Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PWS.LDPinchIE: Fraud.Sysguard: win32.autorun


  • This topic is locked This topic is locked
13 replies to this topic

#1 sahara74

sahara74

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 31 December 2010 - 12:52 AM

Hello,

I get the following 3 entries from a Spybot scan: PWS.LDPinchIE, Fraud.Sysguard and win32.autorun. Spybot cannot delete them during the cleaning process - only during reboot. Spybot completes another scan on reboot and they are gone, but they reappear soon after.


Symptoms include:
1. Usage of up to 1.5GB of memory immediately after reboot (I do try to keep my startup programs to a minimum)
2. McAfee real-time scanning is occasionally disabled - and I'm unable to enable it again (including when in safe mode with networking)
3. Sudden blue screens / shut downs
4. Sudden IE popups / advertising (which is strange because I hardly ever use IE)
5. Slow web browsing

(N.B. I may be unable to respond between 4 Jan and 24 Jan 2011, as I will be travelling in remote places. So please keep this open at least until then. I hope to take my laptop with me).

Here are my logs. Thanks in advance.

DDS Log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Hamish at 15:15:39.95 on Fri 31/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.4076.2575 [GMT 10.5:30]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe
C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Xobni\XobniService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe
C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files (x86)\Telstra\Telstra Connection Manager\WaHelper.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Hamish\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://asus.msn.com
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\tbMess.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
mURLSearchHooks: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\tbMess.dll
mURLSearchHooks: H - No File
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101101115550.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\tbMess.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\tbMess.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uRun: [Google Update] "C:\Users\Hamish\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DIMDownloading your update...1285781003180] "C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" "c:\programdata\corel\downloads\540215253_610005\1285781003180\dim_params.xml" -Launch=3 -uibase="c:\users\hamish\appdata\roaming\corel\messages\540215253_610005\en\messagecache1\workflow"
mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun: [RemoteControl8] "C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\ASUSTek\ASUSDVD 8\Language\Language.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [PCMAgent] "C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe"
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TRUUpdater] "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
mRun: [WatcherHelper] "C:\Program Files (x86)\Telstra\Telstra Connection Manager\WaHelper.exe"
dRun: [mcexecwin] rundll32.exe C:\Windows\TEMP\q6zf27k.dll, RestoreWindows
dRun: [uiha98uiohf873yuiadnhgjesgregas] C:\Windows\TEMP\yq000.exe
dRun: [hsehf98u34i9tjioaugy987iuegdsg] C:\Windows\TEMP\services.exe
StartupFolder: C:\Users\Hamish\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTERV~1.LNK - C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {BFE3E7C8-85C9-41AE-A030-8E703EF68BCE} = 139.130.4.4 203.50.2.71
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101101115550.dll
BHO-X64: scriptproxy - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {EA0969B3-6E12-4AC0-B6C9-148E81247954} - No File
TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
mRun-x64: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun-x64: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Hamish\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: XULRunner: {8E5DB170-37D6-4FD6-983B-D7ECCABA359E} - C:\Windows\system32\config\systemprofile\AppData\Local\{8E5DB170-37D6-4FD6-983B-D7ECCABA359E}
FF - Ext: XULRunner: {6686734D-EEF0-4DB7-9BC7-404E5DC51C89} - C:\Users\Hamish\AppData\Local\{6686734D-EEF0-4DB7-9BC7-404E5DC51C89}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-2-1 529128]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-2-1 283360]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-2-1 75032]
R1 MOBK742Filter;MOBK742Filter;C:\Windows\System32\drivers\MOBK742.sys [2010-9-28 66040]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-12-10 359552]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-12-10 14904]
R2 ICQ Service;ICQ Service;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-8-4 246520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-5 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-5 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-5 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-5 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-2-1 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-2-1 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-2-1 149032]
R2 MOBK742backup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe [2010-6-30 207672]
R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe [2009-12-10 44312]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2009-12-10 60416]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2009-12-10 55808]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-7 13784]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-6-18 434864]
R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2010-3-16 55016]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-12-10 35104]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-2-1 62800]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-7-27 58880]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-2-1 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-2-1 441328]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw1v64.sys [2009-7-20 7058432]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-5-1 81440]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-14 135664]
S3 ERMLicSrv_ATL71;ERMLicSrv_ATL71;C:\Windows\SysWOW64\ERM\7.1\ERMLicSrv_ATL71.exe [2010-8-10 94208]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-2-2 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-2-1 94864]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2010-1-28 283136]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2009-12-8 206848]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-6 1255736]

=============== Created Last 30 ================

2010-12-31 03:38:58 -------- d-----w- C:\SDFix
2010-12-28 02:00:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-12-28 02:00:39 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-12-26 10:12:38 -------- d-----w- C:\Users\Hamish\AppData\Local\Jaksta_Pty_Ltd
2010-12-26 09:58:39 -------- d-----w- C:\Users\Hamish\AppData\Roaming\Replay Media Catcher 4
2010-12-26 09:58:37 -------- d-----w- C:\Program Files\Applian Technologies
2010-12-22 16:23:55 -------- d-----w- C:\Users\Hamish\AppData\Roaming\Malwarebytes
2010-12-22 16:23:50 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-22 16:23:50 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-22 16:23:47 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-22 16:23:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-15 07:40:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-15 07:40:26 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-12-15 07:40:05 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-12-15 07:40:05 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-12-15 07:40:05 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-12-15 07:40:05 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-12-15 07:40:05 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-12-15 07:40:05 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-12-15 07:40:05 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-12-15 07:40:05 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-12-15 07:40:04 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-12-15 07:40:04 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-12-10 04:59:35 34304 ----a-w- C:\Windows\System32\drivers\swmsflt.sys
2010-12-10 04:59:21 -------- d-----w- C:\Program Files (x86)\Telstra
2010-12-10 04:58:40 -------- d-----w- C:\Users\Hamish\AppData\Roaming\Sierra Wireless
2010-12-10 04:58:40 -------- d-----w- C:\Program Files (x86)\Sierra Wireless Inc

==================== Find3M ====================

2010-11-12 08:23:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-10-13 11:58:54 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2010-10-13 11:58:54 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2010-10-13 11:58:54 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2010-10-13 11:58:54 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2010-10-13 11:58:54 529128 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2010-10-13 11:58:54 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2010-10-13 11:58:54 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2010-10-13 11:58:54 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2010-10-13 11:58:54 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

============= FINISH: 15:17:15.35 ===============


GMER LOG


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-31 16:07:42
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d605ad
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d605ad@0026ff83ddf2 0x23 0xDB 0xF1 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d605ad (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d605ad@0026ff83ddf2 0x23 0xDB 0xF1 0xA2 ...

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 sahara74

sahara74
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 31 December 2010 - 07:19 AM

OK, I don't want to be alarmist, but I am getting alarmed. This is not an effort to bump.

I've just run extra Spybot, Malwarebytes and McAfee scans in safe mode (no networking) and uncovered more:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5426

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

31/12/2010 7:26:16 PM
mbam-log-2010-12-31 (19-26-07).txt

Scan type: Full scan (C:\|)
Objects scanned: 392975
Time elapsed: 50 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WHMDNR9LKK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FakeAlert) -> Value: JP595IR86O -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Hamish\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\MSJMNA43\install.48596[1].exe (Trojan.FraudPack.Gen) -> No action taken.
c:\Users\Hamish\AppData\Local\Temp\Mrq.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\Users\Hamish\AppData\Local\Temp\Mrs.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\Users\Hamish\documents\Software\replay media catcher 4.0.14\keygen\crd.exe (TheftMarker.Crude) -> No action taken.
c:\Users\Hamish\documents\Software\sony vegas pro 9.0e\Keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\Windows\Mtuzua.exe (Trojan.FraudPack.Gen) -> No action taken.


McAfee found 2 files as well, but the real-time protection was completely diabled in safe mode, and now I cant find the folder that should contain the scan results. Interestingly, the real-time scanning is working in normal mode as I type..

Spybot found other stuff too..Here it is:

--- Report generated: 2010-12-31 18:32 ---

Fraud.DefenseCenter: [SBI $8B9C68F8] Settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-2222934153-465452855-2351853516-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Win32.FraudLoad.edt: [SBI $666C83D9] Data (File, fixed)
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.FraudLoad.edt: [SBI $1436A642] Data (File, fixed)
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Microsoft.WindowsSecurityCenter.RegistryTools: [SBI $D60CD1E3] Settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-2222934153-465452855-2351853516-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools

Right Media: Tracking cookie (Internet Explorer: Hamish) (Cookie, fixed)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
______________________________________________________________________


You will probably notice that the original trojans/viruses that I posted about were not detected. I now have no access to registry editor (I get a message of "Registry Editor has been Disabled by your Administrator") and Windows Task Manager is not selectable on the task bar (or by ctrl+shift+esc), and looks like its been hidden or deleted. I have downloaded/installed Process Explorer but can't see anything causing the problem.

I am now up to 1.8GB of memory getting utilized with nothing intensive being used...

I do recall that my hotmail was hijacked a month ago...there were lots of messages in my sent items that I didn't send. I changed my password though and I haven't had a problem since, but I presumed I was hacked into. Not sure if that has anything to do with it, but I thought I'd let you know just in case.

Very worried...

I think I'm on my last legs...please help

#3 sahara74

sahara74
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 31 December 2010 - 07:35 AM

OK, I just finished another malewarebytes scan and got this:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5426

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31/12/2010 11:01:09 PM
mbam-log-2010-12-31 (23-01-09).txt

Scan type: Full scan (C:\|)
Objects scanned: 394294
Time elapsed: 1 hour(s), 24 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Hamish\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\SVN0MWO3\install.48596[1].exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Hamish\AppData\Local\Temp\install-0.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.


I now have task manger back, but it tells me I have to reboot. Rebooting now..

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:55 PM

Posted 07 January 2011 - 09:13 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 sahara74

sahara74
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 09 January 2011 - 08:10 PM

DDS Log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Hamish at 10:48:31.66 on Mon 10/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.4076.2139 [GMT 10.5:30]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Xobni\XobniService.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Defender\system\taskmgr.exe
C:\Program Files\Windows Defender\system\taskmgr.exe
C:\Program Files\Windows Defender\system\taskmgr.exe
C:\Program Files (x86)\Telstra\Telstra Connection Manager\WaHelper.exe
C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe
C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Telstra\Telstra Connection Manager\Watcher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Telstra\Telstra Connection Manager\SwiApiMux.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskmgr.exe
C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Hamish\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101101115550.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uRun: [<NO NAME>]
uRun: [Microsoft®Windows®OSManager] C:\MSOCache\taskeng.exe
uRun: [Microsoft®Windows®OperatingSystem] C:\Program Files\Windows Defender\system\taskmgr.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
mRun: [WatcherHelper] "C:\Program Files (x86)\Telstra\Telstra Connection Manager\WaHelper.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [TRUUpdater] "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PlayMovie] "C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\ASUSTek\ASUSDVD 8\Language\Language.exe"
mRun: [PCMAgent] "C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe"
mRun: [Microsoft®Windows®WindowsDefender] C:\Program Files\Windows Defender\system\taskmgr.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [mcexecwin] rundll32.exe C:\Windows\TEMP\q6zf27k.dll, RestoreWindows
dRun: [uiha98uiohf873yuiadnhgjesgregas] C:\Windows\TEMP\yq000.exe
dRun: [hsehf98u34i9tjioaugy987iuegdsg] C:\Windows\TEMP\services.exe
uExplorerRun: [WindowsDefenderPolicies] C:\Program Files\Windows Defender\system\taskmgr.exe
mExplorerRun: [WindowsDefenderPolicies] C:\Program Files\Windows Defender\system\taskmgr.exe
uPolicies-system: EnableLUA = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {BFE3E7C8-85C9-41AE-A030-8E703EF68BCE} = 139.130.4.4 203.50.2.71
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {K61WO004-P08Q-KPGB-XN42-8WJ2S025JWQ0} - C:\Program Files\Windows Defender\system\taskmgr.exe
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101101115550.dll
BHO-X64: scriptproxy - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun-x64: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Hamish\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: XULRunner: {8E5DB170-37D6-4FD6-983B-D7ECCABA359E} - C:\Windows\system32\config\systemprofile\AppData\Local\{8E5DB170-37D6-4FD6-983B-D7ECCABA359E}
FF - Ext: XULRunner: {6686734D-EEF0-4DB7-9BC7-404E5DC51C89} - C:\Users\Hamish\AppData\Local\{6686734D-EEF0-4DB7-9BC7-404E5DC51C89}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-2-1 529128]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-2-1 283360]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-2-1 75032]
R1 MOBK742Filter;MOBK742Filter;C:\Windows\System32\drivers\MOBK742.sys [2010-9-28 66040]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-12-10 359552]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-12-10 14904]
R2 ICQ Service;ICQ Service;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-8-4 246520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-5 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-5 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-5 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-5 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-2-1 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-2-1 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-2-1 149032]
R2 MOBK742backup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe [2010-6-30 207672]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2009-12-10 60416]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2009-12-10 55808]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-7 13784]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-12-10 35104]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-2-1 62800]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-7-27 58880]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-2-1 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-2-1 441328]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw1v64.sys [2009-7-20 7058432]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-5-1 81440]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2010-1-28 283136]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2009-12-8 206848]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-14 135664]
S3 ERMLicSrv_ATL71;ERMLicSrv_ATL71;C:\Windows\SysWOW64\ERM\7.1\ERMLicSrv_ATL71.exe [2010-8-10 94208]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-2-2 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-2-1 94864]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]

=============== Created Last 30 ================

2011-01-10 00:18:51 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{36D571EC-4C0E-4F1A-A952-261F0AD736A9}\mpengine.dll
2011-01-04 06:32:27 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-01-02 23:35:51 -------- d-----w- C:\Program Files (x86)\Palringo
2011-01-01 13:15:29 -------- d-----w- C:\Program Files (x86)\Uniblue
2011-01-01 13:07:20 -------- d-----w- C:\Users\Hamish\AppData\Roaming\Uniblue
2011-01-01 12:04:46 -------- d-----w- C:\Windows\pss
2011-01-01 03:49:14 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-01 03:18:45 -------- d-----w- C:\Users\Hamish\Tracing
2010-12-31 03:38:58 -------- d-----w- C:\SDFix
2010-12-28 02:00:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-12-28 02:00:39 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-12-26 10:12:38 -------- d-----w- C:\Users\Hamish\AppData\Local\Jaksta_Pty_Ltd
2010-12-26 09:58:39 -------- d-----w- C:\Users\Hamish\AppData\Roaming\Replay Media Catcher 4
2010-12-26 09:58:37 -------- d-----w- C:\Program Files\Applian Technologies
2010-12-22 16:23:55 -------- d-----w- C:\Users\Hamish\AppData\Roaming\Malwarebytes
2010-12-22 16:23:50 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-22 16:23:50 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-22 16:23:47 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-22 16:23:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-15 07:40:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-15 07:40:26 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-12-15 07:40:05 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-12-15 07:40:05 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-12-15 07:40:05 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-12-15 07:40:05 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-12-15 07:40:05 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-12-15 07:40:05 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-12-15 07:40:05 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-12-15 07:40:05 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-12-15 07:40:04 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-12-15 07:40:04 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

==================== Find3M ====================

2010-11-12 08:23:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-10-13 11:58:54 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2010-10-13 11:58:54 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2010-10-13 11:58:54 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2010-10-13 11:58:54 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2010-10-13 11:58:54 529128 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2010-10-13 11:58:54 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2010-10-13 11:58:54 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2010-10-13 11:58:54 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2010-10-13 11:58:54 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

============= FINISH: 10:50:54.08 ===============

Attached Files

  • Attached File  Ark.txt   1.9KB   1 downloads


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:55 PM

Posted 10 January 2011 - 02:36 PM

Hello sahara74,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


We need to get a little more information just to make sure we know what we are dealing with. Then we will get to cleaning your machine.


1.
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

2.
Download Bootkit Remover to your desktop

1. Extract the file to your desktop.
2. Double click Remover.exe to run it (Right click and run as Administrator for Vista).
3. It will show a Black screen with some data on it.
4. Right click on the screen and choose [/b]Select All[/b].
5. Press Control+C (to copy the data).
6. Open a notepad, Click on Edit tab > paste.
7. Exit the Remover.exe window.
8. Please post the contents of the notepad when you reply.

3.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


Things to include in your next reply::
MBRcheck log
BootKit Remover log
OTL.txt
Extra.txt

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 sahara74

sahara74
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 10 January 2011 - 05:11 PM

1. MBR Check Log



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: M60J
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 225):
0x0320A000 \SystemRoot\system32\ntoskrnl.exe
0x037E6000 \SystemRoot\system32\hal.dll
0x00BC0000 \SystemRoot\system32\kdcom.dll
0x00CB3000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CF7000 \SystemRoot\system32\PSHED.dll
0x00D0B000 \SystemRoot\system32\CLFS.SYS
0x00E92000 \SystemRoot\system32\CI.dll
0x00F52000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00E00000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01045000 \SystemRoot\System32\Drivers\spai.sys
0x0116B000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01174000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x011A3000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01000000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x0100A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E0F000 \SystemRoot\system32\DRIVERS\pci.sys
0x01017000 \SystemRoot\System32\drivers\partmgr.sys
0x0102C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x01035000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E42000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D69000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E57000 \SystemRoot\system32\drivers\pciide.sys
0x00E5E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E6E000 \SystemRoot\System32\drivers\mountmgr.sys
0x01239000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01355000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0135E000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01388000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01393000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0139E000 \SystemRoot\system32\drivers\fltmgr.sys
0x013EA000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C00000 \SystemRoot\system32\drivers\mfehidk.sys
0x01200000 \SystemRoot\System32\Drivers\AsDsm.sys
0x01403000 \SystemRoot\System32\Drivers\Ntfs.sys
0x016CF000 \SystemRoot\System32\Drivers\msrpc.sys
0x0172D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01747000 \SystemRoot\System32\Drivers\cng.sys
0x017BA000 \SystemRoot\System32\drivers\pcw.sys
0x017CB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x018B9000 \SystemRoot\system32\drivers\ndis.sys
0x01800000 \SystemRoot\system32\drivers\NETIO.SYS
0x01860000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A03000 \SystemRoot\System32\drivers\tcpip.sys
0x019AB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\drivers\mfewfpk.sys
0x0188B000 \SystemRoot\system32\drivers\TDI.SYS
0x01898000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01644000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x018A8000 \SystemRoot\System32\Drivers\spldr.sys
0x01690000 \SystemRoot\System32\drivers\rdyboost.sys
0x017D5000 \SystemRoot\System32\Drivers\mup.sys
0x018B0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x015A6000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017E7000 \SystemRoot\system32\DRIVERS\disk.sys
0x00C7F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02E00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02E2A000 \SystemRoot\system32\DRIVERS\MOBK742.sys
0x02E40000 \SystemRoot\System32\Drivers\Null.SYS
0x02E49000 \SystemRoot\System32\Drivers\Beep.SYS
0x02E50000 \SystemRoot\System32\drivers\vga.sys
0x02E5E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02E83000 \SystemRoot\System32\drivers\watchdog.sys
0x02E93000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02E9C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02EA5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02EAE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015EE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0120D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04260000 \SystemRoot\System32\DRIVERS\netbt.sys
0x042A5000 \SystemRoot\system32\drivers\afd.sys
0x0432F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04338000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0435E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04374000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x04385000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04394000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x043AF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04200000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04251000 \SystemRoot\system32\drivers\nsiproxy.sys
0x043C3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x043CE000 \SystemRoot\System32\drivers\discache.sys
0x0445D000 \SystemRoot\system32\drivers\csc.sys
0x044E0000 \SystemRoot\System32\Drivers\dfsc.sys
0x044FE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0450F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A7D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05586000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x046C3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x047B7000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04624000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04635000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0582F000 \SystemRoot\system32\DRIVERS\NETw1v64.sys
0x05EF6000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x05F16000 \SystemRoot\system32\DRIVERS\rimspe64.sys
0x05F2F000 \SystemRoot\system32\DRIVERS\rixdpe64.sys
0x05F85000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x05FC3000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x05FD6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05588000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05FF4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05800000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0580F000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x05817000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05826000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0468B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05FF6000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x046A1000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x055D1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x046B1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04A24000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04A53000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04535000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04556000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04A6E000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04570000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x05FFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x045AD000 \SystemRoot\system32\DRIVERS\ks.sys
0x055E7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04400000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x043DD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x00DC5000 \SystemRoot\system32\drivers\nvhda64v.sys
0x08489000 \SystemRoot\system32\drivers\portcls.sys
0x084C6000 \SystemRoot\system32\drivers\drmk.sys
0x084E8000 \SystemRoot\system32\drivers\ksthunk.sys
0x0860D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x084EE000 \SystemRoot\system32\drivers\mfeavfk.sys
0x0851B000 \SystemRoot\system32\drivers\mfefirek.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x08600000 \SystemRoot\System32\drivers\Dxapi.sys
0x08585000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02EB9000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x08593000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x085A6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02839000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x02800000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x02811000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x0281A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x085C3000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x02A0E000 \SystemRoot\System32\Drivers\bthport.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x02ADC000 \SystemRoot\system32\drivers\luafv.sys
0x02AFF000 \SystemRoot\system32\drivers\WudfPf.sys
0x02B20000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x02B4C000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x02B5C000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x02B7C000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x02B93000 \SystemRoot\system32\drivers\modem.sys
0x08400000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x03E20000 \SystemRoot\system32\drivers\btwaudio.sys
0x03EA6000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x03EB2000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x03EB6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03ECF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x00650000 \SystemRoot\System32\cdd.dll
0x03ED8000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x03EE9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x03F1A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x03F35000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03F4A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03F9D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03FB0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03FC8000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x03FCF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03FDD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x02BA2000 \SystemRoot\system32\DRIVERS\swumxa3.sys
0x08078000 \SystemRoot\system32\DRIVERS\swnc8ua3.sys
0x080CA000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
0x080D1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x08107000 \SystemRoot\system32\drivers\HTTP.sys
0x081CF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x08000000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08018000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08C83000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08CD1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08CF4000 \SystemRoot\system32\drivers\npf.sys
0x08D03000 \SystemRoot\system32\drivers\peauth.sys
0x08DA9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08DB4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08DE1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08C00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x098B0000 \SystemRoot\System32\DRIVERS\srv.sys
0x09946000 \SystemRoot\system32\drivers\cfwids.sys
0x09954000 \SystemRoot\system32\drivers\mfeapfk.sys
0x76FB0000 \Windows\System32\ntdll.dll
0x47910000 \Windows\System32\smss.exe
0xFF2D0000 \Windows\System32\apisetschema.dll
0xFFC60000 \Windows\System32\autochk.exe
0xFF220000 \Windows\System32\comdlg32.dll
0xFF210000 \Windows\System32\lpk.dll
0x76EB0000 \Windows\System32\user32.dll
0x76D90000 \Windows\System32\kernel32.dll
0xFF1C0000 \Windows\System32\ws2_32.dll
0x77180000 \Windows\System32\normaliz.dll
0xFEFB0000 \Windows\System32\ole32.dll
0xFEED0000 \Windows\System32\advapi32.dll
0xFEE00000 \Windows\System32\usp10.dll
0xFEC80000 \Windows\System32\urlmon.dll
0xFEC30000 \Windows\System32\Wldap32.dll
0xFEB20000 \Windows\System32\msctf.dll
0xFEA40000 \Windows\System32\oleaut32.dll
0xFDCB0000 \Windows\System32\shell32.dll
0xFDC30000 \Windows\System32\difxapi.dll
0xFDB90000 \Windows\System32\clbcatq.dll
0xFDA60000 \Windows\System32\rpcrt4.dll
0xFD9C0000 \Windows\System32\msvcrt.dll
0xFD9B0000 \Windows\System32\nsi.dll
0xFD990000 \Windows\System32\sechost.dll
0xFD920000 \Windows\System32\gdi32.dll
0xFD900000 \Windows\System32\imagehlp.dll
0xFD880000 \Windows\System32\shlwapi.dll
0xFD850000 \Windows\System32\imm32.dll
0xFD670000 \Windows\System32\setupapi.dll
0x77170000 \Windows\System32\psapi.dll
0xFD540000 \Windows\System32\wininet.dll
0xFD2E0000 \Windows\System32\iertutil.dll
0xFD270000 \Windows\System32\KernelBase.dll
0xFD1D0000 \Windows\System32\comctl32.dll
0xFD190000 \Windows\System32\cfgmgr32.dll
0xFD170000 \Windows\System32\devobj.dll
0xFD130000 \Windows\System32\wintrust.dll
0xFCFC0000 \Windows\System32\crypt32.dll
0xFCFB0000 \Windows\System32\msasn1.dll
0x75940000 \Windows\SysWOW64\normaliz.dll

Processes (total 103):
0 System Idle Process
4 System
392 C:\Windows\System32\smss.exe
672 csrss.exe
752 C:\Windows\System32\wininit.exe
772 csrss.exe
808 C:\Windows\System32\services.exe
828 C:\Windows\System32\lsass.exe
836 C:\Windows\System32\lsm.exe
948 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\nvvsvc.exe
156 C:\Windows\System32\svchost.exe
648 C:\Windows\System32\svchost.exe
676 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1264 WUDFHost.exe
1328 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
1360 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\winlogon.exe
1604 C:\Windows\System32\FBAgent.exe
1832 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
1852 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1916 C:\Windows\System32\nvvsvc.exe
1968 C:\Windows\System32\spoolsv.exe
1200 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2124 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
2160 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2192 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
2220 C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe
2240 C:\Windows\System32\rundll32.exe
2256 C:\Windows\SysWOW64\rundll32.exe
2276 C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe
2332 C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe
2412 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2436 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2472 C:\Windows\System32\svchost.exe
2516 C:\Program Files (x86)\Xobni\XobniService.exe
2692 C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe
2756 C:\Windows\System32\taskeng.exe
2792 C:\Windows\System32\dwm.exe
2816 C:\Windows\explorer.exe
2828 C:\Windows\System32\taskhost.exe
2876 C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
2948 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2960 C:\Program Files\P4G\BatteryLife.exe
2972 C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2984 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
2996 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
3008 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
3056 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2104 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2716 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
3284 C:\Windows\SysWOW64\ACEngSvr.exe
3516 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
3920 C:\Windows\System32\svchost.exe
3948 WUDFHost.exe
3088 C:\Windows\System32\svchost.exe
3584 C:\Windows\System32\svchost.exe
4364 C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
4396 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4520 WmiPrvSE.exe
4588 C:\Program Files (x86)\Telstra\Telstra Connection Manager\WaHelper.exe
4696 C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
4704 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4712 C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
4752 C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe
4780 C:\Windows\SysWOW64\explorer.exe
4808 C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe
4848 C:\Program Files\McAfee.com\Agent\mcagent.exe
4856 C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
4876 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
4884 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
4972 C:\Windows\System32\SearchIndexer.exe
5000 C:\Program Files (x86)\Telstra\Telstra Connection Manager\Watcher.exe
5148 C:\Windows\SysWOW64\explorer.exe
4136 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
4172 C:\Program Files (x86)\Telstra\Telstra Connection Manager\SwiApiMux.exe
1708 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
4920 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
5428 C:\Windows\System32\taskmgr.exe
7156 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
7164 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
6084 C:\Windows\AsScrPro.exe
5820 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
6180 C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe
6220 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
5900 C:\Windows\System32\svchost.exe
2180 C:\Program Files\Windows Media Player\wmpnetwk.exe
196 WmiPrvSE.exe
5072 C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
1340 C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
4388 C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
5288 C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
2936 WmiPrvSE.exe
6412 C:\Windows\System32\SearchProtocolHost.exe
6532 C:\Windows\System32\SearchFilterHost.exe
2488 C:\Windows\System32\audiodg.exe
4000 dllhost.exe
6668 dllhost.exe
2532 C:\Users\Hamish\Desktop\MBRCheck.exe
1348 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a962f000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000020`c56a2e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\I: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0002SDM1
PhysicalDrive1 Model Number: SeagatePortable, Rev: 0130
PhysicalDrive2 Model Number: SeagateFreeAgent Go, Rev: 100F

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
298 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: A16EF68870D2ED162DDA2E379D2960A80789C94E
149 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
-----------------------------------------------------------------------------



2. Bootkit Remover Log:

Bootkit Remover
© 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 (build 7600), 64-bit

System volume is \\.\C:
main(): CreateFile() ERROR 5
ERROR: Can't open volume device \\.\C:

Done;
Press any key to quit...

---------------------------------------------------------


3. OTL.txt



OTL logfile created on: 1/11/2011 7:47:31 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Hamish\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 22.58 Gb Free Space | 19.39% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 322.75 Gb Free Space | 96.44% Space Free | Partition Type: NTFS
Drive F: | 941.73 Mb Total Space | 941.73 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Drive H: | 298.09 Gb Total Space | 202.67 Gb Free Space | 67.99% Space Free | Partition Type: NTFS
Drive I: | 149.05 Gb Total Space | 9.69 Gb Free Space | 6.50% Space Free | Partition Type: NTFS

Computer Name: ADMIN | User Name: Hamish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/11 07:46:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hamish\Desktop\OTL.exe
PRC - [2011/01/06 14:37:45 | 000,995,896 | ---- | M] (Google Inc.) -- C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/09/15 13:18:42 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/03/28 17:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010/03/16 20:22:02 | 000,055,016 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
PRC - [2010/03/03 09:08:54 | 001,176,944 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Telstra\Telstra Connection Manager\Watcher.exe
PRC - [2010/02/25 21:14:36 | 000,210,288 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Telstra\Telstra Connection Manager\SwiApiMux.exe
PRC - [2010/02/14 01:42:56 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/01/25 15:45:36 | 000,562,544 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
PRC - [2009/12/10 23:43:39 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/10/31 16:15:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe
PRC - [2009/09/25 13:59:10 | 000,058,648 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files (x86)\Telstra\Telstra Connection Manager\WaHelper.exe
PRC - [2009/09/25 08:20:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/09/05 09:54:52 | 001,600,128 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/08/14 08:47:02 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/14 08:46:46 | 000,218,408 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe
PRC - [2009/08/13 08:50:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/08/07 07:03:10 | 000,177,384 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/14 11:44:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/07/08 05:50:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/06/25 07:00:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/20 04:59:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/20 04:59:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/18 06:47:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/06/16 12:00:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/19 10:28:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/21 05:39:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/04/16 18:22:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
PRC - [2008/12/23 11:45:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/11/10 07:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/03/31 21:25:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/12/01 05:50:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 18:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/01/11 07:46:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hamish\Desktop\OTL.exe
MOD - [2010/08/21 15:51:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/13 22:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/08/24 15:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/09/18 06:06:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/07 08:47:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 12:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 12:10:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/02 13:24:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2007/08/08 18:38:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/06/30 05:14:04 | 000,207,672 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe -- (MOBK742backup)
SRV - [2010/03/28 17:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/03/16 20:22:02 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2010/01/15 23:19:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/21 04:49:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/15 11:33:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/18 06:47:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/06/16 12:00:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 07:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/10 07:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/31 21:25:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2006/05/17 00:08:16 | 000,094,208 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\ERM\7.1\ERMLicSrv_ATL71.exe -- (ERMLicSrv_ATL71)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swumx20.sys -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iviaspi.sys -- (Iviaspi)
DRV:64bit: - [2010/10/13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/06/30 05:13:56 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK742.sys -- (MOBK742Filter)
DRV:64bit: - [2010/02/02 16:33:08 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/28 14:45:24 | 000,283,136 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV:64bit: - [2009/12/08 14:03:02 | 000,206,848 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV:64bit: - [2009/10/21 04:49:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/08/07 08:47:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/08/07 07:54:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/27 17:34:35 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/20 20:18:31 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/20 19:59:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/20 18:03:41 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel®
DRV:64bit: - [2009/07/14 12:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 12:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 12:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:01:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/05 13:57:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/03 03:24:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 15:16:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 15:16:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 15:16:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/20 12:39:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/18 06:32:03 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/06/11 07:08:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 07:05:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/11 07:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 20:46:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/13 11:37:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/01 00:13:33 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/04/07 18:03:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/15 07:50:03 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2008/05/24 11:57:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/25 05:41:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2005/06/14 14:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2003/09/11 15:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\iviaspi.sys -- (Iviaspi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {8E5DB170-37D6-4FD6-983B-D7ECCABA359E}:1.9.1
FF - prefs.js..extensions.enabledItems: {6686734D-EEF0-4DB7-9BC7-404E5DC51C89}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://au.search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{8E5DB170-37D6-4FD6-983B-D7ECCABA359E}: C:\Windows\system32\config\systemprofile\AppData\Local\{8E5DB170-37D6-4FD6-983B-D7ECCABA359E}\ [2010/07/14 07:02:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6686734D-EEF0-4DB7-9BC7-404E5DC51C89}: C:\Users\Hamish\AppData\Local\{6686734D-EEF0-4DB7-9BC7-404E5DC51C89} [2010/07/14 20:18:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/12/15 10:20:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/11 18:02:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/23 12:48:33 | 000,000,000 | ---D | M]

[2010/03/14 01:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Extensions
[2010/12/31 14:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions
[2010/11/19 16:59:23 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/09/05 01:38:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/15 00:42:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/04 13:04:51 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/07/29 20:07:31 | 000,000,000 | ---D | M] (Messenger Plus Live Australia Toolbar) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{ea0969b3-6e12-4ac0-b6c9-148e81247954}
[2010/12/30 21:05:01 | 000,001,056 | ---- | M] () -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\searchplugins\icqplugin.xml
[2010/12/31 13:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/13 15:37:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 09:27:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 11:52:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/25 00:02:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/15 10:20:54 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010/07/14 20:18:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\HAMISH\APPDATA\LOCAL\{6686734D-EEF0-4DB7-9BC7-404E5DC51C89}
[2010/07/14 07:02:06 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{8E5DB170-37D6-4FD6-983B-D7ECCABA359E}
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/13 03:03:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/08/04 17:32:10 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/12/31 14:46:19 | 000,428,504 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 applian.securesites.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14750 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101101115550.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101101115550.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft®Windows®WindowsDefender] C:\Program Files\Windows Defender\system\taskmgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\ASUSTek\ASUSDVD 8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Telstra\Telstra Connection Manager\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Microsoft®Windows®OperatingSystem] C:\Program Files\Windows Defender\system\taskmgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Microsoft®Windows®OSManager] C:\MSOCache\taskeng.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: WindowsDefenderPolicies = C:\Program Files\Windows Defender\system\taskmgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: WindowsDefenderPolicies = C:\Program Files\Windows Defender\system\taskmgr.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\MSOCache\taskeng.exe) - C:\MSOCache\taskeng.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\MSOCache\taskeng.exe) - C:\MSOCache\taskeng.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\MSOCache\taskeng.exe) - C:\MSOCache\taskeng.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\MSOCache\taskeng.exe) - C:\MSOCache\taskeng.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/15 17:31:46 | 000,000,113 | ---- | M] () - H:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{7170f2b2-0413-11e0-9fc5-002243d605ad}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/11 07:46:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hamish\Desktop\OTL.exe
[2011/01/10 22:28:13 | 000,000,000 | R--D | C] -- C:\Users\Hamish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD 8
[2011/01/10 22:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/01/10 11:00:14 | 000,000,000 | ---D | C] -- C:\Users\Hamish\Desktop\gmer
[2011/01/03 10:05:51 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Palringo
[2011/01/03 10:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Palringo
[2011/01/02 17:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
[2011/01/01 23:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/01/01 23:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2011/01/01 23:37:20 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Uniblue
[2011/01/01 22:34:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/01 20:06:48 | 001,047,880 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Hamish\Desktop\procexp64.exe
[2011/01/01 13:48:45 | 000,000,000 | ---D | C] -- C:\Users\Hamish\Tracing
[2010/12/31 23:01:41 | 000,000,000 | ---D | C] -- C:\Users\Hamish\Desktop\backups
[2010/12/31 21:41:47 | 004,177,272 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Hamish\Desktop\procexp.exe
[2010/12/31 16:50:59 | 000,000,000 | ---D | C] -- C:\Users\Hamish\Desktop\Installer
[2010/12/31 14:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2010/12/31 14:08:58 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/12/31 13:32:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Hamish\Desktop\HijackThis.exe
[2010/12/30 18:42:28 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Apple Computer
[2010/12/28 12:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2010/12/28 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/28 12:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/12/26 20:42:39 | 000,000,000 | ---D | C] -- C:\Users\Hamish\Documents\My Streaming Media
[2010/12/26 20:42:38 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Local\Jaksta_Pty_Ltd
[2010/12/26 20:28:39 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Replay Media Catcher 4
[2010/12/26 20:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2010/12/23 02:53:55 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Malwarebytes
[2010/12/23 02:53:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/23 02:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/23 02:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/23 02:53:47 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/23 02:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/13 22:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010/12/13 22:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2011/01/11 07:51:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/11 07:46:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hamish\Desktop\OTL.exe
[2011/01/11 07:46:18 | 000,114,411 | -H-- | M] () -- C:\Users\Hamish\AppData\Roaming\Hamishlog.dat
[2011/01/11 07:42:42 | 000,039,605 | ---- | M] () -- C:\Users\Hamish\Desktop\bootkit_remover.rar
[2011/01/11 07:39:14 | 000,080,384 | ---- | M] () -- C:\Users\Hamish\Desktop\MBRCheck.exe
[2011/01/11 06:55:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2222934153-465452855-2351853516-1000UA.job
[2011/01/11 06:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/01/11 02:55:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2222934153-465452855-2351853516-1000Core.job
[2011/01/10 22:35:08 | 000,010,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 22:35:08 | 000,010,256 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 22:28:04 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2011/01/10 22:27:57 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/10 22:27:52 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/01/10 22:27:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/10 22:27:28 | 3205,668,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/10 10:58:19 | 000,288,107 | ---- | M] () -- C:\Users\Hamish\Desktop\gmer.zip
[2011/01/03 19:50:13 | 003,845,580 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/03 19:50:13 | 000,699,356 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2011/01/03 19:50:13 | 000,685,440 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2011/01/03 19:50:13 | 000,669,826 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2011/01/03 19:50:13 | 000,622,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/03 19:50:13 | 000,617,114 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2011/01/03 19:50:13 | 000,138,772 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2011/01/03 19:50:13 | 000,135,654 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2011/01/03 19:50:13 | 000,129,990 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2011/01/03 19:50:13 | 000,123,268 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2011/01/03 19:50:13 | 000,108,636 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/02 19:07:07 | 000,008,335 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.csv
[2011/01/02 19:06:20 | 000,011,878 | ---- | M] () -- C:\Users\Hamish\Documents\My Places.kmz
[2011/01/02 19:06:09 | 000,007,967 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kmz
[2011/01/02 17:55:14 | 000,000,542 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kst
[2011/01/02 17:48:51 | 000,000,493 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kdx
[2011/01/02 17:39:51 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth Pro.lnk
[2011/01/02 16:42:12 | 000,040,432 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds adl metro.kml
[2011/01/02 16:22:04 | 000,035,328 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.xls
[2011/01/02 11:28:34 | 002,486,987 | ---- | M] () -- C:\Users\Hamish\Desktop\Trip to central Australia.rar
[2011/01/02 11:15:27 | 000,002,360 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/01/01 23:45:31 | 000,001,110 | ---- | M] () -- C:\Users\Hamish\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2011/01/01 23:45:31 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2011/01/01 22:51:32 | 000,007,628 | ---- | M] () -- C:\Users\Hamish\AppData\Local\resmon.resmoncfg
[2011/01/01 20:06:48 | 001,047,880 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Hamish\Desktop\procexp64.exe
[2011/01/01 19:27:07 | 000,428,446 | ---- | M] () -- C:\Users\Hamish\'hosts.'
[2011/01/01 18:08:59 | 000,005,832 | ---- | M] () -- C:\Users\Hamish\Documents\cc_20110101_180855.reg
[2011/01/01 18:02:33 | 000,017,152 | ---- | M] () -- C:\Users\Hamish\Documents\cc_20110101_180200.reg
[2010/12/31 15:14:30 | 000,624,128 | ---- | M] () -- C:\Users\Hamish\Desktop\dds.scr
[2010/12/31 14:55:46 | 000,032,582 | ---- | M] () -- C:\Users\Hamish\Documents\cc_20101231_145528.reg
[2010/12/31 14:52:00 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/31 14:46:19 | 000,428,504 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/12/31 13:32:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Hamish\Desktop\HijackThis.exe
[2010/12/31 12:50:24 | 000,428,444 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101231-144619.backup
[2010/12/30 10:25:36 | 007,227,845 | ---- | M] () -- C:\Users\Hamish\Desktop\RBSHFullBook.pdf
[2010/12/28 13:16:29 | 000,001,897 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2010/12/28 12:38:35 | 000,428,444 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101231-125024.backup
[2010/12/28 12:30:45 | 000,001,284 | ---- | M] () -- C:\Users\Hamish\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/28 12:30:45 | 000,001,260 | ---- | M] () -- C:\Users\Hamish\Desktop\Spybot - Search & Destroy.lnk
[2010/12/26 21:55:47 | 000,449,917 | ---- | M] () -- C:\Users\Hamish\Documents\Presentation1.pptx
[2010/12/26 20:35:22 | 000,000,863 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101228-123835.backup
[2010/12/26 20:35:22 | 000,000,863 | ---- | M] () -- C:\Users\Hamish\Documents\hosts
[2010/12/26 20:28:37 | 000,002,637 | ---- | M] () -- C:\Users\Public\Desktop\Replay Media Catcher 4.lnk
[2010/12/23 02:53:51 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/22 20:58:41 | 000,011,831 | ---- | M] () -- C:\Users\Hamish\Desktop\Houseboat payment.docx
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/16 07:37:01 | 000,507,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/15 17:32:46 | 000,645,632 | ---- | M] () -- C:\Users\Hamish\Desktop\Afghanevents1.xls
[2010/12/13 22:58:21 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/13 14:18:24 | 000,093,337 | ---- | M] () -- C:\Users\Hamish\Desktop\Resume Sarah Marie 2010.docx
[2010/12/12 17:59:41 | 000,190,976 | ---- | M] () -- C:\Users\Hamish\Desktop\Feb_2009-Hamish_Freeman_CV.doc
[2010/12/12 15:13:13 | 000,090,998 | ---- | M] () -- C:\Users\Hamish\Documents\Resume 2010.docx

========== Files Created - No Company Name ==========

[2011/01/11 07:42:44 | 000,039,605 | ---- | C] () -- C:\Users\Hamish\Desktop\bootkit_remover.rar
[2011/01/11 07:39:18 | 000,080,384 | ---- | C] () -- C:\Users\Hamish\Desktop\MBRCheck.exe
[2011/01/10 10:58:14 | 000,288,107 | ---- | C] () -- C:\Users\Hamish\Desktop\gmer.zip
[2011/01/02 19:06:20 | 000,011,878 | ---- | C] () -- C:\Users\Hamish\Documents\My Places.kmz
[2011/01/02 17:55:38 | 000,007,967 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kmz
[2011/01/02 17:50:07 | 000,000,542 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kst
[2011/01/02 17:48:51 | 000,000,493 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kdx
[2011/01/02 17:39:51 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth Pro.lnk
[2011/01/02 16:27:19 | 000,040,432 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds adl metro.kml
[2011/01/02 16:25:52 | 000,008,335 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.csv
[2011/01/02 03:42:04 | 000,035,328 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.xls
[2011/01/01 23:45:36 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011/01/01 23:45:31 | 000,001,110 | ---- | C] () -- C:\Users\Hamish\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2011/01/01 23:45:31 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2011/01/01 19:27:07 | 000,428,446 | ---- | C] () -- C:\Users\Hamish\'hosts.'
[2011/01/01 18:08:56 | 000,005,832 | ---- | C] () -- C:\Users\Hamish\Documents\cc_20110101_180855.reg
[2011/01/01 18:02:31 | 000,017,152 | ---- | C] () -- C:\Users\Hamish\Documents\cc_20110101_180200.reg
[2010/12/31 15:28:44 | 000,296,448 | ---- | C] () -- C:\Users\Hamish\Desktop\gmer.exe
[2010/12/31 15:14:23 | 000,624,128 | ---- | C] () -- C:\Users\Hamish\Desktop\dds.scr
[2010/12/31 14:55:42 | 000,032,582 | ---- | C] () -- C:\Users\Hamish\Documents\cc_20101231_145528.reg
[2010/12/31 14:52:00 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/30 10:25:34 | 007,227,845 | ---- | C] () -- C:\Users\Hamish\Desktop\RBSHFullBook.pdf
[2010/12/28 12:30:45 | 000,001,284 | ---- | C] () -- C:\Users\Hamish\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/28 12:30:45 | 000,001,260 | ---- | C] () -- C:\Users\Hamish\Desktop\Spybot - Search & Destroy.lnk
[2010/12/26 21:55:46 | 000,449,917 | ---- | C] () -- C:\Users\Hamish\Documents\Presentation1.pptx
[2010/12/26 20:35:22 | 000,000,863 | ---- | C] () -- C:\Users\Hamish\Documents\hosts
[2010/12/26 20:28:37 | 000,002,637 | ---- | C] () -- C:\Users\Public\Desktop\Replay Media Catcher 4.lnk
[2010/12/23 02:53:51 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/22 20:58:41 | 000,011,831 | ---- | C] () -- C:\Users\Hamish\Desktop\Houseboat payment.docx
[2010/12/15 17:32:47 | 000,645,632 | ---- | C] () -- C:\Users\Hamish\Desktop\Afghanevents1.xls
[2010/12/12 17:59:40 | 000,190,976 | ---- | C] () -- C:\Users\Hamish\Desktop\Feb_2009-Hamish_Freeman_CV.doc
[2010/12/12 16:48:16 | 000,093,337 | ---- | C] () -- C:\Users\Hamish\Desktop\Resume Sarah Marie 2010.docx
[2010/12/12 15:13:08 | 000,090,998 | ---- | C] () -- C:\Users\Hamish\Documents\Resume 2010.docx
[2010/09/22 20:36:43 | 000,000,032 | ---- | C] () -- C:\Users\Hamish\AppData\Local\xobni_installer_updater.log
[2010/08/21 18:28:49 | 000,000,164 | ---- | C] () -- C:\Windows\SysWow64\psconv.ini
[2010/08/21 18:27:37 | 000,001,024 | -HS- | C] () -- C:\ProgramData\dwg2pdf.dll
[2010/08/05 18:40:51 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2010/07/16 17:56:45 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010/07/14 20:18:26 | 000,000,120 | ---- | C] () -- C:\Users\Hamish\AppData\Local\Aroyuvuroviloxe.dat
[2010/07/14 20:18:26 | 000,000,000 | ---- | C] () -- C:\Users\Hamish\AppData\Local\Pjaqijolozike.bin
[2010/04/15 01:19:28 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010/04/15 01:19:28 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010/04/15 01:19:28 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010/04/15 01:19:28 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010/04/15 01:19:28 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010/04/15 01:19:27 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010/04/15 01:18:45 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\cddvdint.dll
[2010/03/04 22:55:59 | 000,007,628 | ---- | C] () -- C:\Users\Hamish\AppData\Local\resmon.resmoncfg
[2010/02/14 01:30:26 | 003,870,058 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/02 17:05:44 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2010/02/02 17:05:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2010/02/02 16:57:33 | 000,003,584 | ---- | C] () -- C:\Users\Hamish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/02 16:43:57 | 000,000,540 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2010/02/01 19:16:27 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/12/10 23:43:26 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/10 23:22:56 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/10 23:07:00 | 000,000,108 | ---- | C] () -- C:\ProgramData\{2637C347-9DAD-11D6-9EA2-00055D0CA761}.log
[2009/12/10 22:56:20 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/12/10 22:55:58 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/10/21 04:49:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/08/19 19:03:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 16:31:09 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 10:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/12/02 13:02:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/02/29 03:23:09 | 000,393,216 | ---- | C] () -- C:\Windows\SysWow64\TAGDLL.dll
[2005/07/17 20:56:34 | 000,114,411 | -H-- | C] () -- C:\Users\Hamish\AppData\Roaming\Hamishlog.dat

========== LOP Check ==========

[2010/03/04 23:33:27 | 000,000,000 | -HSD | M] -- C:\Users\Hamish\AppData\Roaming\.#
[2010/02/01 17:52:49 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Asus WebStorage
[2010/04/15 10:39:37 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\ASUSTek
[2011/01/05 00:16:36 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\BitTorrent
[2010/09/11 17:39:17 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\com.adobe.example.nowplaying.CB47D98EFACE64EC32AB956F069921E47BEB7894.1
[2010/12/20 15:40:43 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Free Audio Editor
[2010/03/04 23:31:50 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\GameConsole
[2010/11/19 17:30:00 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\GetRightToGo
[2010/02/11 14:04:03 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\IcoFX
[2010/08/05 14:32:15 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\ICQ
[2010/04/15 01:22:46 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\InterVideo
[2010/11/19 17:44:25 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Jaksta
[2010/02/01 19:09:02 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\PowerCinema
[2010/02/01 21:44:04 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Publish Providers
[2010/12/31 14:39:07 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\QuickScan
[2010/12/26 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Replay Media Catcher 4
[2010/12/10 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Sierra Wireless
[2010/09/04 17:21:45 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Sony
[2011/01/01 23:38:17 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Uniblue
[2011/01/01 20:33:22 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Utherverse
[2010/07/14 02:11:01 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Xilisoft
[2010/02/11 15:04:04 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Xilisoft Corporation
[2011/01/11 06:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/01/10 22:27:52 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011/01/01 22:21:26 | 000,032,098 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 12:22:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 12:22:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 12:22:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 12:22:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 11:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 11:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 11:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 12:10:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/08/07 07:54:13 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys
[2009/08/07 07:54:13 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_9071cf01e963be0e\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 12:18:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 12:18:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 12:11:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 11:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 11:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 11:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 12:15:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 12:15:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 11:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 11:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 11:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 12:11:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

-----------------------------------------------


4. Extras.txt



OTL Extras logfile created on: 1/11/2011 7:47:31 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Hamish\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 22.58 Gb Free Space | 19.39% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 322.75 Gb Free Space | 96.44% Space Free | Partition Type: NTFS
Drive F: | 941.73 Mb Total Space | 941.73 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Drive H: | 298.09 Gb Total Space | 202.67 Gb Free Space | 67.99% Space Free | Partition Type: NTFS
Drive I: | 149.05 Gb Total Space | 9.69 Gb Free Space | 6.50% Space Free | Partition Type: NTFS

Computer Name: ADMIN | User Name: Hamish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Telstra\Telstra Connection Manager\SwiApiMux.exe" = C:\Program Files (x86)\Telstra\Telstra Connection Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Telstra\Telstra Connection Manager\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Telstra\Telstra Connection Manager\SwiApiMux.exe" = C:\Program Files (x86)\Telstra\Telstra Connection Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Telstra\Telstra Connection Manager\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{6AF3B80B-6689-EAFA-F2CA-4D10CC7EBEF9}" = McAfee Online Backup
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0401-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Arabic) 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{90120000-002A-041E-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Thai) 2007
"{90120000-002A-041F-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Turkish) 2007
"{90120000-002A-0804-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Simplified)) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C04-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit)
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"Asus WebStorage" = Asus WebStorage
"CCleaner" = CCleaner
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 2.0M UVC WebCam" = USB 2.0 2.0M UVC WebCam
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.05.02.02
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{254A8670-1410-4E40-925B-2225DEC12E5F}" = UtherCloset
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = AI TouchMedia
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 23
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = ASUSTek ASUSDVD 8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5F64E152-51C1-47B4-BEA8-007D73C7460F}" = Cisco AnyConnect VPN Client
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{70376A8D-C6E7-4A61-9E30-42AD268CD45D}_is1" = MagicCamera 6.8.0
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75CED681-7B72-FED6-BAB4-07A3C60EB071}" = Now Playing
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110304260}" = Island Wars 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0401-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Arabic) 2007
"{90120000-0016-0401-0000-0000000FF1CE}_HOMESTUDENTR_{F3C3851B-43B8-4B86-89BA-ECAD6518AD22}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_HOMESTUDENTR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-041E-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Thai) 2007
"{90120000-0016-041E-0000-0000000FF1CE}_HOMESTUDENTR_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-041F-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Turkish) 2007
"{90120000-0016-041F-0000-0000000FF1CE}_HOMESTUDENTR_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0804-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Simplified)) 2007
"{90120000-0016-0804-0000-0000000FF1CE}_HOMESTUDENTR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_HOMESTUDENTR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C04-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0C04-0000-0000000FF1CE}_HOMESTUDENTR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0401-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Arabic) 2007
"{90120000-0018-0401-0000-0000000FF1CE}_HOMESTUDENTR_{F3C3851B-43B8-4B86-89BA-ECAD6518AD22}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_HOMESTUDENTR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-041E-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Thai) 2007
"{90120000-0018-041E-0000-0000000FF1CE}_HOMESTUDENTR_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-041F-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Turkish) 2007
"{90120000-0018-041F-0000-0000000FF1CE}_HOMESTUDENTR_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0804-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
"{90120000-0018-0804-0000-0000000FF1CE}_HOMESTUDENTR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_HOMESTUDENTR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C04-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0C04-0000-0000000FF1CE}_HOMESTUDENTR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0401-0000-0000000FF1CE}" = Microsoft Office Word MUI (Arabic) 2007
"{90120000-001B-0401-0000-0000000FF1CE}_HOMESTUDENTR_{F3C3851B-43B8-4B86-89BA-ECAD6518AD22}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_HOMESTUDENTR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-041E-0000-0000000FF1CE}" = Microsoft Office Word MUI (Thai) 2007
"{90120000-001B-041E-0000-0000000FF1CE}_HOMESTUDENTR_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-041F-0000-0000000FF1CE}" = Microsoft Office Word MUI (Turkish) 2007
"{90120000-001B-041F-0000-0000000FF1CE}_HOMESTUDENTR_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0804-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Simplified)) 2007
"{90120000-001B-0804-0000-0000000FF1CE}_HOMESTUDENTR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_HOMESTUDENTR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C04-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0C04-0000-0000000FF1CE}_HOMESTUDENTR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_HOMESTUDENTR_{33FA7680-10ED-444E-BC72-214064317283}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2007
"{90120000-001F-041E-0000-0000000FF1CE}_HOMESTUDENTR_{0ED7C31A-FB21-4F8E-BD16-921A5E69B2C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2007
"{90120000-001F-041F-0000-0000000FF1CE}_HOMESTUDENTR_{CB71F1CB-4CC3-47DE-B003-40413E64FE10}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2007
"{90120000-001F-0804-0000-0000000FF1CE}_HOMESTUDENTR_{82E853AD-6911-4EA9-9EB0-2F9BE7747878}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_HOMESTUDENTR_{C312E1CD-EC19-4270-A072-F36F634DFF79}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_HOMESTUDENTR_{5E6C6E79-40BE-491B-9ABF-C665667E1B07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0404-1000-0000000FF1CE}_HOMESTUDENTR_{1252D255-DB26-4F85-9F0F-D59B9DFE339E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90120000-0028-0804-0000-0000000FF1CE}_HOMESTUDENTR_{4029CB10-E410-41AD-BB3F-052C95243407}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0804-1000-0000000FF1CE}_HOMESTUDENTR_{B45C4BDA-CDBB-4D65-8970-6ABB35BE81B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0401-1000-0000000FF1CE}_HOMESTUDENTR_{C1547C6B-A758-4270-964E-4EE8D323C99D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0404-1000-0000000FF1CE}_HOMESTUDENTR_{3F96DD0A-F509-4CBD-8130-B3B3194A9C3D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0416-1000-0000000FF1CE}_HOMESTUDENTR_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-041E-1000-0000000FF1CE}_HOMESTUDENTR_{CEB4C8D4-2A39-45FD-B201-FBC950549C59}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-041F-1000-0000000FF1CE}_HOMESTUDENTR_{5BAE8A52-83CD-4A7B-90B0-5EFB57FD78C8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0804-1000-0000000FF1CE}_HOMESTUDENTR_{A844CE03-EE56-4609-808D-946E33AA9236}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0816-1000-0000000FF1CE}_HOMESTUDENTR_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0C04-1000-0000000FF1CE}_HOMESTUDENTR_{364CCAC1-F404-461B-8025-8586FC7CA772}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0C0A-1000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0401-0000-0000000FF1CE}" = Microsoft Office Proofing (Arabic) 2007
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-002C-041E-0000-0000000FF1CE}" = Microsoft Office Proofing (Thai) 2007
"{90120000-002C-041F-0000-0000000FF1CE}" = Microsoft Office Proofing (Turkish) 2007
"{90120000-002C-0804-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Simplified)) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C04-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0401-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Arabic) 2007
"{90120000-006E-0401-0000-0000000FF1CE}_HOMESTUDENTR_{C1547C6B-A758-4270-964E-4EE8D323C99D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_HOMESTUDENTR_{3F96DD0A-F509-4CBD-8130-B3B3194A9C3D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_HOMESTUDENTR_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-041E-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Thai) 2007
"{90120000-006E-041E-0000-0000000FF1CE}_HOMESTUDENTR_{CEB4C8D4-2A39-45FD-B201-FBC950549C59}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-041F-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Turkish) 2007
"{90120000-006E-041F-0000-0000000FF1CE}_HOMESTUDENTR_{5BAE8A52-83CD-4A7B-90B0-5EFB57FD78C8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0804-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Simplified)) 2007
"{90120000-006E-0804-0000-0000000FF1CE}_HOMESTUDENTR_{A844CE03-EE56-4609-808D-946E33AA9236}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_HOMESTUDENTR_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C04-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0C04-0000-0000000FF1CE}_HOMESTUDENTR_{364CCAC1-F404-461B-8025-8586FC7CA772}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0401-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Arabic) 2007
"{90120000-00A1-0401-0000-0000000FF1CE}_HOMESTUDENTR_{F3C3851B-43B8-4B86-89BA-ECAD6518AD22}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0404-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
"{90120000-00A1-0404-0000-0000000FF1CE}_HOMESTUDENTR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-041E-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Thai) 2007
"{90120000-00A1-041E-0000-0000000FF1CE}_HOMESTUDENTR_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-041F-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Turkish) 2007
"{90120000-00A1-041F-0000-0000000FF1CE}_HOMESTUDENTR_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0804-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Chinese (Simplified)) 2007
"{90120000-00A1-0804-0000-0000000FF1CE}_HOMESTUDENTR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
"{90120000-00A1-0816-0000-0000000FF1CE}_HOMESTUDENTR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C04-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
"{90120000-00A1-0C04-0000-0000000FF1CE}_HOMESTUDENTR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5F1D23A-5282-467D-B0DA-B0D6F661D587}" = SAGEM F@st 1201
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E731DD1E-A679-4DB0-A6CE-94C388517293}" = Telstra Connection Manager
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aimersoft Audio Converter_is1" = Aimersoft Audio Converter(Build 1.2.1)
"Aimersoft DVD Creator_is1" = Aimersoft DVD Creator(Build 1.1.53)
"Aimersoft DVD Ripper_is1" = Aimersoft DVD Ripper(Build 1.2.1)
"Aimersoft DVD Studio Pack_is1" = Aimersoft DVD Studio Pack(Build 1.2.1)
"Aimersoft Video Converter_is1" = Aimersoft Video Converter(Build 1.2.1)
"Applian Director2.0" = Applian Director
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS_Screensaver" = ASUS_Screensaver
"BitTorrent" = BitTorrent
"CodInstl" = Intel A/V Codecs V2.0
"conduitEngine" = Conduit Engine
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"Digsby" = Digsby
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"ER Mapper 7.1" = ER Mapper 7.1
"Flv Recorder_is1" = FlvRecorder
"Free Audio Editor" = Free Audio Editor
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"GIF to AVI SWF Converter" = GIF to AVI SWF Converter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IcoFX_is1" = IcoFX 1.6.4
"ICQToolbar" = ICQ Toolbar
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = AI TouchMedia
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = ASUSTek ASUSDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InterActual Player" = InterActual Player
"Joboshare DVD Creator" = Joboshare DVD Creator
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee Internet Security
"Palringo" = Palringo
"PROR" = Microsoft Office Professional 2007
"Red Light Center 3D Client" = Red Light Center 3D Client
"Replay Media Catcher2.30" = Replay Media Catcher
"Replay Video Capture3.1B" = Replay Video Capture
"rFactor" = rFactor (remove only)
"SopCast" = SopCast 3.2.8
"Total Video Converter 3.21_is1" = Total Video Converter 3.21 090220
"TVUPlayer" = TVUPlayer 2.5.2.2
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WM Recorder 12.0" = WM Recorder 12.0
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate 6
"XobniMain" = Xobni
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:55 PM

Posted 10 January 2011 - 07:09 PM

Hello,


I don't see any signs of malware in your logs. Just a bunch of blank entries and leftover stuff.
Are you still seeing signs of malware?

1.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :Otl
    IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
    O4 - HKCU..\Run: [] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: WindowsDefenderPolicies = C:\Program Files\Windows Defender\system\taskmgr.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: WindowsDefenderPolicies = C:\Program Files\Windows Defender\system\taskmgr.exe (Microsoft Corporation)
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O33 - MountPoints2\{7170f2b2-0413-11e0-9fc5-002243d605ad}\Shell - "" = AutoRun
    
    :files
    C:\Windows\tasks\At1.job
    C:\Users\Hamish\AppData\Local\Aroyuvuroviloxe.dat
    C:\Users\Hamish\AppData\Local\Pjaqijolozike.bin]
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH] 
    [RESETHOSTS]
    
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
Posted Image
You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.


3.
  • 1. Double click on the Posted Image icon on your desktop.
    2. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    3. Push the Quick Scan button.
    4. One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

Things to include in your next reply::
OTL fix log
Eset log
A new OTL log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 sahara74

sahara74
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 11 January 2011 - 03:11 PM

Up until I ran your last scans / logs I had 2 executable files named "install-0.exe" and "install-1.exe" in my C:\Users\Hamish\AppData\Local\Temp folder. These could not be removed as well as 2 files named Hamish7 and Hamish8 which did not have extensions and keep flickering.

All of these have now disppeared and the computer seems to be running a little better.

Also, I no longer have 4 IE windows start on reboot.

Here are the results of the most recent scans:


1. OTL Report


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\WindowsDefenderPolicies deleted successfully.
C:\Program Files\Windows Defender\system\taskmgr.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\WindowsDefenderPolicies deleted successfully.
File C:\Program Files\Windows Defender\system\taskmgr.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7170f2b2-0413-11e0-9fc5-002243d605ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7170f2b2-0413-11e0-9fc5-002243d605ad}\ not found.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Users\Hamish\AppData\Local\Aroyuvuroviloxe.dat moved successfully.
File\Folder C:\Users\Hamish\AppData\Local\Pjaqijolozike.bin] not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hamish
->Temp folder emptied: 414404093 bytes
->Temporary Internet Files folder emptied: 49583058 bytes
->Java cache emptied: 4052568 bytes
->FireFox cache emptied: 45849188 bytes
->Google Chrome cache emptied: 153614706 bytes
->Flash cache emptied: 20425 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 91420 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 954615689 bytes

Total Files Cleaned = 1,547.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Hamish
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.1 log created on 01112011_210506

Files\Folders moved on Reboot...
File\Folder C:\Users\Hamish\AppData\Local\Temp\etilqs_S2uxhf4e7vtzwgpmqb7T not found!
C:\Users\Hamish\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Hamish\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Hamish\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Hamish\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Hamish\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Hamish\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File\Folder C:\Windows\temp\mcafee_lPVnEVoCbleepNCL not found!

Registry entries deleted on Reboot...




2.ESET Results

C:\MSOCache\taskeng.exe a variant of Win32/Injector.ECL trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Replay Media Catcher\ffmpeg\avdevice-52.dll probably a variant of Win32/Spy.Agent.KJOWLIA trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Hamish\Documents\Software\registry booster 2010 working\registrybooster.exe Win32/RegistryBooster application deleted - quarantined
C:\Users\Hamish\Documents\Software\Replay Media Catcher 4.0.14\RCATSetup4-x64.exe multiple threats deleted - quarantined
C:\Users\Hamish\Documents\Software\Replay Media Catcher 4.0.14\RCATSetup4.exe multiple threats deleted - quarantined
C:\Users\Hamish\Downloads\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01112011_210506\C_Program Files\Windows Defender\system\taskmgr.exe a variant of Win32/Injector.ECL trojan cleaned by deleting - quarantined





3. OTL Log


OTL logfile created on: 1/12/2011 5:51:24 AM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Hamish\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 24.36 Gb Free Space | 20.92% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 322.75 Gb Free Space | 96.44% Space Free | Partition Type: NTFS
Drive F: | 941.73 Mb Total Space | 941.73 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: ADMIN | User Name: Hamish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/11 07:46:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hamish\Desktop\OTL.exe
PRC - [2011/01/06 14:37:45 | 000,995,896 | ---- | M] (Google Inc.) -- C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/03/28 17:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010/03/16 20:22:02 | 000,055,016 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
PRC - [2010/03/03 09:08:54 | 001,176,944 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Telstra\Telstra Connection Manager\Watcher.exe
PRC - [2010/02/25 21:14:36 | 000,210,288 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Telstra\Telstra Connection Manager\SwiApiMux.exe
PRC - [2010/01/25 15:45:36 | 000,562,544 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
PRC - [2009/12/10 23:43:39 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/09/25 13:59:10 | 000,058,648 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files (x86)\Telstra\Telstra Connection Manager\WaHelper.exe
PRC - [2009/09/25 08:20:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/09/05 09:54:52 | 001,600,128 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/08/14 08:47:02 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/14 08:46:46 | 000,218,408 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe
PRC - [2009/08/13 08:50:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/08/07 07:03:10 | 000,177,384 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/08 05:50:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/06/20 04:59:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/20 04:59:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/18 06:47:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/06/16 12:00:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/19 10:28:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/21 05:39:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/04/16 18:22:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
PRC - [2008/12/23 11:45:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/11/10 07:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/03/31 21:25:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/12/01 05:50:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 18:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/01/11 07:46:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hamish\Desktop\OTL.exe
MOD - [2010/08/21 15:51:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/13 22:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/08/24 15:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/09/18 06:06:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/07 08:47:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 12:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 12:10:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/02 13:24:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2007/08/08 18:38:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/06/30 05:14:04 | 000,207,672 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe -- (MOBK742backup)
SRV - [2010/03/28 17:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/03/16 20:22:02 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2010/01/15 23:19:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/21 04:49:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/15 11:33:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/18 06:47:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/06/16 12:00:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 07:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/10 07:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/31 21:25:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2006/05/17 00:08:16 | 000,094,208 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\ERM\7.1\ERMLicSrv_ATL71.exe -- (ERMLicSrv_ATL71)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swumx20.sys -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iviaspi.sys -- (Iviaspi)
DRV:64bit: - [2010/10/13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/06/30 05:13:56 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK742.sys -- (MOBK742Filter)
DRV:64bit: - [2010/02/02 16:33:08 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/28 14:45:24 | 000,283,136 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV:64bit: - [2009/12/08 14:03:02 | 000,206,848 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV:64bit: - [2009/10/21 04:49:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/08/07 08:47:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/08/07 07:54:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/27 17:34:35 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/20 20:18:31 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/20 19:59:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/20 18:03:41 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel®
DRV:64bit: - [2009/07/14 12:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 12:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 12:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:01:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/05 13:57:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/03 03:24:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 15:16:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 15:16:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 15:16:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/20 12:39:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/18 06:32:03 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/06/11 07:08:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 07:05:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/11 07:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 20:46:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/13 11:37:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/01 00:13:33 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/04/07 18:03:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/15 07:50:03 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2008/05/24 11:57:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/25 05:41:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2005/06/14 14:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2003/09/11 15:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\iviaspi.sys -- (Iviaspi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {8E5DB170-37D6-4FD6-983B-D7ECCABA359E}:1.9.1
FF - prefs.js..extensions.enabledItems: {6686734D-EEF0-4DB7-9BC7-404E5DC51C89}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://au.search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{8E5DB170-37D6-4FD6-983B-D7ECCABA359E}: C:\Windows\system32\config\systemprofile\AppData\Local\{8E5DB170-37D6-4FD6-983B-D7ECCABA359E}\ [2010/07/14 07:02:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6686734D-EEF0-4DB7-9BC7-404E5DC51C89}: C:\Users\Hamish\AppData\Local\{6686734D-EEF0-4DB7-9BC7-404E5DC51C89} [2010/07/14 20:18:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/01/11 21:59:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/11 18:02:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/23 12:48:33 | 000,000,000 | ---D | M]

[2010/03/14 01:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Extensions
[2010/12/31 14:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions
[2010/11/19 16:59:23 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/09/05 01:38:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/15 00:42:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/04 13:04:51 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/07/29 20:07:31 | 000,000,000 | ---D | M] (Messenger Plus Live Australia Toolbar) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{ea0969b3-6e12-4ac0-b6c9-148e81247954}
[2010/12/30 21:05:01 | 000,001,056 | ---- | M] () -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\searchplugins\icqplugin.xml
[2010/12/31 13:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/13 15:37:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 09:27:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 11:52:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/25 00:02:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/11 21:59:22 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010/07/14 20:18:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\HAMISH\APPDATA\LOCAL\{6686734D-EEF0-4DB7-9BC7-404E5DC51C89}
[2010/07/14 07:02:06 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{8E5DB170-37D6-4FD6-983B-D7ECCABA359E}
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/13 03:03:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/08/04 17:32:10 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/01/11 21:09:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101101115550.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101101115550.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft®Windows®WindowsDefender] C:\Program Files\Windows Defender\system\taskmgr.exe File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\ASUSTek\ASUSDVD 8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Telstra\Telstra Connection Manager\WaHelper.exe (Sierra Wireless Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\MSOCache\taskeng.exe) - C:\MSOCache\taskeng.exe File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\MSOCache\taskeng.exe) - C:\MSOCache\taskeng.exe File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\MSOCache\taskeng.exe) - C:\MSOCache\taskeng.exe File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\MSOCache\taskeng.exe) - C:\MSOCache\taskeng.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/11 21:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/01/11 21:12:12 | 000,000,000 | R--D | C] -- C:\Users\Hamish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD 8
[2011/01/11 21:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/01/11 21:05:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/11 07:46:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hamish\Desktop\OTL.exe
[2011/01/03 10:05:51 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Palringo
[2011/01/03 10:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Palringo
[2011/01/02 17:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
[2011/01/01 23:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/01/01 23:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2011/01/01 23:37:20 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Uniblue
[2011/01/01 22:34:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/01 20:06:48 | 001,047,880 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Hamish\Desktop\procexp64.exe
[2011/01/01 13:48:45 | 000,000,000 | ---D | C] -- C:\Users\Hamish\Tracing
[2010/12/31 23:01:41 | 000,000,000 | ---D | C] -- C:\Users\Hamish\Desktop\backups
[2010/12/31 21:41:47 | 004,177,272 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Hamish\Desktop\procexp.exe
[2010/12/31 14:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2010/12/31 14:08:58 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/12/31 13:32:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Hamish\Desktop\HijackThis.exe
[2010/12/30 18:42:28 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Apple Computer
[2010/12/28 12:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2010/12/28 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/28 12:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/12/26 20:42:39 | 000,000,000 | ---D | C] -- C:\Users\Hamish\Documents\My Streaming Media
[2010/12/26 20:42:38 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Local\Jaksta_Pty_Ltd
[2010/12/26 20:28:39 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Replay Media Catcher 4
[2010/12/26 20:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2010/12/23 02:53:55 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Malwarebytes
[2010/12/23 02:53:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/23 02:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/23 02:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/23 02:53:47 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/23 02:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/13 22:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010/12/13 22:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2011/01/12 06:04:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/12 05:55:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2222934153-465452855-2351853516-1000UA.job
[2011/01/12 05:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/12 02:55:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2222934153-465452855-2351853516-1000Core.job
[2011/01/11 22:47:32 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/01/11 21:23:43 | 002,672,312 | ---- | M] () -- C:\Users\Hamish\Desktop\esetsmartinstaller_enu.exe
[2011/01/11 21:18:14 | 000,010,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/11 21:18:14 | 000,010,256 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/11 21:11:11 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2011/01/11 21:11:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/11 21:10:28 | 3205,668,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/11 21:09:17 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/01/11 21:04:51 | 000,117,375 | -H-- | M] () -- C:\Users\Hamish\AppData\Roaming\Hamishlog.dat
[2011/01/11 08:34:31 | 000,016,339 | ---- | M] () -- C:\Users\Hamish\Desktop\bleeping computer reply.docx
[2011/01/11 07:46:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hamish\Desktop\OTL.exe
[2011/01/11 07:39:14 | 000,080,384 | ---- | M] () -- C:\Users\Hamish\Desktop\MBRCheck.exe
[2011/01/03 19:50:13 | 003,845,580 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/03 19:50:13 | 000,699,356 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2011/01/03 19:50:13 | 000,685,440 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2011/01/03 19:50:13 | 000,669,826 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2011/01/03 19:50:13 | 000,622,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/03 19:50:13 | 000,617,114 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2011/01/03 19:50:13 | 000,138,772 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2011/01/03 19:50:13 | 000,135,654 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2011/01/03 19:50:13 | 000,129,990 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2011/01/03 19:50:13 | 000,123,268 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2011/01/03 19:50:13 | 000,108,636 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/02 19:07:07 | 000,008,335 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.csv
[2011/01/02 19:06:20 | 000,011,878 | ---- | M] () -- C:\Users\Hamish\Documents\My Places.kmz
[2011/01/02 19:06:09 | 000,007,967 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kmz
[2011/01/02 17:55:14 | 000,000,542 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kst
[2011/01/02 17:48:51 | 000,000,493 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kdx
[2011/01/02 17:39:51 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth Pro.lnk
[2011/01/02 16:42:12 | 000,040,432 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds adl metro.kml
[2011/01/02 16:22:04 | 000,035,328 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.xls
[2011/01/02 11:28:34 | 002,486,987 | ---- | M] () -- C:\Users\Hamish\Desktop\Trip to central Australia.rar
[2011/01/02 11:15:27 | 000,002,360 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/01/01 23:45:31 | 000,001,110 | ---- | M] () -- C:\Users\Hamish\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2011/01/01 23:45:31 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2011/01/01 22:51:32 | 000,007,628 | ---- | M] () -- C:\Users\Hamish\AppData\Local\resmon.resmoncfg
[2011/01/01 20:06:48 | 001,047,880 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Hamish\Desktop\procexp64.exe
[2011/01/01 19:27:07 | 000,428,446 | ---- | M] () -- C:\Users\Hamish\'hosts.'
[2011/01/01 18:08:59 | 000,005,832 | ---- | M] () -- C:\Users\Hamish\Documents\cc_20110101_180855.reg
[2011/01/01 18:02:33 | 000,017,152 | ---- | M] () -- C:\Users\Hamish\Documents\cc_20110101_180200.reg
[2010/12/31 14:55:46 | 000,032,582 | ---- | M] () -- C:\Users\Hamish\Documents\cc_20101231_145528.reg
[2010/12/31 14:52:00 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/31 13:32:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Hamish\Desktop\HijackThis.exe
[2010/12/31 12:50:24 | 000,428,444 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101231-144619.backup
[2010/12/30 10:25:36 | 007,227,845 | ---- | M] () -- C:\Users\Hamish\Desktop\RBSHFullBook.pdf
[2010/12/28 13:16:29 | 000,001,897 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2010/12/28 12:38:35 | 000,428,444 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101231-125024.backup
[2010/12/28 12:30:45 | 000,001,284 | ---- | M] () -- C:\Users\Hamish\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/28 12:30:45 | 000,001,260 | ---- | M] () -- C:\Users\Hamish\Desktop\Spybot - Search & Destroy.lnk
[2010/12/26 21:55:47 | 000,449,917 | ---- | M] () -- C:\Users\Hamish\Documents\Presentation1.pptx
[2010/12/26 20:35:22 | 000,000,863 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101228-123835.backup
[2010/12/26 20:35:22 | 000,000,863 | ---- | M] () -- C:\Users\Hamish\Documents\hosts
[2010/12/26 20:28:37 | 000,002,637 | ---- | M] () -- C:\Users\Public\Desktop\Replay Media Catcher 4.lnk
[2010/12/23 02:53:51 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/16 07:37:01 | 000,507,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/13 22:58:21 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/13 14:18:24 | 000,093,337 | ---- | M] () -- C:\Users\Hamish\Desktop\Resume Sarah Marie 2010.docx

========== Files Created - No Company Name ==========

[2011/01/11 21:23:40 | 002,672,312 | ---- | C] () -- C:\Users\Hamish\Desktop\esetsmartinstaller_enu.exe
[2011/01/11 08:34:30 | 000,016,339 | ---- | C] () -- C:\Users\Hamish\Desktop\bleeping computer reply.docx
[2011/01/11 07:39:18 | 000,080,384 | ---- | C] () -- C:\Users\Hamish\Desktop\MBRCheck.exe
[2011/01/02 19:06:20 | 000,011,878 | ---- | C] () -- C:\Users\Hamish\Documents\My Places.kmz
[2011/01/02 17:55:38 | 000,007,967 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kmz
[2011/01/02 17:50:07 | 000,000,542 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kst
[2011/01/02 17:48:51 | 000,000,493 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kdx
[2011/01/02 17:39:51 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth Pro.lnk
[2011/01/02 16:27:19 | 000,040,432 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds adl metro.kml
[2011/01/02 16:25:52 | 000,008,335 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.csv
[2011/01/02 03:42:04 | 000,035,328 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.xls
[2011/01/01 23:45:36 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011/01/01 23:45:31 | 000,001,110 | ---- | C] () -- C:\Users\Hamish\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2011/01/01 23:45:31 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2011/01/01 19:27:07 | 000,428,446 | ---- | C] () -- C:\Users\Hamish\'hosts.'
[2011/01/01 18:08:56 | 000,005,832 | ---- | C] () -- C:\Users\Hamish\Documents\cc_20110101_180855.reg
[2011/01/01 18:02:31 | 000,017,152 | ---- | C] () -- C:\Users\Hamish\Documents\cc_20110101_180200.reg
[2010/12/31 14:55:42 | 000,032,582 | ---- | C] () -- C:\Users\Hamish\Documents\cc_20101231_145528.reg
[2010/12/31 14:52:00 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/30 10:25:34 | 007,227,845 | ---- | C] () -- C:\Users\Hamish\Desktop\RBSHFullBook.pdf
[2010/12/28 12:30:45 | 000,001,284 | ---- | C] () -- C:\Users\Hamish\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/28 12:30:45 | 000,001,260 | ---- | C] () -- C:\Users\Hamish\Desktop\Spybot - Search & Destroy.lnk
[2010/12/26 21:55:46 | 000,449,917 | ---- | C] () -- C:\Users\Hamish\Documents\Presentation1.pptx
[2010/12/26 20:35:22 | 000,000,863 | ---- | C] () -- C:\Users\Hamish\Documents\hosts
[2010/12/26 20:28:37 | 000,002,637 | ---- | C] () -- C:\Users\Public\Desktop\Replay Media Catcher 4.lnk
[2010/12/23 02:53:51 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/22 20:36:43 | 000,000,032 | ---- | C] () -- C:\Users\Hamish\AppData\Local\xobni_installer_updater.log
[2010/08/21 18:28:49 | 000,000,164 | ---- | C] () -- C:\Windows\SysWow64\psconv.ini
[2010/08/21 18:27:37 | 000,001,024 | -HS- | C] () -- C:\ProgramData\dwg2pdf.dll
[2010/08/05 18:40:51 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2010/07/16 17:56:45 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010/07/14 20:18:26 | 000,000,000 | ---- | C] () -- C:\Users\Hamish\AppData\Local\Pjaqijolozike.bin
[2010/04/15 01:19:28 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010/04/15 01:19:28 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010/04/15 01:19:28 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010/04/15 01:19:28 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010/04/15 01:19:28 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010/04/15 01:19:27 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010/04/15 01:18:45 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\cddvdint.dll
[2010/03/04 22:55:59 | 000,007,628 | ---- | C] () -- C:\Users\Hamish\AppData\Local\resmon.resmoncfg
[2010/02/14 01:30:26 | 003,870,058 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/02 17:05:44 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2010/02/02 17:05:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2010/02/02 16:57:33 | 000,003,584 | ---- | C] () -- C:\Users\Hamish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/02 16:43:57 | 000,000,540 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2010/02/01 19:16:27 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/12/10 23:43:26 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/10 23:22:56 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/10 23:07:00 | 000,000,108 | ---- | C] () -- C:\ProgramData\{2637C347-9DAD-11D6-9EA2-00055D0CA761}.log
[2009/12/10 22:56:20 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/12/10 22:55:58 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/10/21 04:49:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/08/19 19:03:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 16:31:09 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 10:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/12/02 13:02:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/02/29 03:23:09 | 000,393,216 | ---- | C] () -- C:\Windows\SysWow64\TAGDLL.dll
[2005/05/01 07:25:57 | 000,117,375 | -H-- | C] () -- C:\Users\Hamish\AppData\Roaming\Hamishlog.dat

========== LOP Check ==========

[2010/03/04 23:33:27 | 000,000,000 | -HSD | M] -- C:\Users\Hamish\AppData\Roaming\.#
[2010/02/01 17:52:49 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Asus WebStorage
[2010/04/15 10:39:37 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\ASUSTek
[2011/01/05 00:16:36 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\BitTorrent
[2010/09/11 17:39:17 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\com.adobe.example.nowplaying.CB47D98EFACE64EC32AB956F069921E47BEB7894.1
[2010/12/20 15:40:43 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Free Audio Editor
[2010/03/04 23:31:50 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\GameConsole
[2010/11/19 17:30:00 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\GetRightToGo
[2010/02/11 14:04:03 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\IcoFX
[2010/08/05 14:32:15 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\ICQ
[2010/04/15 01:22:46 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\InterVideo
[2010/11/19 17:44:25 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Jaksta
[2010/02/01 19:09:02 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\PowerCinema
[2010/02/01 21:44:04 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Publish Providers
[2010/12/31 14:39:07 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\QuickScan
[2010/12/26 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Replay Media Catcher 4
[2010/12/10 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Sierra Wireless
[2010/09/04 17:21:45 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Sony
[2011/01/01 23:38:17 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Uniblue
[2011/01/01 20:33:22 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Utherverse
[2010/07/14 02:11:01 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Xilisoft
[2010/02/11 15:04:04 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Xilisoft Corporation
[2011/01/11 22:47:32 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011/01/01 22:21:26 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 12:22:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 12:22:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 12:22:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 12:22:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 11:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 11:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 11:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 12:10:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/08/07 07:54:13 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys
[2009/08/07 07:54:13 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_9071cf01e963be0e\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 12:18:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 12:18:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 12:11:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 11:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 11:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 11:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 12:15:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 12:15:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 11:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 11:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 11:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 12:11:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:55 PM

Posted 11 January 2011 - 06:58 PM

Hello,

We are getting closer to being finished up.

1.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

2.
  • Open Spybot in one of the following ways:
    • If you have a shortcut on your desktop, double click it.
    • Click Start, then All Programs, then Spybot - Search & Destroy and then Spybot - Search & Destroy.
  • On the left side, click "Recovery".
    • NOTE: If this window is empty, you may skip the remaining steps. Exit Spybot.
  • Select (place a check) beside ALL the backup files that contain quarantined items.
  • Click on the Purge Selected Items button.
  • A dialog will appear, stating that the backup will be removed. Click Yes.
  • When the Recovery window is empty, Exit Spybot.


3.
Now please Empty Teatimer Cache. Your can do this by doing the following:
Download ResetTeaTimer.exe to your desktop.
Doubleclick ResetTeaTimer.exe and let it run.

4.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :Otl
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [Microsoft®Windows®WindowsDefender] C:\Program Files\Windows Defender\system\taskmgr.exe File not found
    O20:64bit: - HKLM Winlogon: UserInit - (C:\MSOCache\taskeng.exe) - C:\MSOCache\taskeng.exe File not found
    O20:64bit: - HKLM Winlogon: UserInit - (C:\MSOCache\taskeng.exe) - C:\MSOCache\taskeng.exe File not found
    O20:64bit: - HKLM Winlogon: UserInit - (C:\MSOCache\taskeng.exe) - C:\MSOCache\taskeng.exe File not found
    O20:64bit: - HKLM Winlogon: UserInit - (C:\MSOCache\taskeng.exe) - C:\MSOCache\taskeng.exe File not found
    [2011/01/11 22:47:32 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
    [2011/01/01 23:45:31 | 000,001,110 | ---- | M] () -- C:\Users\Hamish\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
    [2011/01/01 23:45:31 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
    [2011/01/01 23:45:36 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
    [2010/07/14 20:18:26 | 000,000,000 | ---- | C] () -- C:\Users\Hamish\AppData\Local\Pjaqijolozike.bin
    
    
    :file
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
    C:\Users\Hamish\AppData\Roaming\Uniblue
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

5.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

6.
  • 1. Double click on the Posted Image icon on your desktop.
    2. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    3. Push the Quick Scan button.
    4. One report will open, copy and paste it in your next reply here:
  • OTL.txt <-- Will be opened

Things to include in your next reply:
OTL fix log
MBAM log
OTL.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 sahara74

sahara74
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 13 January 2011 - 08:18 AM

Computer is running moderately better, except I would like to know why I am using 1.7GB of memory with no programs running except chrome and OTL. The fan still occasionally sounds like a jumbo ready to take off. The laptop is <1yr old. I only booted up to do the following scans:

1. OTL Fix Log:

========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft®Windows®WindowsDefender deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\MSOCache\taskeng.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\MSOCache\taskeng.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\MSOCache\taskeng.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\MSOCache\taskeng.exe deleted successfully.
C:\Windows\Tasks\RegistryBooster.job moved successfully.
C:\Users\Hamish\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk moved successfully.
C:\Users\Public\Desktop\RegistryBooster.lnk moved successfully.
File C:\Windows\tasks\RegistryBooster.job not found.
C:\Users\Hamish\AppData\Local\Pjaqijolozike.bin moved successfully.
Error: Unable to interpret <:file> in the current context!
Error: Unable to interpret <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue> in the current context!
Error: Unable to interpret <C:\Users\Hamish\AppData\Roaming\Uniblue> in the current context!

OTL by OldTimer - Version 3.2.20.1 log created on 01132011_224918

---------------------------------------------------------------------





2. Malwarebytes Log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5511

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13/01/2011 11:02:11 PM
mbam-log-2011-01-13 (23-02-11).txt

Scan type: Quick scan
Objects scanned: 166577
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------------------------------




3. OTL Log


OTL logfile created on: 1/13/2011 11:01:49 PM - Run 3
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Hamish\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 24.35 Gb Free Space | 20.92% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 322.75 Gb Free Space | 96.44% Space Free | Partition Type: NTFS
Drive F: | 941.73 Mb Total Space | 941.73 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: ADMIN | User Name: Hamish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/11 07:46:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hamish\Desktop\OTL.exe
PRC - [2011/01/10 21:27:19 | 000,995,896 | ---- | M] (Google Inc.) -- C:\Users\Hamish\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/03/28 17:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010/03/16 20:22:02 | 000,055,016 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
PRC - [2010/03/03 09:08:54 | 001,176,944 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Telstra\Telstra Connection Manager\Watcher.exe
PRC - [2010/02/18 12:22:42 | 000,210,288 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe
PRC - [2010/01/25 15:45:36 | 000,562,544 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
PRC - [2009/12/10 23:43:39 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/09/25 13:59:10 | 000,058,648 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files (x86)\Telstra\Telstra Connection Manager\WaHelper.exe
PRC - [2009/09/25 08:20:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/09/05 09:54:52 | 001,600,128 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/08/14 08:47:02 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/14 08:46:46 | 000,218,408 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe
PRC - [2009/08/13 08:50:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/08/07 07:03:10 | 000,177,384 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/08 05:50:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/06/25 07:00:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/20 04:59:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/20 04:59:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/18 06:47:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/06/16 12:00:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/19 10:28:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/21 05:39:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/04/16 18:22:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
PRC - [2008/12/23 11:45:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/03/31 21:25:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/12/01 05:50:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 18:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/01/11 07:46:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hamish\Desktop\OTL.exe
MOD - [2010/08/21 15:51:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/13 22:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/08/24 15:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/09/18 06:06:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/07 08:47:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 12:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 12:10:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/02 13:24:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2007/08/08 18:38:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/06/30 05:14:04 | 000,207,672 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBK742backup.exe -- (MOBK742backup)
SRV - [2010/03/28 17:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/03/16 20:22:02 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2010/01/15 23:19:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/21 04:49:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/15 11:33:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/18 06:47:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/06/16 12:00:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 07:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/10 07:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/31 21:25:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2006/05/17 00:08:16 | 000,094,208 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\ERM\7.1\ERMLicSrv_ATL71.exe -- (ERMLicSrv_ATL71)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swumx20.sys -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iviaspi.sys -- (Iviaspi)
DRV:64bit: - [2010/10/13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/06/30 05:13:56 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK742.sys -- (MOBK742Filter)
DRV:64bit: - [2010/02/02 16:33:08 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/28 14:45:24 | 000,283,136 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV:64bit: - [2009/12/08 14:03:02 | 000,206,848 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV:64bit: - [2009/10/21 04:49:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/08/07 08:47:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/08/07 07:54:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/27 17:34:35 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/20 20:18:31 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/20 19:59:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/20 18:03:41 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel®
DRV:64bit: - [2009/07/14 12:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 12:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 12:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:01:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/05 13:57:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/03 03:24:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 15:16:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 15:16:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 15:16:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/20 12:39:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/18 06:32:03 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/06/11 07:08:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 07:05:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/11 07:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 20:46:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/13 11:37:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/01 00:13:33 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/04/07 18:03:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/15 07:50:03 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2008/05/24 11:57:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/25 05:41:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2005/06/14 14:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2003/09/11 15:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\iviaspi.sys -- (Iviaspi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {8E5DB170-37D6-4FD6-983B-D7ECCABA359E}:1.9.1
FF - prefs.js..extensions.enabledItems: {6686734D-EEF0-4DB7-9BC7-404E5DC51C89}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://au.search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{8E5DB170-37D6-4FD6-983B-D7ECCABA359E}: C:\Windows\system32\config\systemprofile\AppData\Local\{8E5DB170-37D6-4FD6-983B-D7ECCABA359E}\ [2010/07/14 07:02:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6686734D-EEF0-4DB7-9BC7-404E5DC51C89}: C:\Users\Hamish\AppData\Local\{6686734D-EEF0-4DB7-9BC7-404E5DC51C89} [2010/07/14 20:18:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/01/11 21:59:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/11 18:02:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/23 12:48:33 | 000,000,000 | ---D | M]

[2010/03/14 01:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Extensions
[2010/12/31 14:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions
[2010/11/19 16:59:23 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/09/05 01:38:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/15 00:42:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/04 13:04:51 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/07/29 20:07:31 | 000,000,000 | ---D | M] (Messenger Plus Live Australia Toolbar) -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\extensions\{ea0969b3-6e12-4ac0-b6c9-148e81247954}
[2010/12/30 21:05:01 | 000,001,056 | ---- | M] () -- C:\Users\Hamish\AppData\Roaming\Mozilla\Firefox\Profiles\fhyzxult.default\searchplugins\icqplugin.xml
[2010/12/31 13:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/13 15:37:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 09:27:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 11:52:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/25 00:02:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/11 21:59:22 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010/07/14 20:18:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\HAMISH\APPDATA\LOCAL\{6686734D-EEF0-4DB7-9BC7-404E5DC51C89}
[2010/07/14 07:02:06 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{8E5DB170-37D6-4FD6-983B-D7ECCABA359E}
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/13 03:03:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/08/04 17:32:10 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/01/11 21:09:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101101115550.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101101115550.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\ASUSTek\ASUSDVD 8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Telstra\Telstra Connection Manager\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/13 22:51:51 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hamish\Desktop\mbam-setup.exe
[2011/01/13 22:37:15 | 000,000,000 | R--D | C] -- C:\Users\Hamish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD 8
[2011/01/13 22:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/01/11 21:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/01/11 21:05:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/11 07:46:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hamish\Desktop\OTL.exe
[2011/01/03 10:05:51 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Palringo
[2011/01/03 10:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Palringo
[2011/01/02 17:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
[2011/01/01 23:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/01/01 23:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2011/01/01 23:37:20 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Uniblue
[2011/01/01 22:34:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/01 20:06:48 | 001,047,880 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Hamish\Desktop\procexp64.exe
[2011/01/01 13:48:45 | 000,000,000 | ---D | C] -- C:\Users\Hamish\Tracing
[2010/12/31 23:01:41 | 000,000,000 | ---D | C] -- C:\Users\Hamish\Desktop\backups
[2010/12/31 21:41:47 | 004,177,272 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Hamish\Desktop\procexp.exe
[2010/12/31 14:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2010/12/31 14:08:58 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/12/31 13:32:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Hamish\Desktop\HijackThis.exe
[2010/12/30 18:42:28 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Apple Computer
[2010/12/28 12:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2010/12/28 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/28 12:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/12/26 20:42:39 | 000,000,000 | ---D | C] -- C:\Users\Hamish\Documents\My Streaming Media
[2010/12/26 20:42:38 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Local\Jaksta_Pty_Ltd
[2010/12/26 20:28:39 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Replay Media Catcher 4
[2010/12/26 20:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2010/12/23 02:53:55 | 000,000,000 | ---D | C] -- C:\Users\Hamish\AppData\Roaming\Malwarebytes
[2010/12/23 02:53:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/23 02:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/23 02:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/23 02:53:47 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/23 02:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/01/13 22:55:34 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 22:55:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2222934153-465452855-2351853516-1000UA.job
[2011/01/13 22:53:52 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hamish\Desktop\mbam-setup.exe
[2011/01/13 22:51:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/13 22:45:39 | 000,126,976 | ---- | M] () -- C:\Users\Hamish\Desktop\ResetTeaTimer.exe
[2011/01/13 22:43:22 | 000,010,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/13 22:43:22 | 000,010,256 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/13 22:36:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/13 22:36:53 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2011/01/13 22:35:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/13 22:35:52 | 3205,668,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/12 02:55:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2222934153-465452855-2351853516-1000Core.job
[2011/01/11 21:23:43 | 002,672,312 | ---- | M] () -- C:\Users\Hamish\Desktop\esetsmartinstaller_enu.exe
[2011/01/11 21:09:17 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/01/11 21:04:51 | 000,117,375 | -H-- | M] () -- C:\Users\Hamish\AppData\Roaming\Hamishlog.dat
[2011/01/11 08:34:31 | 000,016,339 | ---- | M] () -- C:\Users\Hamish\Desktop\bleeping computer reply.docx
[2011/01/11 07:46:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hamish\Desktop\OTL.exe
[2011/01/11 07:39:14 | 000,080,384 | ---- | M] () -- C:\Users\Hamish\Desktop\MBRCheck.exe
[2011/01/03 19:50:13 | 003,845,580 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/03 19:50:13 | 000,699,356 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2011/01/03 19:50:13 | 000,685,440 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2011/01/03 19:50:13 | 000,669,826 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2011/01/03 19:50:13 | 000,622,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/03 19:50:13 | 000,617,114 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2011/01/03 19:50:13 | 000,138,772 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2011/01/03 19:50:13 | 000,135,654 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2011/01/03 19:50:13 | 000,129,990 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2011/01/03 19:50:13 | 000,123,268 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2011/01/03 19:50:13 | 000,108,636 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/02 19:07:07 | 000,008,335 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.csv
[2011/01/02 19:06:20 | 000,011,878 | ---- | M] () -- C:\Users\Hamish\Documents\My Places.kmz
[2011/01/02 19:06:09 | 000,007,967 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kmz
[2011/01/02 17:55:14 | 000,000,542 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kst
[2011/01/02 17:48:51 | 000,000,493 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kdx
[2011/01/02 17:39:51 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth Pro.lnk
[2011/01/02 16:42:12 | 000,040,432 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds adl metro.kml
[2011/01/02 16:22:04 | 000,035,328 | ---- | M] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.xls
[2011/01/02 11:28:34 | 002,486,987 | ---- | M] () -- C:\Users\Hamish\Desktop\Trip to central Australia.rar
[2011/01/02 11:15:27 | 000,002,360 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/01/01 22:51:32 | 000,007,628 | ---- | M] () -- C:\Users\Hamish\AppData\Local\resmon.resmoncfg
[2011/01/01 20:06:48 | 001,047,880 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Hamish\Desktop\procexp64.exe
[2011/01/01 19:27:07 | 000,428,446 | ---- | M] () -- C:\Users\Hamish\'hosts.'
[2011/01/01 18:08:59 | 000,005,832 | ---- | M] () -- C:\Users\Hamish\Documents\cc_20110101_180855.reg
[2011/01/01 18:02:33 | 000,017,152 | ---- | M] () -- C:\Users\Hamish\Documents\cc_20110101_180200.reg
[2010/12/31 14:55:46 | 000,032,582 | ---- | M] () -- C:\Users\Hamish\Documents\cc_20101231_145528.reg
[2010/12/31 14:52:00 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/31 13:32:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Hamish\Desktop\HijackThis.exe
[2010/12/31 12:50:24 | 000,428,444 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101231-144619.backup
[2010/12/30 10:25:36 | 007,227,845 | ---- | M] () -- C:\Users\Hamish\Desktop\RBSHFullBook.pdf
[2010/12/28 13:16:29 | 000,001,897 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2010/12/28 12:38:35 | 000,428,444 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101231-125024.backup
[2010/12/28 12:30:45 | 000,001,284 | ---- | M] () -- C:\Users\Hamish\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/28 12:30:45 | 000,001,260 | ---- | M] () -- C:\Users\Hamish\Desktop\Spybot - Search & Destroy.lnk
[2010/12/26 21:55:47 | 000,449,917 | ---- | M] () -- C:\Users\Hamish\Documents\Presentation1.pptx
[2010/12/26 20:35:22 | 000,000,863 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101228-123835.backup
[2010/12/26 20:35:22 | 000,000,863 | ---- | M] () -- C:\Users\Hamish\Documents\hosts
[2010/12/26 20:28:37 | 000,002,637 | ---- | M] () -- C:\Users\Public\Desktop\Replay Media Catcher 4.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/16 07:37:01 | 000,507,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/01/13 22:45:45 | 000,126,976 | ---- | C] () -- C:\Users\Hamish\Desktop\ResetTeaTimer.exe
[2011/01/11 21:23:40 | 002,672,312 | ---- | C] () -- C:\Users\Hamish\Desktop\esetsmartinstaller_enu.exe
[2011/01/11 08:34:30 | 000,016,339 | ---- | C] () -- C:\Users\Hamish\Desktop\bleeping computer reply.docx
[2011/01/11 07:39:18 | 000,080,384 | ---- | C] () -- C:\Users\Hamish\Desktop\MBRCheck.exe
[2011/01/02 19:06:20 | 000,011,878 | ---- | C] () -- C:\Users\Hamish\Documents\My Places.kmz
[2011/01/02 17:55:38 | 000,007,967 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kmz
[2011/01/02 17:50:07 | 000,000,542 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kst
[2011/01/02 17:48:51 | 000,000,493 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.kdx
[2011/01/02 17:39:51 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth Pro.lnk
[2011/01/02 16:27:19 | 000,040,432 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds adl metro.kml
[2011/01/02 16:25:52 | 000,008,335 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.csv
[2011/01/02 03:42:04 | 000,035,328 | ---- | C] () -- C:\Users\Hamish\Documents\fishing grounds ADL metro.xls
[2011/01/01 19:27:07 | 000,428,446 | ---- | C] () -- C:\Users\Hamish\'hosts.'
[2011/01/01 18:08:56 | 000,005,832 | ---- | C] () -- C:\Users\Hamish\Documents\cc_20110101_180855.reg
[2011/01/01 18:02:31 | 000,017,152 | ---- | C] () -- C:\Users\Hamish\Documents\cc_20110101_180200.reg
[2010/12/31 14:55:42 | 000,032,582 | ---- | C] () -- C:\Users\Hamish\Documents\cc_20101231_145528.reg
[2010/12/31 14:52:00 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/30 10:25:34 | 007,227,845 | ---- | C] () -- C:\Users\Hamish\Desktop\RBSHFullBook.pdf
[2010/12/28 12:30:45 | 000,001,284 | ---- | C] () -- C:\Users\Hamish\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/28 12:30:45 | 000,001,260 | ---- | C] () -- C:\Users\Hamish\Desktop\Spybot - Search & Destroy.lnk
[2010/12/26 21:55:46 | 000,449,917 | ---- | C] () -- C:\Users\Hamish\Documents\Presentation1.pptx
[2010/12/26 20:35:22 | 000,000,863 | ---- | C] () -- C:\Users\Hamish\Documents\hosts
[2010/12/26 20:28:37 | 000,002,637 | ---- | C] () -- C:\Users\Public\Desktop\Replay Media Catcher 4.lnk
[2010/12/23 02:53:51 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/22 20:36:43 | 000,000,032 | ---- | C] () -- C:\Users\Hamish\AppData\Local\xobni_installer_updater.log
[2010/08/21 18:28:49 | 000,000,164 | ---- | C] () -- C:\Windows\SysWow64\psconv.ini
[2010/08/21 18:27:37 | 000,001,024 | -HS- | C] () -- C:\ProgramData\dwg2pdf.dll
[2010/08/05 18:40:51 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2010/07/16 17:56:45 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010/04/15 01:19:28 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010/04/15 01:19:28 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010/04/15 01:19:28 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010/04/15 01:19:28 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010/04/15 01:19:28 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010/04/15 01:19:27 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010/04/15 01:18:45 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\cddvdint.dll
[2010/03/04 22:55:59 | 000,007,628 | ---- | C] () -- C:\Users\Hamish\AppData\Local\resmon.resmoncfg
[2010/02/14 01:30:26 | 003,870,058 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/02 17:05:44 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2010/02/02 17:05:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2010/02/02 16:57:33 | 000,003,584 | ---- | C] () -- C:\Users\Hamish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/02 16:43:57 | 000,000,540 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2010/02/01 19:16:27 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/12/10 23:43:26 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/10 23:22:56 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/10 23:07:00 | 000,000,108 | ---- | C] () -- C:\ProgramData\{2637C347-9DAD-11D6-9EA2-00055D0CA761}.log
[2009/12/10 22:56:20 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/12/10 22:55:58 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/10/21 04:49:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/08/19 19:03:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 16:31:09 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 10:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/12/02 13:02:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/02/29 03:23:09 | 000,393,216 | ---- | C] () -- C:\Windows\SysWow64\TAGDLL.dll
[2005/05/01 07:25:57 | 000,117,375 | -H-- | C] () -- C:\Users\Hamish\AppData\Roaming\Hamishlog.dat

========== LOP Check ==========

[2010/03/04 23:33:27 | 000,000,000 | -HSD | M] -- C:\Users\Hamish\AppData\Roaming\.#
[2010/02/01 17:52:49 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Asus WebStorage
[2010/04/15 10:39:37 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\ASUSTek
[2011/01/05 00:16:36 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\BitTorrent
[2010/09/11 17:39:17 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\com.adobe.example.nowplaying.CB47D98EFACE64EC32AB956F069921E47BEB7894.1
[2010/12/20 15:40:43 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Free Audio Editor
[2010/03/04 23:31:50 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\GameConsole
[2010/11/19 17:30:00 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\GetRightToGo
[2010/02/11 14:04:03 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\IcoFX
[2010/08/05 14:32:15 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\ICQ
[2010/04/15 01:22:46 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\InterVideo
[2010/11/19 17:44:25 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Jaksta
[2010/02/01 19:09:02 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\PowerCinema
[2010/02/01 21:44:04 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Publish Providers
[2010/12/31 14:39:07 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\QuickScan
[2010/12/26 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Replay Media Catcher 4
[2010/12/10 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Sierra Wireless
[2010/09/04 17:21:45 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Sony
[2011/01/01 23:38:17 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Uniblue
[2011/01/01 20:33:22 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Utherverse
[2010/07/14 02:11:01 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Xilisoft
[2010/02/11 15:04:04 | 000,000,000 | ---D | M] -- C:\Users\Hamish\AppData\Roaming\Xilisoft Corporation
[2011/01/13 22:36:02 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 12:22:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 12:22:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 12:22:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 12:22:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 11:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 11:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 11:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 12:10:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/08/07 07:54:13 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys
[2009/08/07 07:54:13 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_9071cf01e963be0e\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 12:18:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 12:18:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 12:11:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 11:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 11:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 11:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 12:15:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 12:15:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 11:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 11:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 11:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 12:11:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

--------------------------------------------------------------------------------------------------------------------------------

(p.s. whenever I boot up I constantly have the ASUS update window popup...I try to update but it always fails. I am unsure whether to update manually or not.)

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:55 PM

Posted 13 January 2011 - 02:25 PM

Hello, sahara74.
Congratulations! You now appear clean! :cool:

(p.s. whenever I boot up I constantly have the ASUS update window popup...I try to update but it always fails. I am unsure whether to update manually or not.)


Yes,Go ahead and manually update.

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.




Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:55 PM

Posted 16 January 2011 - 12:22 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 1-2 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:55 PM

Posted 18 January 2011 - 04:04 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users