27 18:52:07 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2010/10/27 18:52:07 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2010/10/27 18:52:06 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinFXDocObj.exe
[2010/10/27 18:52:06 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe
[2010/10/27 18:52:06 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PDMSetup.exe
[2010/10/27 18:52:06 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2010/10/27 18:52:06 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2010/10/27 18:52:06 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetDepNx.exe
[2010/10/27 18:52:06 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2010/10/27 18:52:06 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2010/10/27 18:52:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2010/10/27 18:52:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2010/10/27 18:52:05 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010/10/27 18:52:05 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2010/10/27 18:52:05 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2010/10/27 18:52:05 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2010/10/27 18:52:05 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe
[2010/10/27 18:52:05 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2010/10/27 18:52:05 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2010/10/27 18:52:05 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
[2010/10/27 18:32:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/10/27 13:50:31 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/27 13:50:31 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/27 13:50:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/27 13:50:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/27 13:50:30 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/27 13:50:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/25 12:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/25 12:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/25 12:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/10/25 10:59:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\sabnzbd
[2010/10/25 10:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SABnzbd
[2010/10/15 08:47:15 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/15 08:47:12 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/15 08:47:12 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/15 08:47:11 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/15 08:47:11 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/15 08:47:09 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/15 08:47:06 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/15 08:47:06 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/15 08:46:54 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/15 08:46:51 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/15 08:46:48 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/15 08:46:48 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/15 08:45:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/15 08:45:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/15 08:45:58 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/15 08:45:58 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/15 08:45:55 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/15 08:45:55 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 02:35:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\TechSmith
[2010/10/14 00:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/10/13 23:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/13 23:47:53 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/13 23:47:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/13 23:47:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/13 23:47:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/12 03:16:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\postgresql
[2010/10/11 18:41:11 | 000,000,000 | ---D | C] -- C:\HMArchive
[2010/10/07 03:14:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2010/10/07 03:14:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/07 03:14:32 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/07 03:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/07 03:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2010/11/03 09:40:55 | 000,000,218 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2010/11/03 09:30:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3181894853-2755416274-3419462048-1000UA.job
[2010/11/03 09:30:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3181894853-2755416274-3419462048-1000Core.job
[2010/11/03 09:09:39 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/11/03 08:50:50 | 000,046,767 | ---- | M] () -- C:\Users\User\Desktop\betfair.JPG
[2010/11/03 08:36:20 | 067,098,201 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/11/03 08:14:02 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 08:14:02 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 06:25:26 | 000,102,811 | ---- | M] () -- C:\Users\User\Desktop\backtoevenFTP.jpg
[2010/11/02 20:04:37 | 004,510,858 | ---- | M] () -- C:\Users\User\Documents\Pianotarium-2005-David.Ari.Leon-The.Piano.Tribute.To.Pink.Floyd-01-comfortably_numb.mp3
[2010/11/02 20:04:23 | 000,007,532 | -HS- | M] () -- C:\Users\User\Documents\Folder.jpg
[2010/11/02 20:04:23 | 000,007,532 | -HS- | M] () -- C:\Users\User\Documents\AlbumArt_{4C08557B-C642-4BE9-954A-CA6B9EA954AD}_Large.jpg
[2010/11/02 20:04:21 | 000,002,099 | -HS- | M] () -- C:\Users\User\Documents\AlbumArtSmall.jpg
[2010/11/02 20:04:21 | 000,002,099 | -HS- | M] () -- C:\Users\User\Documents\AlbumArt_{4C08557B-C642-4BE9-954A-CA6B9EA954AD}_Small.jpg
[2010/11/02 19:14:03 | 000,096,256 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/02 17:30:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/11/02 16:46:23 | 000,105,897 | ---- | M] () -- C:\Users\User\Desktop\backtoevenBBs.jpg
[2010/11/02 16:44:02 | 000,110,458 | ---- | M] () -- C:\Users\User\Desktop\backtoeven.jpg
[2010/11/02 16:43:55 | 000,334,188 | ---- | M] () -- C:\Users\User\Desktop\back to even.emf
[2010/11/02 13:40:31 | 000,001,419 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Betfair Poker.lnk
[2010/11/02 13:40:31 | 000,001,393 | ---- | M] () -- C:\Users\Public\Desktop\Betfair Poker.lnk
[2010/11/02 10:20:48 | 000,002,591 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to HoldemManager.exe.lnk
[2010/11/02 10:19:35 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/02 10:19:35 | 000,611,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/02 10:19:35 | 000,109,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/02 10:14:09 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010/11/02 10:14:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/02 10:01:43 | 000,010,178 | ---- | M] () -- C:\Users\User\Documents\stats.xlsx
[2010/10/30 18:20:17 | 000,093,629 | ---- | M] () -- C:\Users\User\Desktop\aoigywa.jpg
[2010/10/30 18:04:56 | 000,046,826 | ---- | M] () -- C:\Users\User\Desktop\4549_1109137982929_1661228887_262247_7534910_n.jpg
[2010/10/30 18:00:33 | 000,083,532 | ---- | M] () -- C:\Users\User\Desktop\40392_139896952709061_100000662704149_241604_6093339_n.jpg
[2010/10/30 10:48:24 | 000,098,695 | ---- | M] () -- C:\Users\User\Desktop\FTP rigged.jpg
[2010/10/29 21:12:22 | 000,001,964 | ---- | M] () -- C:\Users\User\Desktop\TableNinjaFT.lnk
[2010/10/29 15:50:51 | 000,117,637 | ---- | M] () -- C:\Users\User\Desktop\Stake Results Graph.jpg
[2010/10/29 15:48:56 | 000,072,988 | ---- | M] () -- C:\Users\User\Desktop\Stake Result Stats.JPG
[2010/10/29 13:11:27 | 000,099,255 | ---- | M] () -- C:\Users\User\Desktop\MTD Oct 29.jpg
[2010/10/28 17:07:07 | 000,056,643 | ---- | M] () -- C:\Users\User\Desktop\Capture.JPG
[2010/10/28 17:06:19 | 000,118,987 | ---- | M] () -- C:\Users\User\Desktop\biggest vpp day.jpg
[2010/10/27 22:43:31 | 000,002,246 | ---- | M] () -- C:\Users\User\Desktop\TVersity.lnk
[2010/10/27 22:26:53 | 000,001,008 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/27 18:39:20 | 000,375,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/26 17:00:09 | 366,755,606 | ---- | M] () -- C:\Users\User\Documents\The.Good.Wife.S02E05.HDTV.XviD-LOL.avi
[2010/10/26 11:30:08 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\TDSSKiller.exe
[2010/10/25 13:47:55 | 000,012,292 | -H-- | M] () -- C:\Users\User\.DS_Store
[2010/10/25 13:47:45 | 000,006,148 | -H-- | M] () -- C:\Users\User\Documents\.DS_Store
[2010/10/25 10:59:50 | 000,000,909 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk
[2010/10/25 10:44:23 | 000,029,184 | -HS- | M] () -- C:\Windows\SysWow64\csncui.dll
[2010/10/25 10:44:23 | 000,000,618 | -HS- | M] () -- C:\Windows\SysWow64\2843344071
[2010/10/19 19:30:10 | 000,000,020 | ---- | M] () -- C:\Users\User\defogger_reenable
[2010/10/13 12:33:13 | 000,001,823 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
[2010/10/07 03:01:59 | 000,000,133 | ---- | M] () -- C:\Users\User\AppData\Roaming\asdsada.bat

========== Files Created - No Company Name ==========

[2010/11/03 09:40:55 | 000,000,218 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2010/11/03 08:50:48 | 000,046,767 | ---- | C] () -- C:\Users\User\Desktop\betfair.JPG
[2010/11/03 06:25:26 | 000,102,811 | ---- | C] () -- C:\Users\User\Desktop\backtoevenFTP.jpg
[2010/11/02 20:04:23 | 000,007,532 | -HS- | C] () -- C:\Users\User\Documents\AlbumArt_{4C08557B-C642-4BE9-954A-CA6B9EA954AD}_Large.jpg
[2010/11/02 20:04:23 | 000,002,099 | -HS- | C] () -- C:\Users\User\Documents\AlbumArt_{4C08557B-C642-4BE9-954A-CA6B9EA954AD}_Small.jpg
[2010/11/02 16:46:22 | 000,105,897 | ---- | C] () -- C:\Users\User\Desktop\backtoevenBBs.jpg
[2010/11/02 16:44:02 | 000,110,458 | ---- | C] () -- C:\Users\User\Desktop\backtoeven.jpg
[2010/11/02 16:43:55 | 000,334,188 | ---- | C] () -- C:\Users\User\Desktop\back to even.emf
[2010/11/02 13:40:31 | 000,001,419 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Betfair Poker.lnk
[2010/11/02 13:40:31 | 000,001,393 | ---- | C] () -- C:\Users\Public\Desktop\Betfair Poker.lnk
[2010/11/02 11:53:23 | 004,510,858 | ---- | C] () -- C:\Users\User\Documents\Pianotarium-2005-David.Ari.Leon-The.Piano.Tribute.To.Pink.Floyd-01-comfortably_numb.mp3
[2010/11/02 10:01:42 | 000,010,178 | ---- | C] () -- C:\Users\User\Documents\stats.xlsx
[2010/10/30 18:20:16 | 000,093,629 | ---- | C] () -- C:\Users\User\Desktop\aoigywa.jpg
[2010/10/30 18:04:58 | 000,046,826 | ---- | C] () -- C:\Users\User\Desktop\4549_1109137982929_1661228887_262247_7534910_n.jpg
[2010/10/30 18:00:37 | 000,083,532 | ---- | C] () -- C:\Users\User\Desktop\40392_139896952709061_100000662704149_241604_6093339_n.jpg
[2010/10/30 10:48:24 | 000,098,695 | ---- | C] () -- C:\Users\User\Desktop\FTP rigged.jpg
[2010/10/29 21:12:22 | 000,001,964 | ---- | C] () -- C:\Users\User\Desktop\TableNinjaFT.lnk
[2010/10/29 15:50:51 | 000,117,637 | ---- | C] () -- C:\Users\User\Desktop\Stake Results Graph.jpg
[2010/10/29 15:48:54 | 000,072,988 | ---- | C] () -- C:\Users\User\Desktop\Stake Result Stats.JPG
[2010/10/29 13:11:26 | 000,099,255 | ---- | C] () -- C:\Users\User\Desktop\MTD Oct 29.jpg
[2010/10/28 17:06:41 | 000,056,643 | ---- | C] () -- C:\Users\User\Desktop\Capture.JPG
[2010/10/27 22:43:31 | 000,002,246 | ---- | C] () -- C:\Users\User\Desktop\TVersity.lnk
[2010/10/27 22:40:28 | 366,755,606 | ---- | C] () -- C:\Users\User\Documents\The.Good.Wife.S02E05.HDTV.XviD-LOL.avi
[2010/10/27 19:02:09 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/10/27 19:02:09 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/10/27 17:36:08 | 000,118,987 | ---- | C] () -- C:\Users\User\Desktop\biggest vpp day.jpg
[2010/10/25 13:47:16 | 000,006,148 | -H-- | C] () -- C:\Users\User\Documents\.DS_Store
[2010/10/25 10:59:50 | 000,000,909 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk
[2010/10/25 10:44:23 | 000,029,184 | -HS- | C] () -- C:\Windows\SysWow64\csncui.dll
[2010/10/25 10:44:23 | 000,000,618 | -HS- | C] () -- C:\Windows\SysWow64\2843344071
[2010/10/19 19:30:10 | 000,000,020 | ---- | C] () -- C:\Users\User\defogger_reenable
[2010/10/13 12:33:13 | 000,001,823 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
[2010/10/07 03:01:59 | 000,000,133 | ---- | C] () -- C:\Users\User\AppData\Roaming\asdsada.bat
[2010/09/29 22:03:32 | 000,000,149 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/08/10 09:51:50 | 000,000,120 | ---- | C] () -- C:\Users\User\AppData\Local\Kpegafu.dat
[2010/08/10 09:51:50 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\Ljino.bin
[2010/07/08 02:38:59 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/07/08 02:38:59 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/07/08 02:38:59 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/02/10 04:33:35 | 000,000,045 | ---- | C] () -- C:\Users\User\AppData\Local\machpro.dat
[2009/12/04 06:25:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/04 06:25:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/23 11:33:22 | 000,700,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/05 16:06:55 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/10/05 15:58:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/10/05 15:58:57 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/10/02 10:07:29 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/02 01:20:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/10/02 01:19:51 | 000,096,256 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/01 13:22:26 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/08/28 18:39:48 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini
[2009/08/28 18:08:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/08/28 18:02:47 | 000,000,732 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps64.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/21 13:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/11/03 09:40:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.purple
[2010/09/29 22:02:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Pro
[2010/08/09 02:33:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2010/08/10 10:12:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gopebmosi
[2010/11/02 11:53:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2010/11/03 09:28:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data
[2010/11/01 05:46:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICAClient
[2010/03/23 13:06:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mikogo
[2010/10/12 03:17:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\postgresql
[2010/05/06 09:07:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sierra Wireless
[2010/03/24 04:20:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UB
[2010/11/03 09:39:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2010/04/18 13:28:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wizards of the Coast
[2010/10/29 03:16:49 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker:MID

< End of report >




OTL Extras logfile created on: 3/11/2010 9:41:32 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 63.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 345.12 Gb Free Space | 37.05% Space Free | Partition Type: NTFS
Drive D: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 1863.01 Gb Total Space | 967.68 Gb Free Space | 51.94% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\User\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\User\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 63 98 E5 02 79 02 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Telstra\BigPond Wireless Broadband\SwiApiMux.exe" = C:\Program Files (x86)\Telstra\BigPond Wireless Broadband\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Telstra\BigPond Wireless Broadband\SwiApiMux.exe" = C:\Program Files (x86)\Telstra\BigPond Wireless Broadband\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E87925-A95C-4B92-87C0-17EA8D087691}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A2695D6-AE48-4556-BD49-A680FB4E919A}" = rport=137 | protocol=17 | dir=out | app=system |
"{0B1EB2A4-422D-4FE6-A3F8-39AD0C37FD4D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{116ADFCB-319D-46AF-B0CF-461EA58E6035}" = lport=445 | protocol=6 | dir=in | app=system |
"{19979F81-76DC-410E-B7B7-CC2A0831B97A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{1B063BEA-58A4-4367-9922-3609E1CF8CEB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{226B81E6-CBA0-43CC-BEE4-2CED075F2EBA}" = rport=139 | protocol=6 | dir=out | app=system |
"{241B3DD1-8559-4197-AD86-473C1BD401EE}" = lport=3390 | protocol=6 | dir=in | app=system |
"{30750858-5181-4C16-87AD-62C6898EA18D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32B4ABAF-9F19-400D-A040-EE0F3C65B29D}" = rport=445 | protocol=6 | dir=out | app=system |
"{3431C5CC-2D17-4443-A48C-473D75054FA8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A346BE4-8F65-410C-B6DF-9737AC69739D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CE51B0B-6BCC-4582-B5F8-C227AAA01DF6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40C79617-395D-4868-9526-E96A91EEB77E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B21BD29-7195-4E85-954B-DE18DF35FC9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{505D501E-1B64-4D76-AB73-E8CBA88F628D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61397DEC-3F34-4D25-887F-474AAA5C4AB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D16EB8F-6BD4-4C08-BFEB-17DEBB1550BF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7685E010-D5D6-4C67-8FF1-3C359E2414A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FEF2F65-DA74-4C4F-9888-E25ADF229632}" = lport=10244 | protocol=6 | dir=in | app=system |
"{803611EE-5286-430D-926D-DFAFF4E72360}" = lport=139 | protocol=6 | dir=in | app=system |
"{83F2890B-28FB-4074-A575-3642543B33AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{854B0490-77F5-4BE9-992A-EFC3CE00E5A6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8CC526D8-16FA-4236-BA1C-2EDE0F427999}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{956EF597-FA55-48B1-80B9-CFD42985F483}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9FE72BDC-1C6C-4961-B9CF-1BB650FC0CAA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A1474AFB-A67A-4C87-BF3B-E93BE175153D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A5EB472F-A646-4C7D-92AE-429A033886E6}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B07C798A-557C-49C4-A7C9-EA8E9758DBE1}" = lport=138 | protocol=17 | dir=in | app=system |
"{B8C8B2F2-0062-4D67-94E8-0FB7D2EE5023}" = lport=3390 | protocol=6 | dir=in | app=system |
"{BA82BA51-E201-4B7E-91DB-6A83CFE5B2B0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBDBFB15-E793-46F1-9435-580DA004BD78}" = rport=138 | protocol=17 | dir=out | app=system |
"{BC9CD8B3-F424-4958-937D-D9BF1F4C7DE5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BDE9F464-7EDD-4D94-9632-ADC7B242DD40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC71ED4F-65CA-4B7C-B868-77B0807603AA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D4DD7FAD-3107-4C44-874E-4B31DB3B0DC8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E70028A3-EC61-4B96-B037-40F6A51B48E9}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EB266018-B838-430B-BF9D-AE29AE91B927}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFCAC31D-CF62-45C2-8A9B-696D4481FF49}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F007D710-4AE0-4916-B09E-867D28B8C803}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F419F77B-77B8-409B-83B4-ED8144D0D0B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{FFD9D158-0515-4179-B9D5-495A6D4E6AB5}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DB358D-1150-4108-A7CC-FBD7A59337EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{02976FB8-E054-4500-BAE1-1F27781D9767}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 2\fallout2.exe |
"{02EE2AC1-E677-4ACA-9746-821081A63E6E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{07A60F66-7CCB-4851-95BF-44C927A1145A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0AF1750F-1D2A-4393-AF12-EADBEDF72810}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe |
"{0D1BACB8-3AFC-41F4-9F19-1E4648A74CDB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0F090886-B6EF-42C7-960A-D402F1112A76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{13AE0C07-4ADD-4775-BB0B-CC994E812595}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{152FA9FF-B94C-43D2-978A-DC47544B1760}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{17A66291-8BA8-4AD6-8BB0-F15C47C4E799}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{193C4FDC-BCBA-4AA9-B9D9-D1C0E8B53B5D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1B4518C9-D72E-4B8E-976C-5EC71265E47B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C24F0B9-6360-4EAB-927B-6655B03E3DE1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1DB3F55A-8B33-4487-89F4-EBCE86F09240}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{1EC0E815-BFB0-4D14-A2F4-BFA1592D9117}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{2865628D-8064-41EB-8874-7C643295B281}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2B340B22-9AAF-4FDB-A81C-CBA1EBC7F832}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\tversity\media server\mediaserver.exe |
"{2D3AC964-BE99-4B33-BFC8-AA9F2C44A1D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D699C01-C300-42A5-9B35-C59BC8483796}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{3518B353-3673-4DA7-87C3-0210C9122D19}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{36133EEC-E9FF-4588-B4E3-288650998027}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{36DA0D8A-1A4E-45BB-A994-99E10B6D3A6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{388AC050-F8F3-4A48-A32D-89CE14D55DED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{429616AE-255B-4857-9C69-D1DF9E3AC08F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4355281F-6801-4808-85B8-1D6B3FCB86BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{500516E6-6103-4BD9-BE81-66EE2A5E9CA1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{515A1DF3-7CEA-4204-82AE-8724A4330D00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{53255782-FF08-4006-9CC3-B2A1A5490D58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{549ECAC1-B603-4E4C-8F95-D39A54309019}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{556A05D9-055C-4F98-A27A-D84C8FE17F8C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{55F100D6-2D81-4FAA-9DF7-C522B9B9C3A2}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\tversity\media server\mediaserver.exe |
"{56152F61-E6FE-4C8D-A33A-D645AB09209D}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{56B23717-49CC-419A-ADB5-44E550E5FD64}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{578AB707-BE98-4D54-B414-34714F03127A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{59BB1B64-ED95-4277-8FE7-036667F634D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B1050BF-F3C0-4640-9F4F-C92A80A74C20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C68D607-07A4-4CEF-BE72-985FA75F6A26}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{6E6BAC17-5A86-4701-B091-5C744E32E617}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{6E9A4D91-6643-4BFE-A7C5-AB543E65F53C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6F1ED476-85FA-4ADA-AFF6-AEFAA9574941}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{730A7D45-D8EE-4D31-A4B8-8A7B10100C0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout\falloutw.exe |
"{8276401C-C48A-4D56-A4B1-2B6DBB2A807B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{835B3FE1-7905-4C9A-BDB5-7F44EA612E0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 2\fallout2.exe |
"{83C3E899-898B-4FF2-9C12-465C69D2B03D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85DC39BF-FE3C-4310-A778-4DC7212EAD88}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{880810C0-3FC9-446A-818D-4B8DBCE81065}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A46F27A-1AE0-441C-8918-7E12C0450055}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{8C7851AF-EBEA-4E08-AC7A-80311CD2C693}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{8DFA5FB3-C352-4D51-945A-E47B62D7F1E8}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\tversity\media server\mediaserver.exe |
"{921A07F8-E37E-4DFF-988C-0DC0A170EDDF}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{96BFFCE8-6F53-4F13-8FDF-4CBAFF2B1546}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{977174BA-2A58-499C-8B01-C041410B6602}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9820A75C-4ECA-4BFF-ABA3-8B6C0AB8DD55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{9849E817-2909-47BE-87C1-88B599066594}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{993D8C56-5059-4E60-966C-26060AC2EC32}" = protocol=6 | dir=out | app=system |
"{9C9C1AB7-A1F6-4536-8DA5-97644D6DF042}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA32D496-5BA4-42C7-91F3-5BEDFEFE4883}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{AD7727BE-D8B2-4777-9B4B-1DA48BF66738}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{AED9F4DD-BD3F-4E3F-A120-445662CFC0EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AF27BA7D-83C8-4E15-B1DA-AC5380C67C78}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B4E76914-B5CB-4859-822A-0C2D0BDB5C7E}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\tversity\media server\mediaserver.exe |
"{B51C1EDE-1FD8-4F30-8B12-033C14D7103A}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{BF0559C2-584D-473B-A490-043451A18EEE}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{C1144E8B-D2E5-4D8A-9042-D30B74DB4166}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C841A352-3D0C-4AD8-836B-2B3AFA18E719}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C9CC4E59-7741-4884-A03B-80FB7E7C2D2C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF4B071C-D952-415F-82BA-5BC7F6B2D480}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D174C034-EBD6-4CEA-A7B5-5F3CD15ECA37}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D3B62BFA-5390-4C95-AE45-6E2B4398CBAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{D4F04E3F-9184-4AEC-8090-F262EB47195C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D9EAAF66-66B4-4CEA-8006-5CF1E6C63D0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout tactics\bos.exe |
"{DB778B27-B3EA-4BC3-B688-C646925C3020}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout\falloutw.exe |
"{DFE85B04-E01F-4B86-BA8D-65A8C83F754D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{E2E8A418-0223-42D6-99DF-678000729639}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E5052424-1995-4598-8DD4-217A6D7A8832}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E75D6DD4-0239-4327-B396-263FC80BC2AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA2730F8-1AD0-4FEF-92AF-A3A8D0E8B655}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{EA62E65E-493A-4CBF-ADC0-59983756AA35}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EB963493-D592-4552-9102-D671239A6653}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EC92C243-3728-4168-8767-EFEA869BB071}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED28F876-5979-48EC-BD17-1D2882430BEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EE5E3933-7D1E-45FC-B4AC-A3C1F908EFCB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F639DFEC-9885-4B3B-B39A-660F956DD3AA}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{F8404E2D-93F1-4F3A-BBB9-89BD61E6586D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout tactics\bos.exe |
"{FA867B23-F6F0-4DFC-9CB7-415C4DFB62F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB3387DF-BDAF-4092-AD42-F710BEDBCD31}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{FC2646F1-5D47-4551-8638-F7ED7C12ACC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{FD52B656-1579-4B31-979B-EDA173DFF9C1}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{FE3CF0A4-9BE8-4E08-ACA2-FF06E9CB0ED3}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{FE7D2A4D-4D0B-46D4-92EB-304EDA876B3D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FEF8328A-866F-416E-90F1-FE08E4EC10A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{5834F034-DEC6-4F48-B117-3CBB3BC52AAF}C:\program files (x86)\sabnzbd\sabnzbd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sabnzbd\sabnzbd.exe |
"UDP Query User{D627BE3E-D6FC-4F49-BC0A-28617BBEEA32}C:\program files (x86)\sabnzbd\sabnzbd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sabnzbd\sabnzbd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09016E0D-CFB1-D26E-B29A-B45AA82E912D}" = ATI Catalyst Install Manager
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{115E79F1-4E70-D523-1B80-1E116D00F09C}" = ccc-utility64
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{45DFBE03-9A00-3A00-3272-09A0178B24DA}" = ATI AVIVO64 Codecs
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2CA3B8348CD526E9B8928840AC68738C5B5A4F8F" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0)
"5AF8BE22A56B38B1816F36BAC6A71F1277E45440" = Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006)
"B090418E214D6BD6EE18A512A8EE609225AC9279" = Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AE512BF-4487-7E3D-314A-FA98843E341D}" = CCC Help Spanish
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{10147551-9D1E-92AB-BC25-50062E59FC93}" = CCC Help Korean
"{14E27EF1-62C9-BD82-6CB2-F07BD641248A}" = Catalyst Control Center InstallProxy
"{1917776B-8082-EF01-E8E5-206AE05AB344}" = CCC Help Japanese
"{1B6C8033-3A22-B691-04D2-21BDB81752FE}" = CCC Help Portuguese
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1EA317AF-398B-21FB-192E-5149589D1303}" = CCC Help Czech
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 22
"{28AFA4FD-0FBA-DF03-282D-DA6427575E46}" = HydraVision
"{2BD3018B-07F2-C7DE-1B86-519DA610E8FF}" = CCC Help Dutch
"{2E4CF46D-D3FF-9DA3-53EA-AC856EEA044E}" = Catalyst Control Center Graphics Light
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-145C
"{3C5F58E6-C14F-52B8-666B-ED9DA9952961}" = CCC Help Finnish
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
"{43AD7481-0048-BD99-5DC9-F33B87FC3CBE}" = Catalyst Control Center HydraVision Full
"{45F5630E-2EE5-07DE-2340-5BB5F41EFA75}" = CCC Help Chinese Traditional
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3A069D-FB4E-81F0-FE2F-E1F37329C149}" = CCC Help Greek
"{4F498ED9-A09B-0892-5D26-C550E04FA55B}" = CCC Help German
"{5398A646-DA01-E8E5-838C-041F056DF993}" = ccc-core-static
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{567C9882-843D-4188-A181-00E2CC3E1033}" = LG Burning Tools
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F693EFA-94F7-E6F9-87F8-E9A9A8A9B9DB}" = Catalyst Control Center Graphics Previews Vista
"{5F798E37-0900-EA78-DD24-D2415691885F}" = CCC Help Swedish
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = LG CyberLink PowerDVD 7.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CBC9208-6FA1-9F71-7DA0-0BCEE2061BF0}" = CCC Help Polish
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{7173DEDF-9BFD-21A5-7267-76761A8322AD}" = Catalyst Control Center Localization All
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78B00E48-145A-705F-911B-A470D3F188C4}" = CCC Help Italian
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{8220D118-F173-4383-8FC4-65259B92B8EE}" = TableNinja
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8BFDA8AC-4A90-F17F-F2C3-AFC721A907A8}" = CCC Help French
"{8C43F22D-FD5B-0FFB-B9EE-C5D0D1F57EFC}" = CCC Help Russian
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{928E6B10-5BA7-3D88-D2A0-D17CC8DD5315}" = CCC Help English
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = 3 Mobile Broadband
"{957A526D-EB80-32B0-5F8A-D278488B0229}" = CCC Help Hungarian
"{96EC9DFD-ACB3-E454-5277-2D7DD3C43A4F}" = CCC Help Turkish
"{9F1B23BC-4F7A-45FA-85AF-1B019E28D82A}" = TableNinjaFT
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AE715C55-563C-3886-14C6-4EC3E4F167DA}" = CCC Help Thai
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4AA5745-9B5B-D101-8EFE-C58BC9ACDD13}" = CCC Help Norwegian
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BA61DBFD-E851-430B-ABA9-57D74C802622}" = Quicken 2010
"{C0583394-A9E6-1245-FD0D-FBCB2402808B}" = Catalyst Control Center Core Implementation
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C8E4DEC2-FDC9-4E62-B74E-0E673700E64E}_is1" = SharpStats V1.0d
"{CBFDCAA6-9611-5CD1-15C2-8C535E006EA9}" = Catalyst Control Center Graphics Previews Common
"{CDEDBC83-40F4-4C8B-9BA7-AA95F45246F9}" = BigPond Wireless Broadband
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2F2A1C2-B162-77F5-9846-7534074A171C}" = Catalyst Control Center Graphics Full New
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E53C2E32-D090-488A-A098-9EB1A09C367F}" = CCC Help Chinese Standard
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FD1D0916-AC22-CB57-7268-260F12D72833}" = Catalyst Control Center Graphics Full Existing
"{FF641CF0-F5C7-CC23-501F-E55866DEE30F}" = CCC Help Danish
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoHotkey" = AutoHotkey 1.0.48.05
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Betfair Poker_is1" = Betfair Poker
"Cake Poker(uninstall)" = Cake Poker
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"Chilipoker" = Chilipoker
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Diablo II" = Diablo II
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"hon" = Heroes of Newerth
"HTML Text Extractor" = HTML Text Extractor
"HydraIRC" = HydraIRC
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mikogo" = Mikogo
"mIRC" = mIRC
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"PartyPoker" = PartyPoker
"Peggle Deluxe 1.01" = Peggle Deluxe 1.01
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PokerStars" = PokerStars
"PowerMenu" = PowerMenu 1.51
"SABnzbd" = SABnzbd (remove only)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 17460" = Mass Effect
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 38400" = Fallout
"Steam App 38410" = Fallout 2
"Steam App 38420" = Fallout Tactics
"Steam App 41500" = Torchlight
"Steam App 590" = Left 4 Dead 2 Demo
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.2
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CarbonPoker" = CarbonPoker
"Diablo II" = Diablo II
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"UB" = UB

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Thanks,

Roy

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:14 PM

Posted 02 November 2010 - 07:49 PM

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775
O1 - Hosts: 212.117.178.25 www.google.com
O1 - Hosts: 212.117.163.43 search.yahoo.com
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
[2010/08/10 09:51:50 | 000,000,120 | ---- | C] () -- C:\Users\User\AppData\Local\Kpegafu.dat
[2010/08/10 09:51:50 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\Ljino.bin
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Then please run a new scan with OTL (using the same instructions as the first time you used it) and post the log.
Posted Image
m0le is a proud member of UNITE

#9 GodlikeRoy

GodlikeRoy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 02 November 2010 - 11:37 PM

========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
212.117.178.25 www.google.com removed from HOSTS file successfully
212.117.163.43 search.yahoo.com removed from HOSTS file successfully
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
C:\Users\User\AppData\Local\Kpegafu.dat moved successfully.
C:\Users\User\AppData\Local\Ljino.bin moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.17.2 log created on 11032010_153339


OTL logfile created on: 3/11/2010 3:34:21 PM - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 60.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 342.12 Gb Free Space | 36.73% Space Free | Partition Type: NTFS
Drive D: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 1863.01 Gb Total Space | 967.68 Gb Free Space | 51.94% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\User\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)


========== Modules (SafeList) ==========

MOD - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\mssprxy.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TVersityMediaServer) -- C:\Users\User\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (B-Service) -- C:\Users\User\AppData\Roaming\Mikogo\B-Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (pgsql-8.3) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\Windows\SysNative\DRIVERS\swnc8ua3.sys (Sierra Wireless Inc.)
DRV:64bit: - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\Windows\SysNative\DRIVERS\swumxa3.sys (Sierra Wireless Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\DRIVERS\swmsflt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 8E D6 A5 E8 76 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {0C3E9453-0E01-415B-A9F8-33544F72F101}:1.9.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.863
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 04:00:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0C3E9453-0E01-415B-A9F8-33544F72F101}: C:\Users\User\AppData\Local\{0C3E9453-0E01-415B-A9F8-33544F72F101} [2010/08/10 09:51:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/10/27 08:40:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 09:44:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/01 05:34:31 | 000,000,000 | ---D | M]

[2010/08/14 08:25:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2010/08/14 08:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/27 09:49:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3bhtxwio.default\extensions
[2010/08/16 09:39:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3bhtxwio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/27 09:49:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/28 09:44:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/13 23:47:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/28 09:44:31 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/10/28 09:44:31 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/28 09:44:32 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/10/25 12:53:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/10/25 12:53:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/10/25 12:53:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/10/25 12:53:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/10/25 12:53:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/10/25 12:53:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/10/25 12:53:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/10/14 11:28:37 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/10/14 11:28:37 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/10/14 11:28:37 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/10/14 11:28:37 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/10/14 11:28:37 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/10/14 11:28:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/10/14 11:28:37 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/11/03 15:33:39 | 000,001,500 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {AE3E8210-B33F-49C1-B4E2-860F5F4D732F} https://kvm.wahw.com.au/dsview/applets/viewerLauncher.cab (Avocent DSView Session Launcher Control)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra64.exe) - C:\Windows\SysWow64\sdra64.exe File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 20:02:01 | 000,000,055 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{14fa2b44-1ede-11df-98a2-001fd02285c5}\Shell - "" = AutoRun
O33 - MountPoints2\{14fa2b44-1ede-11df-98a2-001fd02285c5}\Shell\AutoRun\command - "" = E:\ONSPCLCK.exe -- File not found
O33 - MountPoints2\{455ce3fc-5394-11df-91bc-001d7d0357a5}\Shell - "" = AutoRun
O33 - MountPoints2\{455ce3fc-5394-11df-91bc-001d7d0357a5}\Shell\AutoRun\command - "" = E:\WIN\setup.exe -- File not found
O33 - MountPoints2\{5481f703-939e-11de-910b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5481f703-939e-11de-910b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\BlueBirds.exe -- [2009/04/29 20:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O33 - MountPoints2\{65ce7b8c-cbb8-11df-a465-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{65ce7b8c-cbb8-11df-a465-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/03 15:33:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/03 09:09:35 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/11/03 06:54:01 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\TDSSKiller.exe
[2010/11/02 13:42:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla-Cache
[2010/11/02 13:40:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\P5
[2010/11/02 13:40:31 | 000,000,000 | ---D | C] -- C:\Betfair
[2010/10/29 21:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TableNinjaFT
[2010/10/29 17:32:47 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\HHs
[2010/10/28 10:28:38 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/10/28 10:28:38 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/10/28 10:28:35 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/10/27 19:02:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/10/27 19:02:11 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/27 19:02:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/27 19:02:11 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/27 19:02:10 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/27 19:02:10 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/27 19:02:10 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/27 19:02:10 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/27 19:02:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/27 19:02:10 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/27 19:02:10 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/27 19:02:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/27 19:02:09 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/27 19:02:09 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/27 19:02:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/10/27 19:02:09 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/10/27 19:02:09 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/10/27 19:02:09 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/10/27 19:02:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/10/27 19:02:09 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/10/27 19:02:09 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/10/27 19:02:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/10/27 19:02:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/10/27 19:02:09 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/10/27 19:02:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/27 19:02:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/27 19:02:08 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/10/27 19:02:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/10/27 18:52:12 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2010/10/27 18:52:12 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2010/10/27 18:52:12 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2010/10/27 18:52:12 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2010/10/27 18:52:12 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2010/10/27 18:52:12 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2010/10/27 18:52:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2010/10/27 18:52:12 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2010/10/27 18:52:12 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\corpol.dll
[2010/10/27 18:52:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll
[2010/10/27 18:52:11 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2010/10/27 18:52:11 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2010/10/27 18:52:11 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2010/10/27 18:52:10 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2010/10/27 18:52:09 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/10/27 18:52:09 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2010/10/27 18:52:09 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2010/10/27 18:52:09 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2010/10/27 18:52:09 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2010/10/27 18:52:09 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2010/10/27 18:52:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2010/10/27 18:52:08 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2010/10/27 18:52:08 | 000,481,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/10/27 18:52:08 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2010/10/27 18:52:08 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2010/10/27 18:52:08 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2010/10/27 18:52:08 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2010/10/27 18:52:07 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2010/10/27 18:52:07 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2010/10/27 18:52:07 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/10/27 18:52:07 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2010/10/27 18:52:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2010/10/27 18:52:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2010/10/27 18:52:07 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2010/10/27 18:52:07 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2010/10/27 18:52:06 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinFXDocObj.exe
[2010/10/27 18:52:06 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe
[2010/10/27 18:52:06 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PDMSetup.exe
[2010/10/27 18:52:06 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2010/10/27 18:52:06 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2010/10/27 18:52:06 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetDepNx.exe
[2010/10/27 18:52:06 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2010/10/27 18:52:06 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2010/10/27 18:52:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2010/10/27 18:52:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2010/10/27 18:52:05 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010/10/27 18:52:05 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2010/10/27 18:52:05 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2010/10/27 18:52:05 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2010/10/27 18:52:05 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe
[2010/10/27 18:52:05 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2010/10/27 18:52:05 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2010/10/27 18:52:05 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
[2010/10/27 18:32:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/10/27 13:50:31 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/27 13:50:31 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/27 13:50:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/27 13:50:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/27 13:50:30 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/27 13:50:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/25 12:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/25 12:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/25 12:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/10/25 10:59:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\sabnzbd
[2010/10/25 10:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SABnzbd
[2010/10/15 08:47:15 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/15 08:47:12 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/15 08:47:12 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/15 08:47:11 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/15 08:47:11 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/15 08:47:09 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/15 08:47:06 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/15 08:47:06 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/15 08:46:54 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/15 08:46:51 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/15 08:46:48 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/15 08:46:48 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/15 08:45:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/15 08:45:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/15 08:45:58 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/15 08:45:58 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/15 08:45:55 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/15 08:45:55 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 02:35:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\TechSmith
[2010/10/14 00:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/10/13 23:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/13 23:47:53 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/13 23:47:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/13 23:47:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/13 23:47:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/12 03:16:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\postgresql
[2010/10/11 18:41:11 | 000,000,000 | ---D | C] -- C:\HMArchive
[2010/10/07 03:14:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2010/10/07 03:14:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/07 03:14:32 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/07 03:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/07 03:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2010/11/03 15:30:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3181894853-2755416274-3419462048-1000UA.job
[2010/11/03 14:14:01 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 14:14:01 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 09:40:55 | 000,000,218 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2010/11/03 09:30:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3181894853-2755416274-3419462048-1000Core.job
[2010/11/03 09:09:39 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/11/03 08:50:50 | 000,046,767 | ---- | M] () -- C:\Users\User\Desktop\betfair.JPG
[2010/11/03 08:36:20 | 067,098,201 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/11/03 06:25:26 | 000,102,811 | ---- | M] () -- C:\Users\User\Desktop\backtoevenFTP.jpg
[2010/11/02 20:04:37 | 004,510,858 | ---- | M] () -- C:\Users\User\Documents\Pianotarium-2005-David.Ari.Leon-The.Piano.Tribute.To.Pink.Floyd-01-comfortably_numb.mp3
[2010/11/02 20:04:23 | 000,007,532 | -HS- | M] () -- C:\Users\User\Documents\Folder.jpg
[2010/11/02 20:04:23 | 000,007,532 | -HS- | M] () -- C:\Users\User\Documents\AlbumArt_{4C08557B-C642-4BE9-954A-CA6B9EA954AD}_Large.jpg
[2010/11/02 20:04:21 | 000,002,099 | -HS- | M] () -- C:\Users\User\Documents\AlbumArtSmall.jpg
[2010/11/02 20:04:21 | 000,002,099 | -HS- | M] () -- C:\Users\User\Documents\AlbumArt_{4C08557B-C642-4BE9-954A-CA6B9EA954AD}_Small.jpg
[2010/11/02 19:14:03 | 000,096,256 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/02 17:30:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/11/02 16:46:23 | 000,105,897 | ---- | M] () -- C:\Users\User\Desktop\backtoevenBBs.jpg
[2010/11/02 16:44:02 | 000,110,458 | ---- | M] () -- C:\Users\User\Desktop\backtoeven.jpg
[2010/11/02 16:43:55 | 000,334,188 | ---- | M] () -- C:\Users\User\Desktop\back to even.emf
[2010/11/02 13:40:31 | 000,001,419 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Betfair Poker.lnk
[2010/11/02 13:40:31 | 000,001,393 | ---- | M] () -- C:\Users\Public\Desktop\Betfair Poker.lnk
[2010/11/02 10:20:48 | 000,002,591 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to HoldemManager.exe.lnk
[2010/11/02 10:19:35 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/02 10:19:35 | 000,611,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/02 10:19:35 | 000,109,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/02 10:14:09 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010/11/02 10:14:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/02 10:01:43 | 000,010,178 | ---- | M] () -- C:\Users\User\Documents\stats.xlsx
[2010/10/30 18:20:17 | 000,093,629 | ---- | M] () -- C:\Users\User\Desktop\aoigywa.jpg
[2010/10/30 18:04:56 | 000,046,826 | ---- | M] () -- C:\Users\User\Desktop\4549_1109137982929_1661228887_262247_7534910_n.jpg
[2010/10/30 18:00:33 | 000,083,532 | ---- | M] () -- C:\Users\User\Desktop\40392_139896952709061_100000662704149_241604_6093339_n.jpg
[2010/10/30 10:48:24 | 000,098,695 | ---- | M] () -- C:\Users\User\Desktop\FTP rigged.jpg
[2010/10/29 21:12:22 | 000,001,964 | ---- | M] () -- C:\Users\User\Desktop\TableNinjaFT.lnk
[2010/10/29 15:50:51 | 000,117,637 | ---- | M] () -- C:\Users\User\Desktop\Stake Results Graph.jpg
[2010/10/29 15:48:56 | 000,072,988 | ---- | M] () -- C:\Users\User\Desktop\Stake Result Stats.JPG
[2010/10/29 13:11:27 | 000,099,255 | ---- | M] () -- C:\Users\User\Desktop\MTD Oct 29.jpg
[2010/10/28 17:07:07 | 000,056,643 | ---- | M] () -- C:\Users\User\Desktop\Capture.JPG
[2010/10/28 17:06:19 | 000,118,987 | ---- | M] () -- C:\Users\User\Desktop\biggest vpp day.jpg
[2010/10/27 22:43:31 | 000,002,246 | ---- | M] () -- C:\Users\User\Desktop\TVersity.lnk
[2010/10/27 22:26:53 | 000,001,008 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/27 18:39:20 | 000,375,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/26 17:00:09 | 366,755,606 | ---- | M] () -- C:\Users\User\Documents\The.Good.Wife.S02E05.HDTV.XviD-LOL.avi
[2010/10/26 11:30:08 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\TDSSKiller.exe
[2010/10/25 13:47:55 | 000,012,292 | -H-- | M] () -- C:\Users\User\.DS_Store
[2010/10/25 13:47:45 | 000,006,148 | -H-- | M] () -- C:\Users\User\Documents\.DS_Store
[2010/10/25 10:59:50 | 000,000,909 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk
[2010/10/25 10:44:23 | 000,029,184 | -HS- | M] () -- C:\Windows\SysWow64\csncui.dll
[2010/10/25 10:44:23 | 000,000,618 | -HS- | M] () -- C:\Windows\SysWow64\2843344071
[2010/10/19 19:30:10 | 000,000,020 | ---- | M] () -- C:\Users\User\defogger_reenable
[2010/10/13 12:33:13 | 000,001,823 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
[2010/10/07 03:01:59 | 000,000,133 | ---- | M] () -- C:\Users\User\AppData\Roaming\asdsada.bat

========== Files Created - No Company Name ==========

[2010/11/03 09:40:55 | 000,000,218 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2010/11/03 08:50:48 | 000,046,767 | ---- | C] () -- C:\Users\User\Desktop\betfair.JPG
[2010/11/03 06:25:26 | 000,102,811 | ---- | C] () -- C:\Users\User\Desktop\backtoevenFTP.jpg
[2010/11/02 20:04:23 | 000,007,532 | -HS- | C] () -- C:\Users\User\Documents\AlbumArt_{4C08557B-C642-4BE9-954A-CA6B9EA954AD}_Large.jpg
[2010/11/02 20:04:23 | 000,002,099 | -HS- | C] () -- C:\Users\User\Documents\AlbumArt_{4C08557B-C642-4BE9-954A-CA6B9EA954AD}_Small.jpg
[2010/11/02 16:46:22 | 000,105,897 | ---- | C] () -- C:\Users\User\Desktop\backtoevenBBs.jpg
[2010/11/02 16:44:02 | 000,110,458 | ---- | C] () -- C:\Users\User\Desktop\backtoeven.jpg
[2010/11/02 16:43:55 | 000,334,188 | ---- | C] () -- C:\Users\User\Desktop\back to even.emf
[2010/11/02 13:40:31 | 000,001,419 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Betfair Poker.lnk
[2010/11/02 13:40:31 | 000,001,393 | ---- | C] () -- C:\Users\Public\Desktop\Betfair Poker.lnk
[2010/11/02 11:53:23 | 004,510,858 | ---- | C] () -- C:\Users\User\Documents\Pianotarium-2005-David.Ari.Leon-The.Piano.Tribute.To.Pink.Floyd-01-comfortably_numb.mp3
[2010/11/02 10:01:42 | 000,010,178 | ---- | C] () -- C:\Users\User\Documents\stats.xlsx
[2010/10/30 18:20:16 | 000,093,629 | ---- | C] () -- C:\Users\User\Desktop\aoigywa.jpg
[2010/10/30 18:04:58 | 000,046,826 | ---- | C] () -- C:\Users\User\Desktop\4549_1109137982929_1661228887_262247_7534910_n.jpg
[2010/10/30 18:00:37 | 000,083,532 | ---- | C] () -- C:\Users\User\Desktop\40392_139896952709061_100000662704149_241604_6093339_n.jpg
[2010/10/30 10:48:24 | 000,098,695 | ---- | C] () -- C:\Users\User\Desktop\FTP rigged.jpg
[2010/10/29 21:12:22 | 000,001,964 | ---- | C] () -- C:\Users\User\Desktop\TableNinjaFT.lnk
[2010/10/29 15:50:51 | 000,117,637 | ---- | C] () -- C:\Users\User\Desktop\Stake Results Graph.jpg
[2010/10/29 15:48:54 | 000,072,988 | ---- | C] () -- C:\Users\User\Desktop\Stake Result Stats.JPG
[2010/10/29 13:11:26 | 000,099,255 | ---- | C] () -- C:\Users\User\Desktop\MTD Oct 29.jpg
[2010/10/28 17:06:41 | 000,056,643 | ---- | C] () -- C:\Users\User\Desktop\Capture.JPG
[2010/10/27 22:43:31 | 000,002,246 | ---- | C] () -- C:\Users\User\Desktop\TVersity.lnk
[2010/10/27 22:40:28 | 366,755,606 | ---- | C] () -- C:\Users\User\Documents\The.Good.Wife.S02E05.HDTV.XviD-LOL.avi
[2010/10/27 19:02:09 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/10/27 19:02:09 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/10/27 17:36:08 | 000,118,987 | ---- | C] () -- C:\Users\User\Desktop\biggest vpp day.jpg
[2010/10/25 13:47:16 | 000,006,148 | -H-- | C] () -- C:\Users\User\Documents\.DS_Store
[2010/10/25 10:59:50 | 000,000,909 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk
[2010/10/25 10:44:23 | 000,029,184 | -HS- | C] () -- C:\Windows\SysWow64\csncui.dll
[2010/10/25 10:44:23 | 000,000,618 | -HS- | C] () -- C:\Windows\SysWow64\2843344071
[2010/10/19 19:30:10 | 000,000,020 | ---- | C] () -- C:\Users\User\defogger_reenable
[2010/10/13 12:33:13 | 000,001,823 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
[2010/10/07 03:01:59 | 000,000,133 | ---- | C] () -- C:\Users\User\AppData\Roaming\asdsada.bat
[2010/09/29 22:03:32 | 000,000,149 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/07/08 02:38:59 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/07/08 02:38:59 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/07/08 02:38:59 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/02/10 04:33:35 | 000,000,045 | ---- | C] () -- C:\Users\User\AppData\Local\machpro.dat
[2009/12/04 06:25:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/04 06:25:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/23 11:33:22 | 000,700,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/05 16:06:55 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/10/05 15:58:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/10/05 15:58:57 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/10/02 10:07:29 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/02 01:20:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/10/02 01:19:51 | 000,096,256 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/01 13:22:26 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/08/28 18:39:48 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini
[2009/08/28 18:08:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/08/28 18:02:47 | 000,000,732 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps64.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/21 13:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/11/03 15:32:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.purple
[2010/09/29 22:02:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Pro
[2010/08/09 02:33:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2010/08/10 10:12:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gopebmosi
[2010/11/02 11:53:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2010/11/03 10:15:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data
[2010/11/01 05:46:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICAClient
[2010/03/23 13:06:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mikogo
[2010/10/12 03:17:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\postgresql
[2010/05/06 09:07:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sierra Wireless
[2010/03/24 04:20:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UB
[2010/11/03 15:30:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2010/04/18 13:28:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wizards of the Coast
[2010/10/29 03:16:49 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker:MID

< End of report >


Thanks,

Roy

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:14 PM

Posted 03 November 2010 - 04:37 PM

Please run MBAM next

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Please let me know how the PC is running too.
Posted Image
m0le is a proud member of UNITE

#11 GodlikeRoy

GodlikeRoy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 04 November 2010 - 05:11 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5041

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

4/11/2010 6:13:12 PM
mbam-log-2010-11-04 (18-13-12).txt

Scan type: Full scan (C:\|D:\|Z:\|)
Objects scanned: 545977
Time elapsed: 1 hour(s), 44 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\User\AppData\Roaming\asdsada.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\2843344071 (Malware.Trace) -> Quarantined and deleted successfully.


preliminary results seem good, i just tried to google something and the results seem to work fine.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:14 PM

Posted 04 November 2010 - 05:26 PM

Good news so far. Please run ESET's online scan next

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#13 GodlikeRoy

GodlikeRoy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 04 November 2010 - 09:04 PM

C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\5e08f394-6220d90c a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\2e53e616-2702b6dc a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\493431a5-58ff48ee multiple threats deleted - quarantined
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\477aef6e-7969c747 a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Users\User\Downloads\Microsoft OFFICE 2010 (v.14.0.4734.1000) PRO PLUS - PRECRACKED\Microsoft OFFICE 2010 PRO.rar multiple threats deleted - quarantined
C:\Users\User\Downloads\Microsoft OFFICE 2010 (v.14.0.4734.1000) PRO PLUS - PRECRACKED\Microsoft OFFICE 2010 PRO\setup.exe multiple threats deleted - quarantined
Z:\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\2e53e616-2702b6dc a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
Z:\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\493431a5-58ff48ee multiple threats deleted - quarantined
Z:\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\477aef6e-7969c747 a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
Z:\User\Downloads\Microsoft OFFICE 2010 (v.14.0.4734.1000) PRO PLUS - PRECRACKED\Microsoft OFFICE 2010 PRO.rar multiple threats deleted - quarantined
Z:\User\Downloads\Microsoft OFFICE 2010 (v.14.0.4734.1000) PRO PLUS - PRECRACKED\Microsoft OFFICE 2010 PRO\setup.exe multiple threats deleted - quarantined

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:14 PM

Posted 05 November 2010 - 09:13 PM

It's looking very good. Still no redirections?
Posted Image
m0le is a proud member of UNITE

#15 GodlikeRoy

GodlikeRoy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 06 November 2010 - 07:48 AM

None at all :)

Thanks very much for your help.

Do the logs I have posted indicate that there is no other malware and/or no trojan horses infecting this PC?

Also, what is the best way to prevent myself from being infected from a similar type of virus/malware in the future?

Thanks once again. I appreciate it a lot.

Roy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users