Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searches redirect and BSOD


  • This topic is locked This topic is locked
26 replies to this topic

#1 moniker55

moniker55

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 07 December 2010 - 07:56 PM

Hello

I've been getting some searches re-directed to random ad pages and even pages randomly opening. I have also been occasional Blue Screens with different error messages. Sometimes with IRQL NOT LESS OR EQUAL sometimes not, although I've not installed any new hardware or drivers recently.

I've run MBAM and AntiVir and they've identified and fixed a few infections. The scans are turning up clean now but the problem persists.

I can't generate a DDS log as running dds.scr bluescreens my computer. I've also run GMER but everything turns up clean, although a lot of options on my GMER is greyed out, unlike the tutorial guide. I've attached a screencap of what my GMER looks like.

Any help would be appreciated!

Attached Files

  • Attached File  cap.jpg   59.58KB   2 downloads


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:35 AM

Posted 15 December 2010 - 08:12 AM

Hi,

Welcome to Bleeping Computer. My name is oneof4 and I will be helping you with your log.
Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic box to the right of your topic title and selecting Immediate Notification.


Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.


Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:

Best Regards,
oneof4.


#3 moniker55

moniker55
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 16 December 2010 - 02:11 AM

Yup, still here and computer still being a pain.

Thanks for getting back to me!

#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:35 AM

Posted 17 December 2010 - 08:07 PM

Hello SpiderGat, and :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!
  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

=====

I have a few questions for you:

  • What Operating System are you running?
  • Have you by chance jotted down any of the BSOD codes as they've occured? If not, and you can get the computer to BSOD, please write down the code and include it in your reply.
  • You mention that you have previously run MBAM, and that it removed some infections. Could you check in MBAM for that log file and post it in your next reply.

Also, give this a try:

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

If OTL fails to run in "normal" Windows, try it in "safe mode".

Things I need to see in your next reply:

  • Type of OS
  • BSOD code/s
  • MBAM log/s showing previous infections
  • OTL.txt
  • Extra.txt (attached)

Best Regards,
oneof4.

Best Regards,
oneof4.


#5 moniker55

moniker55
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 17 December 2010 - 09:21 PM

Hi oneof4,

1. Current OS: Windows 7 Ultimate 64-bit

====

2. I did save one BSOD code:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 3081

Additional information about the problem:
BCCode: be
BCP1: 000007FFFFFD0001
BCP2: 82100000049B8025
BCP3: FFFFF880046145C0
BCP4: 000000000000000A
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\120810-15303-01.dmp
C:\Users\Moniker\AppData\Local\Temp\WER-41870-0.sysdata.xml

==

3. I think I may have uninstalled MBAM after I did the first scan, so do not have the log. Stupid, I know. I did a scan after that and this is the log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5246

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/12/2010 4:41:27 PM
mbam-log-2010-12-05 (16-41-27).txt

Scan type: Quick scan
Objects scanned: 157925
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.

====

If it helps, this is the log from an AntiVir scan I did when the problem started:



Avira AntiVir Personal
Report file date: Friday, 3 December 2010 18:25

Scanning for 3110546 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : INTEL-I5

Version information:
BUILD.DAT : 10.0.0.596 31825 Bytes 16/11/2010 15:57:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 3/11/2010 07:24:35
AVSCAN.DLL : 10.0.3.0 46440 Bytes 20/04/2010 09:31:09
LUKE.DLL : 10.0.2.3 104296 Bytes 7/03/2010 07:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 12:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 20:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 12:06:48
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 09:02:28
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 08:12:18
VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/03/2010 10:33:17
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 07:47:01
VBASE006.VDF : 7.10.7.218 2294784 Bytes 2/06/2010 08:31:33
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 13:30:49
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 08:52:24
VBASE009.VDF : 7.10.13.80 2265600 Bytes 2/11/2010 07:24:35
VBASE010.VDF : 7.10.13.81 2048 Bytes 2/11/2010 07:24:35
VBASE011.VDF : 7.10.13.82 2048 Bytes 2/11/2010 07:24:35
VBASE012.VDF : 7.10.13.83 2048 Bytes 2/11/2010 07:24:35
VBASE013.VDF : 7.10.13.116 147968 Bytes 4/11/2010 07:24:55
VBASE014.VDF : 7.10.13.147 146944 Bytes 7/11/2010 08:59:56
VBASE015.VDF : 7.10.13.180 123904 Bytes 9/11/2010 08:58:14
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 08:58:17
VBASE017.VDF : 7.10.13.243 147456 Bytes 15/11/2010 13:23:36
VBASE018.VDF : 7.10.14.15 142848 Bytes 17/11/2010 13:23:37
VBASE019.VDF : 7.10.14.41 134144 Bytes 19/11/2010 13:23:39
VBASE020.VDF : 7.10.14.63 128000 Bytes 22/11/2010 10:43:24
VBASE021.VDF : 7.10.14.87 143872 Bytes 24/11/2010 10:41:19
VBASE022.VDF : 7.10.14.116 140800 Bytes 26/11/2010 08:10:38
VBASE023.VDF : 7.10.14.147 150528 Bytes 30/11/2010 07:09:50
VBASE024.VDF : 7.10.14.148 2048 Bytes 30/11/2010 07:09:51
VBASE025.VDF : 7.10.14.149 2048 Bytes 30/11/2010 07:09:51
VBASE026.VDF : 7.10.14.150 2048 Bytes 30/11/2010 07:09:51
VBASE027.VDF : 7.10.14.151 2048 Bytes 30/11/2010 07:09:52
VBASE028.VDF : 7.10.14.152 2048 Bytes 30/11/2010 07:09:52
VBASE029.VDF : 7.10.14.153 2048 Bytes 30/11/2010 07:09:52
VBASE030.VDF : 7.10.14.154 2048 Bytes 30/11/2010 07:09:53
VBASE031.VDF : 7.10.14.164 49152 Bytes 1/12/2010 07:09:49
Engineversion : 8.2.4.114
AEVDF.DLL : 8.1.2.1 106868 Bytes 30/07/2010 10:04:10
AESCRIPT.DLL : 8.1.3.47 1294716 Bytes 24/11/2010 10:43:55
AESCN.DLL : 8.1.7.2 127349 Bytes 24/11/2010 10:43:49
AESBX.DLL : 8.1.3.2 254324 Bytes 24/11/2010 10:43:58
AERDL.DLL : 8.1.9.2 635252 Bytes 22/09/2010 07:38:39
AEPACK.DLL : 8.2.3.11 471416 Bytes 11/10/2010 22:25:14
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 24/11/2010 10:43:46
AEHEUR.DLL : 8.1.2.46 3088759 Bytes 28/11/2010 08:10:51
AEHELP.DLL : 8.1.15.0 246135 Bytes 28/11/2010 08:10:44
AEGEN.DLL : 8.1.4.2 401781 Bytes 24/11/2010 10:43:34
AEEMU.DLL : 8.1.3.0 393589 Bytes 24/11/2010 10:43:32
AECORE.DLL : 8.1.18.1 196984 Bytes 24/11/2010 10:43:31
AEBB.DLL : 8.1.1.0 53618 Bytes 24/04/2010 08:22:26
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 01:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 01:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 05:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 3/11/2010 07:24:35
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 3/11/2010 07:24:35
AVARKT.DLL : 10.0.0.14 227176 Bytes 20/04/2010 09:31:09
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 25/01/2010 22:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 01:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 04:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 03:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 02:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/11/2010 07:24:35

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4d20ff00\guard_slideup.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Friday, 3 December 2010 18:25

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'gujaplstsbl.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint32.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'nusb3mon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'mvraidsvc.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\izgowq[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\izgowq[1].htm
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Begin scan in 'C:\Windows\Temp\hvftknss.exe'
C:\Windows\Temp\hvftknss.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\iztbjhowu[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\iztbjhowu[1].htm
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
Begin scan in 'C:\Windows\Temp\spjop.exe'
C:\Windows\Temp\spjop.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\sjnlgn[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\sjnlgn[1].htm
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan

Beginning disinfection:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\sjnlgn[1].htm
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '48713f7c.qua'.
C:\Windows\Temp\spjop.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '50e210d1.qua'.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\iztbjhowu[1].htm
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '02b34a03.qua'.
C:\Windows\Temp\hvftknss.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '64b605c5.qua'.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\izgowq[1].htm
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '213328ff.qua'.


End of the scan: Friday, 3 December 2010 18:25
Used time: 00:00 Minute(s)

The scan has been done completely.

0 Scanned directories
26 Files were scanned
5 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
21 Files not concerned
0 Archives were scanned
0 Warnings
5 Notes

======

4. OTL.txt

OTL logfile created on: 18/12/2010 12:57:15 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Moniker\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.50 Gb Total Space | 13.66 Gb Free Space | 23.35% Space Free | Partition Type: NTFS
Drive D: | 170.90 Gb Total Space | 2.30 Gb Free Space | 1.34% Space Free | Partition Type: NTFS
Drive E: | 702.02 Gb Total Space | 37.79 Gb Free Space | 5.38% Space Free | Partition Type: NTFS
Drive F: | 298.08 Gb Total Space | 10.04 Gb Free Space | 3.37% Space Free | Partition Type: NTFS

Computer Name: INTEL-I5 | User Name: Moniker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/18 12:33:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Moniker\Desktop\OTL.exe
PRC - [2010/12/17 18:15:03 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- D:\uTorrent\uTorrent.exe
PRC - [2010/12/12 11:33:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Mozilla Firefox\firefox.exe
PRC - [2010/12/12 11:33:37 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/09 18:13:03 | 000,267,944 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/03 18:24:35 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/03 18:24:35 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\sched.exe
PRC - [2010/04/27 13:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/30 22:28:54 | 000,135,592 | ---- | M] () -- D:\VideoLAN\VLC\vlc.exe
PRC - [2009/10/06 05:01:30 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
PRC - [2009/04/09 11:38:52 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
PRC - [2008/05/02 04:00:00 | 000,077,824 | ---- | M] () -- D:\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2007/09/25 19:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- D:\FlashGet\flashget.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/03/12 13:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 13:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (SafeList) ==========

MOD - [2010/12/18 12:33:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Moniker\Desktop\OTL.exe
MOD - [2010/08/21 16:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 12:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/14 12:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/06/11 08:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2008/05/02 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- D:\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2007/05/19 03:13:08 | 000,053,329 | ---- | M] (www.flashget.com) -- D:\FlashGet\fgmgr.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/04 01:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/30 20:43:47 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 12:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/05/02 02:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/12/09 18:13:03 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/03 18:24:35 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/12/30 20:41:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/06 05:01:30 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/09 11:38:52 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/11/24 21:44:03 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/04 01:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/27 12:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 12:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2009/10/10 09:55:56 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2009/08/24 01:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/21 03:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/13 19:10:42 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/14 12:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 12:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 07:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/02/29 03:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008/02/29 03:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008/02/29 03:16:20 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2010/02/01 20:19:43 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/02/08 05:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006/03/18 13:24:59 | 000,026,844 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\scdemu.sys -- (SCDEmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012



IE - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 75 1F C6 4B 9A CB 01 [binary data]
IE - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{684BF74F-01F3-445B-B77D-A99E67C735E0}: C:\Windows\system32\config\systemprofile\AppData\Local\{684BF74F-01F3-445B-B77D-A99E67C735E0}\ [2010/12/03 16:36:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DB258BB9-3561-4709-B026-333B9A4E925F}: C:\Users\Moniker\AppData\Local\{DB258BB9-3561-4709-B026-333B9A4E925F}\ [2010/12/03 18:30:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: D:\Mozilla Thunderbird\components [2010/07/15 00:06:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: D:\Mozilla Thunderbird\plugins

[2010/03/13 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\Moniker\AppData\Roaming\Mozilla\Extensions
[2010/03/13 15:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moniker\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/04 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\Moniker\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com

O1 HOSTS File: ([2010/01/17 22:29:26 | 000,374,019 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 12886 more lines...
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [pnfengxg] C:\Windows\TEMP\hkuaqcuon\gujaplstsbl.exe File not found
O4 - HKU\.DEFAULT..\Run: [Ptukewejogux] C:\Windows\SysWow64\config\systemprofile\AppData\Local\kbcevicp.DLL File not found
O4 - HKU\S-1-5-18..\Run: [pnfengxg] C:\Windows\TEMP\hkuaqcuon\gujaplstsbl.exe File not found
O4 - HKU\S-1-5-18..\Run: [Ptukewejogux] C:\Windows\SysWow64\config\systemprofile\AppData\Local\kbcevicp.DLL File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 1
O7 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - D:\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - D:\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: &Download All with FlashGet - D:\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - D:\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O15 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fb45a1cd-f3b5-11de-8727-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fb45a1cd-f3b5-11de-8727-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/18 12:33:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Moniker\Desktop\OTL.exe
[2010/12/14 21:57:46 | 000,000,000 | ---D | C] -- C:\Users\Moniker\Documents\PhotobookShop.com.au Projects
[2010/12/14 21:57:46 | 000,000,000 | ---D | C] -- C:\Users\Moniker\AppData\Roaming\PhotobookShop.com.au
[2010/12/12 11:37:57 | 002,790,864 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Moniker\Desktop\install_flash_player.exe
[2010/12/09 21:52:42 | 000,000,000 | ---D | C] -- C:\Users\Moniker\Desktop\oic
[2010/12/07 23:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/12/07 21:43:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/07 01:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/07 01:23:42 | 009,852,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Moniker\Desktop\SUPERAntiSpyware.exe
[2010/12/05 15:18:41 | 000,000,000 | ---D | C] -- C:\Users\Moniker\AppData\Roaming\Malwarebytes
[2010/12/05 15:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/05 15:17:52 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/05 15:01:51 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Moniker\Desktop\tool.exe
[2010/12/03 18:30:04 | 000,000,000 | ---D | C] -- C:\Users\Moniker\AppData\Local\{DB258BB9-3561-4709-B026-333B9A4E925F}
[2010/12/02 19:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Absolutist
[2010/12/02 19:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReflexiveArcade
[2010/11/22 20:34:56 | 000,000,000 | ---D | C] -- C:\Users\Moniker\Desktop\FN9980301-PI
[2010/11/21 19:19:29 | 000,000,000 | ---D | C] -- C:\Users\Moniker\Desktop\annual report 2010

========== Files - Modified Within 30 Days ==========

[2010/12/18 12:51:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/18 12:33:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Moniker\Desktop\OTL.exe
[2010/12/18 12:14:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2852138477-4021311692-3492553013-1000UA.job
[2010/12/18 12:07:45 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/18 12:07:45 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/18 12:07:00 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/18 12:07:00 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/18 12:07:00 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/18 12:02:57 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/18 12:02:54 | 000,036,416 | ---- | M] () -- C:\Windows\za_mv_raid.ev
[2010/12/18 12:02:54 | 000,000,096 | ---- | M] () -- C:\Windows\za_mv_seqnum.ev
[2010/12/18 12:02:51 | 000,000,008 | ---- | M] () -- C:\Windows\mvraidver.dat
[2010/12/18 12:02:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/18 12:02:26 | 3214,483,456 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/17 23:54:38 | 000,090,697 | ---- | M] () -- C:\Users\Moniker\Desktop\20091008---IMG_7734.jpg
[2010/12/17 23:41:07 | 000,094,361 | ---- | M] () -- C:\Users\Moniker\Desktop\20091009---IMG_7739.jpg
[2010/12/17 23:09:46 | 000,027,542 | ---- | M] () -- C:\Users\Moniker\Desktop\Travel Insurance Direct Australia Policy Certificate.pdf
[2010/12/17 20:13:30 | 000,000,162 | -H-- | M] () -- C:\Users\Moniker\Desktop\~$mories.doc
[2010/12/17 01:57:14 | 000,153,943 | ---- | M] () -- C:\Users\Moniker\Desktop\20090724 - IMG_7162.jpg
[2010/12/17 01:53:52 | 000,184,592 | ---- | M] () -- C:\Users\Moniker\Desktop\20080128 - IMG_1914.JPG
[2010/12/17 01:52:16 | 000,253,285 | ---- | M] () -- C:\Users\Moniker\Desktop\20080128 - IMG_1940.JPG
[2010/12/17 01:44:40 | 000,157,701 | ---- | M] () -- C:\Users\Moniker\Desktop\20101023 - IMG_1252.jpg
[2010/12/17 01:43:58 | 000,194,035 | ---- | M] () -- C:\Users\Moniker\Desktop\20101023 - IMG_1228.jpg
[2010/12/17 01:43:31 | 000,157,605 | ---- | M] () -- C:\Users\Moniker\Desktop\20101023 - IMG_1229.jpg
[2010/12/17 01:43:06 | 000,148,994 | ---- | M] () -- C:\Users\Moniker\Desktop\20101023 - IMG_1248.jpg
[2010/12/17 01:37:54 | 001,444,704 | ---- | M] () -- C:\Users\Moniker\Desktop\20101114 D7267 Bowen Mountain (Custom).jpg
[2010/12/17 01:27:51 | 000,435,950 | ---- | M] () -- C:\Users\Moniker\Desktop\20100825 - IMG_1098.JPG
[2010/12/17 01:27:34 | 006,894,996 | ---- | M] () -- C:\Users\Moniker\Desktop\20101114 D7261 Bowen Mountain.jpg
[2010/12/17 01:22:58 | 000,459,789 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 D7403 Port Kembla (Custom).jpg
[2010/12/17 01:21:49 | 001,162,594 | ---- | M] () -- C:\Users\Moniker\Desktop\20101114 D7246 Bowen Mountain (Custom).jpg
[2010/12/17 01:18:40 | 000,250,684 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1701.JPG
[2010/12/17 01:18:27 | 000,364,711 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1712.JPG
[2010/12/17 01:13:44 | 000,883,967 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 D7390 Port Kembla (Custom).jpg
[2010/12/17 01:08:53 | 000,417,159 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 D7410 Port Kembla (Custom).jpg
[2010/12/17 01:03:49 | 001,103,425 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 D7298 Port Kembla (Custom).jpg
[2010/12/17 01:03:49 | 000,674,447 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 D7322 Port Kembla (Custom).jpg
[2010/12/15 16:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/12/14 22:14:39 | 000,002,048 | ---- | M] () -- C:\Users\Moniker\AppData\Roaming\PhotobookShop.com.au Prefs
[2010/12/14 21:57:31 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\PhotobookShop.com.au.lnk
[2010/12/14 21:48:25 | 119,809,041 | ---- | M] () -- C:\Users\Moniker\Desktop\PhotobookShopDesigner.exe
[2010/12/13 08:35:00 | 000,028,160 | ---- | M] () -- C:\Users\Moniker\Desktop\Memories.doc
[2010/12/13 04:14:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2852138477-4021311692-3492553013-1000Core.job
[2010/12/12 19:02:14 | 007,982,379 | ---- | M] () -- C:\Users\Moniker\Desktop\Annual Report 2008.pdf
[2010/12/12 18:55:00 | 002,483,559 | ---- | M] () -- C:\Users\Moniker\Desktop\Annual Report 2010.pdf
[2010/12/12 18:53:28 | 000,132,312 | ---- | M] () -- C:\Users\Moniker\Desktop\annual report covercdr-w.pdf
[2010/12/12 18:52:26 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/12 18:48:10 | 002,393,989 | ---- | M] () -- C:\Users\Moniker\Desktop\Annual Report 2010-w.pdf
[2010/12/12 11:37:58 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Moniker\Desktop\install_flash_player.exe
[2010/12/10 07:50:00 | 000,033,792 | ---- | M] () -- C:\Users\Moniker\Desktop\OIC - App.doc
[2010/12/10 02:27:56 | 000,059,904 | ---- | M] () -- C:\Users\Moniker\Desktop\OIC - CV.doc
[2010/12/09 19:22:56 | 000,318,630 | ---- | M] () -- C:\Users\Moniker\Desktop\563.mp3
[2010/12/08 11:43:00 | 000,061,014 | ---- | M] () -- C:\Users\Moniker\Desktop\cap.jpg
[2010/12/08 11:24:15 | 000,288,107 | ---- | M] () -- C:\Users\Moniker\Desktop\gmer.zip
[2010/12/08 11:06:29 | 000,000,000 | ---- | M] () -- C:\Users\Moniker\defogger_reenable
[2010/12/08 11:06:15 | 000,050,477 | ---- | M] () -- C:\Users\Moniker\Desktop\Defogger.exe
[2010/12/08 10:31:43 | 000,792,064 | ---- | M] () -- C:\Users\Moniker\Desktop\Home Program - x (VN)(E).doc
[2010/12/07 23:43:50 | 002,672,312 | ---- | M] () -- C:\Users\Moniker\Desktop\esetsmartinstaller_enu.exe
[2010/12/07 23:36:59 | 000,624,128 | ---- | M] () -- C:\Users\Moniker\Desktop\dds.scr
[2010/12/07 21:46:09 | 000,660,752 | ---- | M] () -- C:\Users\Moniker\Desktop\eXplorer.exe
[2010/12/07 21:43:42 | 000,000,626 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/07 01:24:27 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Moniker\Desktop\SUPERAntiSpyware.exe
[2010/12/05 15:02:36 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Moniker\Desktop\tool.exe
[2010/12/04 12:14:57 | 000,000,133 | ---- | M] () -- C:\Windows\WININIT.INI
[2010/12/02 19:19:55 | 000,000,657 | ---- | M] () -- C:\Users\Moniker\Desktop\Bubble Shooter Premium Edition.lnk
[2010/11/29 23:28:01 | 000,048,128 | ---- | M] () -- C:\Users\Moniker\Desktop\Job Description.doc
[2010/11/29 22:47:16 | 001,415,369 | ---- | M] () -- C:\Users\Moniker\Desktop\20100306 - IMG_9948.JPG
[2010/11/29 21:08:29 | 000,137,592 | ---- | M] () -- C:\Users\Moniker\Desktop\monkey&chicken.jpg
[2010/11/29 21:01:17 | 000,023,837 | ---- | M] () -- C:\Users\Moniker\Desktop\chicken.jpg
[2010/11/29 20:38:20 | 000,239,552 | ---- | M] () -- C:\Users\Moniker\Desktop\20100220 - IMG_9430.jpg
[2010/11/29 20:38:11 | 000,220,722 | ---- | M] () -- C:\Users\Moniker\Desktop\20100220 - IMG_9198.jpg
[2010/11/29 20:24:20 | 002,901,096 | ---- | M] () -- C:\Users\Moniker\Desktop\20101114 - IMG_1363.JPG
[2010/11/29 20:10:44 | 000,763,746 | ---- | M] () -- C:\Users\Moniker\Desktop\20101122 - IMG_1400.JPG
[2010/11/29 19:55:43 | 001,831,366 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1587.JPG
[2010/11/29 19:55:41 | 002,819,692 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1583.JPG
[2010/11/29 19:55:39 | 002,153,736 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1579.JPG
[2010/11/29 19:55:38 | 001,281,092 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1577.JPG
[2010/11/29 19:55:37 | 001,375,106 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1575.JPG
[2010/11/29 18:02:43 | 000,193,536 | ---- | M] () -- C:\Users\Moniker\Desktop\info_pack_2010.doc
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/27 13:06:06 | 000,165,143 | ---- | M] () -- C:\Users\Moniker\Desktop\sigma2.jpg
[2010/11/27 13:05:15 | 000,197,952 | ---- | M] () -- C:\Users\Moniker\Desktop\sigma1.jpg
[2010/11/27 11:26:32 | 030,254,480 | ---- | M] () -- C:\Users\Moniker\Desktop\20101127 - IMG_1548.tif
[2010/11/27 11:26:30 | 030,268,956 | ---- | M] () -- C:\Users\Moniker\Desktop\20101124 - IMG_1462.tif
[2010/11/27 11:26:30 | 030,255,574 | ---- | M] () -- C:\Users\Moniker\Desktop\20101127 - IMG_1544.tif
[2010/11/24 21:44:03 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/11/24 13:50:37 | 095,505,429 | ---- | M] () -- C:\Users\Moniker\Desktop\annual report covercdr.cdr
[2010/11/24 13:37:39 | 024,955,749 | ---- | M] () -- C:\Users\Moniker\Desktop\annual report covercdr2.pdf
[2010/11/24 13:36:55 | 024,955,344 | ---- | M] () -- C:\Users\Moniker\Desktop\annual report covercdr.pdf
[2010/11/24 13:36:18 | 095,515,213 | ---- | M] () -- C:\Users\Moniker\Desktop\Backup_of_annual report covercdr.cdr
[2010/11/24 12:27:51 | 025,471,274 | ---- | M] () -- C:\Users\Moniker\Desktop\Annual Report 2010 - Final for print.pdf
[2010/11/24 12:26:38 | 017,182,720 | ---- | M] () -- C:\Users\Moniker\Desktop\annual report.indd
[2010/11/23 16:55:25 | 000,032,085 | ---- | M] () -- C:\Users\Moniker\Desktop\919074250-1-1-OFFUAC.pdf
[2010/11/23 08:00:40 | 018,480,845 | ---- | M] () -- C:\Users\Moniker\Desktop\annual repor-testt.pdf
[2010/11/22 23:28:05 | 000,052,140 | ---- | M] () -- C:\Users\Moniker\Desktop\Annual Report 2009-2.pdf
[2010/11/22 20:34:02 | 012,319,848 | ---- | M] () -- C:\Users\Moniker\Desktop\FN9980301-PI.ZIP

========== Files Created - No Company Name ==========

[2010/12/17 23:54:38 | 000,090,697 | ---- | C] () -- C:\Users\Moniker\Desktop\20091008---IMG_7734.jpg
[2010/12/17 23:41:07 | 000,094,361 | ---- | C] () -- C:\Users\Moniker\Desktop\20091009---IMG_7739.jpg
[2010/12/17 23:09:46 | 000,027,542 | ---- | C] () -- C:\Users\Moniker\Desktop\Travel Insurance Direct Australia Policy Certificate.pdf
[2010/12/17 20:13:30 | 000,000,162 | -H-- | C] () -- C:\Users\Moniker\Desktop\~$mories.doc
[2010/12/17 01:57:11 | 000,153,943 | ---- | C] () -- C:\Users\Moniker\Desktop\20090724 - IMG_7162.jpg
[2010/12/17 01:53:52 | 000,184,592 | ---- | C] () -- C:\Users\Moniker\Desktop\20080128 - IMG_1914.JPG
[2010/12/17 01:52:16 | 000,253,285 | ---- | C] () -- C:\Users\Moniker\Desktop\20080128 - IMG_1940.JPG
[2010/12/17 01:44:38 | 000,157,701 | ---- | C] () -- C:\Users\Moniker\Desktop\20101023 - IMG_1252.jpg
[2010/12/17 01:43:57 | 000,194,035 | ---- | C] () -- C:\Users\Moniker\Desktop\20101023 - IMG_1228.jpg
[2010/12/17 01:43:29 | 000,157,605 | ---- | C] () -- C:\Users\Moniker\Desktop\20101023 - IMG_1229.jpg
[2010/12/17 01:43:03 | 000,148,994 | ---- | C] () -- C:\Users\Moniker\Desktop\20101023 - IMG_1248.jpg
[2010/12/17 01:37:14 | 001,444,704 | ---- | C] () -- C:\Users\Moniker\Desktop\20101114 D7267 Bowen Mountain (Custom).jpg
[2010/12/17 01:27:51 | 000,435,950 | ---- | C] () -- C:\Users\Moniker\Desktop\20100825 - IMG_1098.JPG
[2010/12/17 01:24:56 | 006,894,996 | ---- | C] () -- C:\Users\Moniker\Desktop\20101114 D7261 Bowen Mountain.jpg
[2010/12/17 01:22:38 | 000,459,789 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 D7403 Port Kembla (Custom).jpg
[2010/12/17 01:21:09 | 001,162,594 | ---- | C] () -- C:\Users\Moniker\Desktop\20101114 D7246 Bowen Mountain (Custom).jpg
[2010/12/17 01:14:52 | 000,364,711 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1712.JPG
[2010/12/17 01:14:51 | 000,250,684 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1701.JPG
[2010/12/17 01:13:16 | 000,883,967 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 D7390 Port Kembla (Custom).jpg
[2010/12/17 01:08:34 | 000,417,159 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 D7410 Port Kembla (Custom).jpg
[2010/12/17 00:59:41 | 000,674,447 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 D7322 Port Kembla (Custom).jpg
[2010/12/17 00:58:44 | 001,103,425 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 D7298 Port Kembla (Custom).jpg
[2010/12/14 21:57:59 | 000,002,048 | ---- | C] () -- C:\Users\Moniker\AppData\Roaming\PhotobookShop.com.au Prefs
[2010/12/14 21:57:31 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\PhotobookShop.com.au.lnk
[2010/12/14 21:43:07 | 119,809,041 | ---- | C] () -- C:\Users\Moniker\Desktop\PhotobookShopDesigner.exe
[2010/12/12 19:02:03 | 007,982,379 | ---- | C] () -- C:\Users\Moniker\Desktop\Annual Report 2008.pdf
[2010/12/12 19:01:26 | 007,982,018 | ---- | C] () -- C:\Users\Moniker\Desktop\VCA_Annual_Report_2008.pdf
[2010/12/12 18:53:28 | 000,132,312 | ---- | C] () -- C:\Users\Moniker\Desktop\annual report covercdr-w.pdf
[2010/12/12 18:47:31 | 002,393,989 | ---- | C] () -- C:\Users\Moniker\Desktop\Annual Report 2010-w.pdf
[2010/12/10 01:20:11 | 000,059,904 | ---- | C] () -- C:\Users\Moniker\Desktop\OIC - CV.doc
[2010/12/09 19:22:56 | 000,318,630 | ---- | C] () -- C:\Users\Moniker\Desktop\563.mp3
[2010/12/08 20:35:46 | 000,033,792 | ---- | C] () -- C:\Users\Moniker\Desktop\OIC - App.doc
[2010/12/08 11:42:56 | 000,061,014 | ---- | C] () -- C:\Users\Moniker\Desktop\cap.jpg
[2010/12/08 11:24:15 | 000,288,107 | ---- | C] () -- C:\Users\Moniker\Desktop\gmer.zip
[2010/12/08 11:06:29 | 000,000,000 | ---- | C] () -- C:\Users\Moniker\defogger_reenable
[2010/12/08 11:06:15 | 000,050,477 | ---- | C] () -- C:\Users\Moniker\Desktop\Defogger.exe
[2010/12/07 23:43:45 | 002,672,312 | ---- | C] () -- C:\Users\Moniker\Desktop\esetsmartinstaller_enu.exe
[2010/12/07 23:36:55 | 000,624,128 | ---- | C] () -- C:\Users\Moniker\Desktop\dds.scr
[2010/12/07 21:46:03 | 000,660,752 | ---- | C] () -- C:\Users\Moniker\Desktop\eXplorer.exe
[2010/12/07 21:43:42 | 000,000,626 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/07 21:16:17 | 000,792,064 | ---- | C] () -- C:\Users\Moniker\Desktop\Home Program - x (VN)(E).doc
[2010/12/03 22:10:09 | 000,028,160 | ---- | C] () -- C:\Users\Moniker\Desktop\Memories.doc
[2010/12/02 19:19:55 | 000,000,657 | ---- | C] () -- C:\Users\Moniker\Desktop\Bubble Shooter Premium Edition.lnk
[2010/12/02 19:19:20 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/11/29 23:27:59 | 000,048,128 | ---- | C] () -- C:\Users\Moniker\Desktop\Job Description.doc
[2010/11/29 22:47:16 | 001,415,369 | ---- | C] () -- C:\Users\Moniker\Desktop\20100306 - IMG_9948.JPG
[2010/11/29 21:08:27 | 000,137,592 | ---- | C] () -- C:\Users\Moniker\Desktop\monkey&chicken.jpg
[2010/11/29 21:01:16 | 000,023,837 | ---- | C] () -- C:\Users\Moniker\Desktop\chicken.jpg
[2010/11/29 20:38:18 | 000,239,552 | ---- | C] () -- C:\Users\Moniker\Desktop\20100220 - IMG_9430.jpg
[2010/11/29 20:38:09 | 000,220,722 | ---- | C] () -- C:\Users\Moniker\Desktop\20100220 - IMG_9198.jpg
[2010/11/29 20:24:20 | 002,901,096 | ---- | C] () -- C:\Users\Moniker\Desktop\20101114 - IMG_1363.JPG
[2010/11/29 20:10:44 | 000,763,746 | ---- | C] () -- C:\Users\Moniker\Desktop\20101122 - IMG_1400.JPG
[2010/11/29 19:55:42 | 001,831,366 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1587.JPG
[2010/11/29 19:55:41 | 002,819,692 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1583.JPG
[2010/11/29 19:55:39 | 002,153,736 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1579.JPG
[2010/11/29 19:55:38 | 001,281,092 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1577.JPG
[2010/11/29 19:55:37 | 001,375,106 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1575.JPG
[2010/11/29 18:02:42 | 000,193,536 | ---- | C] () -- C:\Users\Moniker\Desktop\info_pack_2010.doc
[2010/11/27 13:06:04 | 000,165,143 | ---- | C] () -- C:\Users\Moniker\Desktop\sigma2.jpg
[2010/11/27 13:05:13 | 000,197,952 | ---- | C] () -- C:\Users\Moniker\Desktop\sigma1.jpg
[2010/11/27 11:26:32 | 030,254,480 | ---- | C] () -- C:\Users\Moniker\Desktop\20101127 - IMG_1548.tif
[2010/11/27 11:26:30 | 030,255,574 | ---- | C] () -- C:\Users\Moniker\Desktop\20101127 - IMG_1544.tif
[2010/11/27 11:26:29 | 030,268,956 | ---- | C] () -- C:\Users\Moniker\Desktop\20101124 - IMG_1462.tif
[2010/11/24 13:37:33 | 024,955,749 | ---- | C] () -- C:\Users\Moniker\Desktop\annual report covercdr2.pdf
[2010/11/24 13:36:49 | 024,955,344 | ---- | C] () -- C:\Users\Moniker\Desktop\annual report covercdr.pdf
[2010/11/24 13:35:31 | 095,515,213 | ---- | C] () -- C:\Users\Moniker\Desktop\Backup_of_annual report covercdr.cdr
[2010/11/24 13:34:12 | 095,505,429 | ---- | C] () -- C:\Users\Moniker\Desktop\annual report covercdr.cdr
[2010/11/24 12:22:53 | 025,471,274 | ---- | C] () -- C:\Users\Moniker\Desktop\Annual Report 2010 - Final for print.pdf
[2010/11/24 12:22:53 | 002,483,559 | ---- | C] () -- C:\Users\Moniker\Desktop\Annual Report 2010.pdf
[2010/11/23 16:55:25 | 000,032,085 | ---- | C] () -- C:\Users\Moniker\Desktop\919074250-1-1-OFFUAC.pdf
[2010/11/23 01:34:50 | 018,480,845 | ---- | C] () -- C:\Users\Moniker\Desktop\annual repor-testt.pdf
[2010/11/22 23:27:52 | 000,052,140 | ---- | C] () -- C:\Users\Moniker\Desktop\Annual Report 2009-2.pdf
[2010/11/22 20:32:59 | 012,319,848 | ---- | C] () -- C:\Users\Moniker\Desktop\FN9980301-PI.ZIP
[2010/07/07 01:08:08 | 000,000,133 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/07/05 00:29:14 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/05 00:29:14 | 000,000,008 | RHS- | C] () -- C:\ProgramData\11921552D0.sys
[2010/04/03 12:05:15 | 000,004,608 | ---- | C] () -- C:\Users\Moniker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 22:22:31 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/29 22:57:03 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/12/29 22:26:50 | 000,000,760 | ---- | C] () -- C:\Users\Moniker\AppData\Roaming\setup_ldm.iss
[2009/12/29 01:33:00 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/29 00:51:51 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/10/01 04:18:26 | 000,050,360 | ---- | C] () -- C:\Windows\php.ini
[2009/09/30 08:16:26 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== Files - Unicode (All) ==========
[2010/12/05 13:53:28 | 000,000,000 | ---D | M](C:\Users\Moniker\Desktop\T?p 01_files) -- C:\Users\Moniker\Desktop\Tập 01_files
[2010/12/05 13:53:27 | 000,047,493 | ---- | M] ()(C:\Users\Moniker\Desktop\T?p 01.htm) -- C:\Users\Moniker\Desktop\Tập 01.htm
[2010/12/05 13:53:27 | 000,000,000 | ---D | C](C:\Users\Moniker\Desktop\T?p 01_files) -- C:\Users\Moniker\Desktop\Tập 01_files
[2010/08/06 22:41:06 | 000,047,493 | ---- | C] ()(C:\Users\Moniker\Desktop\T?p 01.htm) -- C:\Users\Moniker\Desktop\Tập 01.htm
[2010/07/25 01:41:58 | 000,005,795 | ---- | M] ()(C:\Users\Moniker\Desktop\T?p 01 http.htm) -- C:\Users\Moniker\Desktop\Tập 01 http.htm
[2010/07/24 00:47:49 | 000,005,795 | ---- | C] ()(C:\Users\Moniker\Desktop\T?p 01 http.htm) -- C:\Users\Moniker\Desktop\Tập 01 http.htm

< End of report >

Attached Files



#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:35 AM

Posted 21 December 2010 - 02:40 PM

Hello moniker55 :)


I notice from your scan log that you have installed on your machine one or more peer-to-peer file sharing programs. Please follow these instructions to remove it: Click on Start > Control Panel > Programs and Features > Uninstall a program, then go down the list and choose the following:

  • uTorrent
Then choose Uninstall

We do not ask you to do this without reason.

P2P programs form a direct conduit into your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further, if your P2P program is not configured correctly you may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P progam.
http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We may possibly be wasting our time in cleaning your machine if you continue to use P2P programs, as it is pretty much certain that if you continue to use them then you will get infected again.

======

Click on Start > Control Panel > Programs and Features > Unistall a Program. Go down the list and click on the following programs if they exist:

  • Adobe AIR
  • FlashGet 1.9.6.1073
  • PowerISO

Then, choose Uninstall for each.

Next, use Windows Explorer to navigate to the following folder:

D:\Spybot

Right-click on the folder, and choose Delete.

Reboot your computer.

======

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    PRC - [2010/12/17 18:15:03 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- D:\uTorrent\uTorrent.exe
    PRC - [2007/09/25 19:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- D:\FlashGet\flashget.exe 
    MOD - [2007/05/19 03:13:08 | 000,053,329 | ---- | M] (www.flashget.com) -- D:\FlashGet\fgmgr.dll
    O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll (www.flashget.com)
    O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll (www.flashget.com)
    O8:64bit: - Extra context menu item: &Download All with FlashGet - D:\FlashGet\JC_ALL.HTM ()
    O8:64bit: - Extra context menu item: &Download with FlashGet - D:\FlashGet\JC_LINK.HTM ()
    O8 - Extra context menu item: &Download All with FlashGet - D:\FlashGet\JC_ALL.HTM ()
    O8 - Extra context menu item: &Download with FlashGet - D:\FlashGet\JC_LINK.HTM ()
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe (FlashGet.com)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
    [2010/12/15 16:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At1.job
    [2010/04/03 12:05:15 | 000,004,608 | ---- | C] () -- C:\Users\Moniker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/12/29 22:57:03 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
    O4 - HKU\.DEFAULT..\Run: [pnfengxg] C:\Windows\TEMP\hkuaqcuon\gujaplstsbl.exe File not found
    O4 - HKU\.DEFAULT..\Run: [Ptukewejogux] C:\Windows\SysWow64\config\systemprofile\AppData\Local\kbcevicp.DLL File not found
    O4 - HKU\S-1-5-18..\Run: [pnfengxg] C:\Windows\TEMP\hkuaqcuon\gujaplstsbl.exe File not found
    O4 - HKU\S-1-5-18..\Run: [Ptukewejogux] C:\Windows\SysWow64\config\systemprofile\AppData\Local\kbcevicp.DLL File not found
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


Best Regards,
oneof4.

Best Regards,
oneof4.


#7 moniker55

moniker55
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 21 December 2010 - 05:30 PM

Hi oneof4,

Report after running the fix:

========== OTL ==========
No active process named uTorrent.exe was found!
No active process named flashget.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\ not found.
File D:\FlashGet\jccatch.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F156768E-81EF-470C-9057-481BA8380DBA}\ not found.
File D:\FlashGet\getflash.dll not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download All with FlashGet\ not found.
File D:\FlashGet\JC_ALL.HTM not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download with FlashGet\ not found.
File D:\FlashGet\JC_LINK.HTM not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download All with FlashGet\ not found.
File D:\FlashGet\JC_ALL.HTM not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download with FlashGet\ not found.
File D:\FlashGet\JC_LINK.HTM not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}\ not found.
File D:\FlashGet\flashget.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}\ not found.
File D:\FlashGet\flashget.exe not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Windows\Tasks\At1.job moved successfully.
C:\Users\Moniker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Windows\libem.INI moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\pnfengxg deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Ptukewejogux deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\pnfengxg not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Ptukewejogux not found.

OTL by OldTimer - Version 3.2.17.3 log created on 12222010_092724

#8 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:35 AM

Posted 22 December 2010 - 06:13 PM

Hey moniker55 :santa:

Looking good! Now please perform the following:

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Next,

Update MBAM, and run a scan. Then include the scan results in your next reply.

Also,

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Things I need to see in your next reply:

  • OTL.txt
  • MBAM Log
  • ESET Results
  • How is your computer running now?


Best Regards,
oneof4.

Best Regards,
oneof4.


#9 moniker55

moniker55
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 25 December 2010 - 02:07 AM

Hi oneof4,

Firstly, merry Christmas to you! Hope the holidays find you well.

Frustratingly, my computer has has still been having the same symptoms, i.e. sometimes blue screens then restarts, searches re-direct, random pop-ups... I have some of the error messages from the BSOD if that helps.

ESET and MBAM are reporting no infections. Here is the OTL.txt:

OTL logfile created on: 23/12/2010 10:58:34 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Moniker\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.50 Gb Total Space | 13.41 Gb Free Space | 22.93% Space Free | Partition Type: NTFS
Drive D: | 170.90 Gb Total Space | 2.30 Gb Free Space | 1.35% Space Free | Partition Type: NTFS
Drive E: | 702.02 Gb Total Space | 23.74 Gb Free Space | 3.38% Space Free | Partition Type: NTFS
Drive F: | 298.08 Gb Total Space | 10.04 Gb Free Space | 3.37% Space Free | Partition Type: NTFS

Computer Name: INTEL-I5 | User Name: Moniker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/18 12:33:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Moniker\Desktop\OTL.exe
PRC - [2010/12/12 11:33:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Mozilla Firefox\firefox.exe
PRC - [2010/12/09 18:13:03 | 000,267,944 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/03 18:24:35 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/03 18:24:35 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\sched.exe
PRC - [2010/04/27 13:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/06 05:01:30 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
PRC - [2009/04/09 11:38:52 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
PRC - [2008/05/02 04:00:00 | 000,077,824 | ---- | M] () -- D:\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/03/12 13:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 13:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (SafeList) ==========

MOD - [2010/12/18 12:33:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Moniker\Desktop\OTL.exe
MOD - [2010/08/21 16:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 12:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/14 12:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/06/11 08:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2008/05/02 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- D:\Logitech\SetPoint\x86\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/04 01:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/30 20:43:47 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 12:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/05/02 02:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/12/09 18:13:03 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/03 18:24:35 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/12/30 20:41:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/06 05:01:30 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/09 11:38:52 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/11/24 21:44:03 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/04 01:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/27 12:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 12:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2009/10/10 09:55:56 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2009/08/24 01:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/21 03:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/13 19:10:42 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/14 12:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 12:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 07:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/02/29 03:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008/02/29 03:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008/02/29 03:16:20 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2010/02/01 20:19:43 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/02/08 05:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012



IE - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 75 1F C6 4B 9A CB 01 [binary data]
IE - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{684BF74F-01F3-445B-B77D-A99E67C735E0}: C:\Windows\system32\config\systemprofile\AppData\Local\{684BF74F-01F3-445B-B77D-A99E67C735E0}\ [2010/12/03 16:36:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DB258BB9-3561-4709-B026-333B9A4E925F}: C:\Users\Moniker\AppData\Local\{DB258BB9-3561-4709-B026-333B9A4E925F}\ [2010/12/03 18:30:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: D:\Mozilla Firefox\components [2010/12/12 11:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010/12/12 11:33:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: D:\Mozilla Thunderbird\components [2010/07/15 00:06:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: D:\Mozilla Thunderbird\plugins

[2010/03/13 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\Moniker\AppData\Roaming\Mozilla\Extensions
[2010/03/13 15:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moniker\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/04 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\Moniker\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com

O1 HOSTS File: ([2010/01/17 22:29:26 | 000,374,019 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 12886 more lines...
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 1
O7 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O15 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-2852138477-4021311692-3492553013-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fb45a1cd-f3b5-11de-8727-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fb45a1cd-f3b5-11de-8727-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/22 09:27:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/22 09:15:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/18 12:33:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Moniker\Desktop\OTL.exe
[2010/12/14 21:57:46 | 000,000,000 | ---D | C] -- C:\Users\Moniker\Documents\PhotobookShop.com.au Projects
[2010/12/14 21:57:46 | 000,000,000 | ---D | C] -- C:\Users\Moniker\AppData\Roaming\PhotobookShop.com.au
[2010/12/12 11:37:57 | 002,790,864 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Moniker\Desktop\install_flash_player.exe
[2010/12/09 21:52:42 | 000,000,000 | ---D | C] -- C:\Users\Moniker\Desktop\oic
[2010/12/07 23:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/12/07 21:43:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/07 01:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/07 01:23:42 | 009,852,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Moniker\Desktop\SUPERAntiSpyware.exe
[2010/12/05 15:18:41 | 000,000,000 | ---D | C] -- C:\Users\Moniker\AppData\Roaming\Malwarebytes
[2010/12/05 15:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/05 15:17:52 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/05 15:01:51 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Moniker\Desktop\tool.exe
[2010/12/03 18:30:04 | 000,000,000 | ---D | C] -- C:\Users\Moniker\AppData\Local\{DB258BB9-3561-4709-B026-333B9A4E925F}
[2010/12/02 19:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Absolutist
[2010/12/02 19:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReflexiveArcade

========== Files - Modified Within 30 Days ==========

[2010/12/23 22:53:50 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/23 22:53:50 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/23 22:52:52 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/23 22:52:52 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/23 22:52:52 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/23 22:51:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/23 22:48:52 | 000,038,912 | ---- | M] () -- C:\Windows\za_mv_raid.ev
[2010/12/23 22:48:52 | 000,000,096 | ---- | M] () -- C:\Windows\za_mv_seqnum.ev
[2010/12/23 22:48:50 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/23 22:48:49 | 000,000,008 | ---- | M] () -- C:\Windows\mvraidver.dat
[2010/12/23 22:48:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/23 22:48:21 | 3214,483,456 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/23 00:14:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2852138477-4021311692-3492553013-1000UA.job
[2010/12/22 04:14:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2852138477-4021311692-3492553013-1000Core.job
[2010/12/18 12:33:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Moniker\Desktop\OTL.exe
[2010/12/17 23:09:46 | 000,027,542 | ---- | M] () -- C:\Users\Moniker\Desktop\Travel Insurance Direct Australia Policy Certificate.pdf
[2010/12/17 01:37:54 | 001,444,704 | ---- | M] () -- C:\Users\Moniker\Desktop\20101114 D7267 Bowen Mountain (Custom).jpg
[2010/12/17 01:27:34 | 006,894,996 | ---- | M] () -- C:\Users\Moniker\Desktop\20101114 D7261 Bowen Mountain.jpg
[2010/12/17 01:22:58 | 000,459,789 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 D7403 Port Kembla (Custom).jpg
[2010/12/17 01:21:49 | 001,162,594 | ---- | M] () -- C:\Users\Moniker\Desktop\20101114 D7246 Bowen Mountain (Custom).jpg
[2010/12/17 01:18:40 | 000,250,684 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1701.JPG
[2010/12/17 01:18:27 | 000,364,711 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1712.JPG
[2010/12/17 01:13:44 | 000,883,967 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 D7390 Port Kembla (Custom).jpg
[2010/12/17 01:08:53 | 000,417,159 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 D7410 Port Kembla (Custom).jpg
[2010/12/17 01:03:49 | 001,103,425 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 D7298 Port Kembla (Custom).jpg
[2010/12/17 01:03:49 | 000,674,447 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 D7322 Port Kembla (Custom).jpg
[2010/12/14 22:14:39 | 000,002,048 | ---- | M] () -- C:\Users\Moniker\AppData\Roaming\PhotobookShop.com.au Prefs
[2010/12/14 21:57:31 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\PhotobookShop.com.au.lnk
[2010/12/14 21:48:25 | 119,809,041 | ---- | M] () -- C:\Users\Moniker\Desktop\PhotobookShopDesigner.exe
[2010/12/13 08:35:00 | 000,028,160 | ---- | M] () -- C:\Users\Moniker\Desktop\Memories.doc
[2010/12/12 19:02:14 | 007,982,379 | ---- | M] () -- C:\Users\Moniker\Desktop\Annual Report 2008.pdf
[2010/12/12 18:55:00 | 002,483,559 | ---- | M] () -- C:\Users\Moniker\Desktop\Annual Report 2010.pdf
[2010/12/12 18:53:28 | 000,132,312 | ---- | M] () -- C:\Users\Moniker\Desktop\annual report covercdr-w.pdf
[2010/12/12 18:52:26 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/12 18:48:10 | 002,393,989 | ---- | M] () -- C:\Users\Moniker\Desktop\Annual Report 2010-w.pdf
[2010/12/12 11:37:58 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Moniker\Desktop\install_flash_player.exe
[2010/12/10 07:50:00 | 000,033,792 | ---- | M] () -- C:\Users\Moniker\Desktop\OIC - App.doc
[2010/12/10 02:27:56 | 000,059,904 | ---- | M] () -- C:\Users\Moniker\Desktop\OIC - CV.doc
[2010/12/09 19:22:56 | 000,318,630 | ---- | M] () -- C:\Users\Moniker\Desktop\563.mp3
[2010/12/08 11:43:00 | 000,061,014 | ---- | M] () -- C:\Users\Moniker\Desktop\cap.jpg
[2010/12/08 11:24:15 | 000,288,107 | ---- | M] () -- C:\Users\Moniker\Desktop\gmer.zip
[2010/12/08 11:06:29 | 000,000,000 | ---- | M] () -- C:\Users\Moniker\defogger_reenable
[2010/12/08 11:06:15 | 000,050,477 | ---- | M] () -- C:\Users\Moniker\Desktop\Defogger.exe
[2010/12/08 10:31:43 | 000,792,064 | ---- | M] () -- C:\Users\Moniker\Desktop\Home Program - x (VN)(E).doc
[2010/12/07 23:43:50 | 002,672,312 | ---- | M] () -- C:\Users\Moniker\Desktop\esetsmartinstaller_enu.exe
[2010/12/07 23:36:59 | 000,624,128 | ---- | M] () -- C:\Users\Moniker\Desktop\dds.scr
[2010/12/07 21:46:09 | 000,660,752 | ---- | M] () -- C:\Users\Moniker\Desktop\eXplorer.exe
[2010/12/07 21:43:42 | 000,000,626 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/07 01:24:27 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Moniker\Desktop\SUPERAntiSpyware.exe
[2010/12/05 15:02:36 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Moniker\Desktop\tool.exe
[2010/12/04 12:14:57 | 000,000,133 | ---- | M] () -- C:\Windows\WININIT.INI
[2010/12/02 19:19:55 | 000,000,657 | ---- | M] () -- C:\Users\Moniker\Desktop\Bubble Shooter Premium Edition.lnk
[2010/11/29 23:28:01 | 000,048,128 | ---- | M] () -- C:\Users\Moniker\Desktop\Job Description.doc
[2010/11/29 22:47:16 | 001,415,369 | ---- | M] () -- C:\Users\Moniker\Desktop\20100306 - IMG_9948.JPG
[2010/11/29 21:08:29 | 000,137,592 | ---- | M] () -- C:\Users\Moniker\Desktop\monkey&chicken.jpg
[2010/11/29 21:01:17 | 000,023,837 | ---- | M] () -- C:\Users\Moniker\Desktop\chicken.jpg
[2010/11/29 20:38:11 | 000,220,722 | ---- | M] () -- C:\Users\Moniker\Desktop\20100220 - IMG_9198.jpg
[2010/11/29 20:24:20 | 002,901,096 | ---- | M] () -- C:\Users\Moniker\Desktop\20101114 - IMG_1363.JPG
[2010/11/29 20:10:44 | 000,763,746 | ---- | M] () -- C:\Users\Moniker\Desktop\20101122 - IMG_1400.JPG
[2010/11/29 19:55:43 | 001,831,366 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1587.JPG
[2010/11/29 19:55:41 | 002,819,692 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1583.JPG
[2010/11/29 19:55:39 | 002,153,736 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1579.JPG
[2010/11/29 19:55:38 | 001,281,092 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1577.JPG
[2010/11/29 19:55:37 | 001,375,106 | ---- | M] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1575.JPG
[2010/11/29 18:02:43 | 000,193,536 | ---- | M] () -- C:\Users\Moniker\Desktop\info_pack_2010.doc
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/27 13:06:06 | 000,165,143 | ---- | M] () -- C:\Users\Moniker\Desktop\sigma2.jpg
[2010/11/27 13:05:15 | 000,197,952 | ---- | M] () -- C:\Users\Moniker\Desktop\sigma1.jpg
[2010/11/27 11:26:32 | 030,254,480 | ---- | M] () -- C:\Users\Moniker\Desktop\20101127 - IMG_1548.tif
[2010/11/27 11:26:30 | 030,268,956 | ---- | M] () -- C:\Users\Moniker\Desktop\20101124 - IMG_1462.tif
[2010/11/27 11:26:30 | 030,255,574 | ---- | M] () -- C:\Users\Moniker\Desktop\20101127 - IMG_1544.tif
[2010/11/24 21:44:03 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/11/24 13:50:37 | 095,505,429 | ---- | M] () -- C:\Users\Moniker\Desktop\annual report covercdr.cdr
[2010/11/24 13:37:39 | 024,955,749 | ---- | M] () -- C:\Users\Moniker\Desktop\annual report covercdr2.pdf
[2010/11/24 13:36:55 | 024,955,344 | ---- | M] () -- C:\Users\Moniker\Desktop\annual report covercdr.pdf
[2010/11/24 13:36:18 | 095,515,213 | ---- | M] () -- C:\Users\Moniker\Desktop\Backup_of_annual report covercdr.cdr
[2010/11/24 12:27:51 | 025,471,274 | ---- | M] () -- C:\Users\Moniker\Desktop\Annual Report 2010 - Final for print.pdf
[2010/11/24 12:26:38 | 017,182,720 | ---- | M] () -- C:\Users\Moniker\Desktop\annual report.indd

========== Files Created - No Company Name ==========

[2010/12/17 23:09:46 | 000,027,542 | ---- | C] () -- C:\Users\Moniker\Desktop\Travel Insurance Direct Australia Policy Certificate.pdf
[2010/12/17 01:37:14 | 001,444,704 | ---- | C] () -- C:\Users\Moniker\Desktop\20101114 D7267 Bowen Mountain (Custom).jpg
[2010/12/17 01:24:56 | 006,894,996 | ---- | C] () -- C:\Users\Moniker\Desktop\20101114 D7261 Bowen Mountain.jpg
[2010/12/17 01:22:38 | 000,459,789 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 D7403 Port Kembla (Custom).jpg
[2010/12/17 01:21:09 | 001,162,594 | ---- | C] () -- C:\Users\Moniker\Desktop\20101114 D7246 Bowen Mountain (Custom).jpg
[2010/12/17 01:14:52 | 000,364,711 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1712.JPG
[2010/12/17 01:14:51 | 000,250,684 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1701.JPG
[2010/12/17 01:13:16 | 000,883,967 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 D7390 Port Kembla (Custom).jpg
[2010/12/17 01:08:34 | 000,417,159 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 D7410 Port Kembla (Custom).jpg
[2010/12/17 00:59:41 | 000,674,447 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 D7322 Port Kembla (Custom).jpg
[2010/12/17 00:58:44 | 001,103,425 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 D7298 Port Kembla (Custom).jpg
[2010/12/14 21:57:59 | 000,002,048 | ---- | C] () -- C:\Users\Moniker\AppData\Roaming\PhotobookShop.com.au Prefs
[2010/12/14 21:57:31 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\PhotobookShop.com.au.lnk
[2010/12/14 21:43:07 | 119,809,041 | ---- | C] () -- C:\Users\Moniker\Desktop\PhotobookShopDesigner.exe
[2010/12/12 19:02:03 | 007,982,379 | ---- | C] () -- C:\Users\Moniker\Desktop\Annual Report 2008.pdf
[2010/12/12 19:01:26 | 007,982,018 | ---- | C] () -- C:\Users\Moniker\Desktop\VCA_Annual_Report_2008.pdf
[2010/12/12 18:53:28 | 000,132,312 | ---- | C] () -- C:\Users\Moniker\Desktop\annual report covercdr-w.pdf
[2010/12/12 18:47:31 | 002,393,989 | ---- | C] () -- C:\Users\Moniker\Desktop\Annual Report 2010-w.pdf
[2010/12/10 01:20:11 | 000,059,904 | ---- | C] () -- C:\Users\Moniker\Desktop\OIC - CV.doc
[2010/12/09 19:22:56 | 000,318,630 | ---- | C] () -- C:\Users\Moniker\Desktop\563.mp3
[2010/12/08 20:35:46 | 000,033,792 | ---- | C] () -- C:\Users\Moniker\Desktop\OIC - App.doc
[2010/12/08 11:42:56 | 000,061,014 | ---- | C] () -- C:\Users\Moniker\Desktop\cap.jpg
[2010/12/08 11:24:15 | 000,288,107 | ---- | C] () -- C:\Users\Moniker\Desktop\gmer.zip
[2010/12/08 11:06:29 | 000,000,000 | ---- | C] () -- C:\Users\Moniker\defogger_reenable
[2010/12/08 11:06:15 | 000,050,477 | ---- | C] () -- C:\Users\Moniker\Desktop\Defogger.exe
[2010/12/07 23:43:45 | 002,672,312 | ---- | C] () -- C:\Users\Moniker\Desktop\esetsmartinstaller_enu.exe
[2010/12/07 23:36:55 | 000,624,128 | ---- | C] () -- C:\Users\Moniker\Desktop\dds.scr
[2010/12/07 21:46:03 | 000,660,752 | ---- | C] () -- C:\Users\Moniker\Desktop\eXplorer.exe
[2010/12/07 21:43:42 | 000,000,626 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/07 21:16:17 | 000,792,064 | ---- | C] () -- C:\Users\Moniker\Desktop\Home Program - x (VN)(E).doc
[2010/12/03 22:10:09 | 000,028,160 | ---- | C] () -- C:\Users\Moniker\Desktop\Memories.doc
[2010/12/02 19:19:55 | 000,000,657 | ---- | C] () -- C:\Users\Moniker\Desktop\Bubble Shooter Premium Edition.lnk
[2010/11/29 23:27:59 | 000,048,128 | ---- | C] () -- C:\Users\Moniker\Desktop\Job Description.doc
[2010/11/29 22:47:16 | 001,415,369 | ---- | C] () -- C:\Users\Moniker\Desktop\20100306 - IMG_9948.JPG
[2010/11/29 21:08:27 | 000,137,592 | ---- | C] () -- C:\Users\Moniker\Desktop\monkey&chicken.jpg
[2010/11/29 21:01:16 | 000,023,837 | ---- | C] () -- C:\Users\Moniker\Desktop\chicken.jpg
[2010/11/29 20:38:09 | 000,220,722 | ---- | C] () -- C:\Users\Moniker\Desktop\20100220 - IMG_9198.jpg
[2010/11/29 20:24:20 | 002,901,096 | ---- | C] () -- C:\Users\Moniker\Desktop\20101114 - IMG_1363.JPG
[2010/11/29 20:10:44 | 000,763,746 | ---- | C] () -- C:\Users\Moniker\Desktop\20101122 - IMG_1400.JPG
[2010/11/29 19:55:42 | 001,831,366 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1587.JPG
[2010/11/29 19:55:41 | 002,819,692 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1583.JPG
[2010/11/29 19:55:39 | 002,153,736 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1579.JPG
[2010/11/29 19:55:38 | 001,281,092 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1577.JPG
[2010/11/29 19:55:37 | 001,375,106 | ---- | C] () -- C:\Users\Moniker\Desktop\20101128 - IMG_1575.JPG
[2010/11/29 18:02:42 | 000,193,536 | ---- | C] () -- C:\Users\Moniker\Desktop\info_pack_2010.doc
[2010/11/27 13:06:04 | 000,165,143 | ---- | C] () -- C:\Users\Moniker\Desktop\sigma2.jpg
[2010/11/27 13:05:13 | 000,197,952 | ---- | C] () -- C:\Users\Moniker\Desktop\sigma1.jpg
[2010/11/27 11:26:32 | 030,254,480 | ---- | C] () -- C:\Users\Moniker\Desktop\20101127 - IMG_1548.tif
[2010/11/27 11:26:30 | 030,255,574 | ---- | C] () -- C:\Users\Moniker\Desktop\20101127 - IMG_1544.tif
[2010/11/27 11:26:29 | 030,268,956 | ---- | C] () -- C:\Users\Moniker\Desktop\20101124 - IMG_1462.tif
[2010/11/24 13:37:33 | 024,955,749 | ---- | C] () -- C:\Users\Moniker\Desktop\annual report covercdr2.pdf
[2010/11/24 13:36:49 | 024,955,344 | ---- | C] () -- C:\Users\Moniker\Desktop\annual report covercdr.pdf
[2010/11/24 13:35:31 | 095,515,213 | ---- | C] () -- C:\Users\Moniker\Desktop\Backup_of_annual report covercdr.cdr
[2010/11/24 13:34:12 | 095,505,429 | ---- | C] () -- C:\Users\Moniker\Desktop\annual report covercdr.cdr
[2010/11/24 12:22:53 | 025,471,274 | ---- | C] () -- C:\Users\Moniker\Desktop\Annual Report 2010 - Final for print.pdf
[2010/11/24 12:22:53 | 002,483,559 | ---- | C] () -- C:\Users\Moniker\Desktop\Annual Report 2010.pdf
[2010/07/07 01:08:08 | 000,000,133 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/07/05 00:29:14 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/05 00:29:14 | 000,000,008 | RHS- | C] () -- C:\ProgramData\11921552D0.sys
[2010/01/24 22:22:31 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/29 22:26:50 | 000,000,760 | ---- | C] () -- C:\Users\Moniker\AppData\Roaming\setup_ldm.iss
[2009/12/29 01:33:00 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/29 00:51:51 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/10/01 04:18:26 | 000,050,360 | ---- | C] () -- C:\Windows\php.ini
[2009/09/30 08:16:26 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== Files - Unicode (All) ==========
[2010/12/05 13:53:28 | 000,000,000 | ---D | M](C:\Users\Moniker\Desktop\T?p 01_files) -- C:\Users\Moniker\Desktop\Tập 01_files
[2010/12/05 13:53:27 | 000,047,493 | ---- | M] ()(C:\Users\Moniker\Desktop\T?p 01.htm) -- C:\Users\Moniker\Desktop\Tập 01.htm
[2010/12/05 13:53:27 | 000,000,000 | ---D | C](C:\Users\Moniker\Desktop\T?p 01_files) -- C:\Users\Moniker\Desktop\Tập 01_files
[2010/08/06 22:41:06 | 000,047,493 | ---- | C] ()(C:\Users\Moniker\Desktop\T?p 01.htm) -- C:\Users\Moniker\Desktop\Tập 01.htm
[2010/07/25 01:41:58 | 000,005,795 | ---- | M] ()(C:\Users\Moniker\Desktop\T?p 01 http.htm) -- C:\Users\Moniker\Desktop\Tập 01 http.htm
[2010/07/24 00:47:49 | 000,005,795 | ---- | C] ()(C:\Users\Moniker\Desktop\T?p 01 http.htm) -- C:\Users\Moniker\Desktop\Tập 01 http.htm

< End of report >

#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:35 AM

Posted 25 December 2010 - 10:30 AM

Hello moniker55 :santa:

Merry Christmas to you as well!

I have some of the error messages from the BSOD if that helps.

Yes, by all means post those in a reply for me to research.

Beat Regards,
oneof4.

Best Regards,
oneof4.


#11 moniker55

moniker55
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 25 December 2010 - 06:20 PM

Some error messages:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 3081

Additional information about the problem:
BCCode: a
BCP1: 0000000000000000
BCP2: 0000000000000002
BCP3: 0000000000000000
BCP4: FFFFF80002EF6436
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

=====

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 3081

Additional information about the problem:
BCCode: c5
BCP1: 0000000000000008
BCP2: 0000000000000002
BCP3: 0000000000000000
BCP4: FFFFF800030000BF
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1



=====

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 3081

Additional information about the problem:
BCCode: a
BCP1: 0000000000000090
BCP2: 0000000000000002
BCP3: 0000000000000000
BCP4: FFFFF80002E8D995
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:35 AM

Posted 28 December 2010 - 03:31 PM

Hello moniker55 :)

I trust the holidays have been good to you? Let's resume fixing your computer:

Your internet proxy has been compromised again, please follow the instructions below:

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

If OTL did not ask you to reboot the computer, then please do so.

After the reboot, open Internet Explorer, then click on Tools > Internet Options > Connections > LAN Settings, insure that Automatically detect settings is checked. Go ahead and check the box next to Use a proxy server for your LAN, then click on the Advanced button. If there are any values in the boxes under Proxy address to use or Port, then delete them. Also, make sure the box Use the same proxy server for all protocols is not checked. Click OK, then Yes to the warning about "Invalid Proxy Server". This should take you back to the LAN Settings screen, again make sure Automatically detect settings is checked. Click OK, then OK again.

======

Update and run MBAM.

======

Things I need to see in your next reply:

  • OTL.txt
  • Did you have to make changes to your LAN settings?
  • MBAM log
  • Are you still being redirected?

Best Regards,
oneof4.


#13 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:35 AM

Posted 02 January 2011 - 09:10 PM

Are you still with us?

Best Regards,
oneof4.


#14 moniker55

moniker55
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 03 January 2011 - 06:38 PM

Sorry, the holiday season took me away from my computer for awhile.

Did all the things you listed above but problems still persisting (Google results still re-directing, random pop-ups etc.).
- I did not have to change any LAN settings
- MBAM log turning up no infections

I will copy the OTL log when I get back to the home computer later today.

#15 moniker55

moniker55
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 04 January 2011 - 05:56 AM

========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

OTL by OldTimer - Version 3.2.17.3 log created on 01032011_192456

===

MBAM LOG

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5447

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/01/2011 7:29:07 PM
mbam-log-2011-01-03 (19-29-07).txt

Scan type: Quick scan
Objects scanned: 160806
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users