Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit problem


  • This topic is locked This topic is locked
14 replies to this topic

#1 Dekabreak

Dekabreak

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 22 February 2011 - 06:24 PM

Excuse my other thread in the other forum, you can delete it.

Anyways, I just got this rootkit, the one that redirects you to another site on google, and disables particular sites like ESET. Would need some assistance on removing this...

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK 
Run by Gian at 18:17:05.99 on Tue 02/22/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3071.2075 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
E:\Games\Steam\Steam.exe
C:\Windows\Explorer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\explorer.exe
C:\Users\Gian\Desktop\dds(2).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\splitcam toolbar\tbcore3.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\gian\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "e:\games\steam\steam.exe" -silent
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Windows Defense Service] c:\windows\system32\WinDefend.exe
uRun: [cleansweep.exe] c:\cleansweep.exe\cleansweep.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [MMTray] MMTray.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [GrpConv] grpconv -o
StartupFolder: c:\users\gian\appdata\roaming\micros~1\windows\startm~1\programs\startup\mlbtvn~1.lnk - c:\users\gian\appdata\local\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wegame.lnk - c:\program files\wegame\wegame.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.bitdefender.com
Hosts: 127.0.0.1 www.eset.com
Hosts: 127.0.0.1 www.f-secure.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\users\gian\appdata\roaming\mozilla\firefox\profiles\bgd3m9d6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.http - 212.138.84.62
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\gian\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - %profile%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
FF - Ext: Embedded Objects: firefox@red-cog.com - %profile%\extensions\firefox@red-cog.com
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-12-6 1238408]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2010-6-7 42496]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-1-31 165584]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-5-15 176128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-31 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-1-31 50768]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-4 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca1f43cfd1aa98;Google Update Service (gupdate1ca1f43cfd1aa98);c:\program files\google\update\GoogleUpdate.exe [2009-8-17 133104]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-31 1153368]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe --> c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-27 24652]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-10-27 6573568]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-10-27 229888]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-4 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-4 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-3-25 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-6-10 1394688]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\rt2500usb.sys [2009-1-18 139904]
S3 UsbGps;LGE Mobile USB GPS NMEA Port;c:\windows\system32\drivers\lgusbgps.sys [2010-1-21 19840]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-1 1343400]

=============== Created Last 30 ================

2011-02-22 22:49:28	--------	d-----w-	c:\users\gian\appdata\roaming\SUPERAntiSpyware.com
2011-02-22 22:49:28	--------	d-----w-	c:\progra~2\SUPERAntiSpyware.com
2011-02-22 22:42:01	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-02-22 18:41:51	5890896	----a-w-	c:\progra~2\microsoft\windows defender\definition updates\{49f1ac37-68eb-4dc2-a69c-a5189b049eff}\mpengine.dll
2011-02-13 20:03:03	--------	d-----w-	c:\users\gian\appdata\local\SourceTec
2011-02-13 20:02:58	--------	d-----w-	c:\program files\common files\SourceTec
2011-02-13 20:02:56	--------	d-----w-	c:\program files\SourceTec
2011-02-13 19:36:09	--------	d-----w-	c:\program files\Flash Pro CS5
2011-02-13 19:14:05	1228424	----a-w-	c:\users\gian\FlashPro_11_LS1.exe
2011-02-11 23:39:47	--------	d-----w-	c:\program files\Game Graphic Studio
2011-02-06 02:00:29	--------	d-----w-	c:\program files\iPod
2011-02-06 02:00:28	--------	d-----w-	c:\program files\iTunes
2011-02-06 01:57:22	--------	d-----w-	c:\program files\Bonjour
2011-01-26 18:23:22	--------	d-----w-	c:\program files\common files\ATI Technologies
2011-01-25 23:15:41	--------	d-----w-	c:\progra~2\KONAMI

==================== Find3M  ====================

2011-01-09 08:01:16	75136	----a-w-	c:\windows\system32\PnkBstrA.exe
2011-01-09 08:00:52	270904	----a-w-	c:\windows\system32\PnkBstrB.xtr
2011-01-09 08:00:52	270904	----a-w-	c:\windows\system32\PnkBstrB.exe
2011-01-09 04:39:54	569344	----a-w-	c:\users\gian\appdata\roaming\znecoqb.exe
2011-01-09 02:47:50	372736	----a-w-	c:\users\gian\appdata\roaming\bguuikk.exe
2011-01-09 02:47:43	372736	----a-w-	c:\users\gian\appdata\roaming\jkuocil.exe
2011-01-09 02:47:31	372736	----a-w-	c:\users\gian\appdata\roaming\hhmqnss.exe
2011-01-09 02:47:21	372736	----a-w-	c:\users\gian\appdata\roaming\tinejwb.exe
2011-01-09 02:34:26	372736	----a-w-	c:\users\gian\appdata\roaming\rmhmxir.exe
2011-01-09 02:03:01	372736	----a-w-	c:\users\gian\appdata\roaming\bpxfgpw.exe
2011-01-09 01:39:13	569344	----a-w-	c:\users\gian\appdata\roaming\hrnqbba.exe
2011-01-09 01:38:28	372736	----a-w-	c:\users\gian\appdata\roaming\jkzerlf.exe
2011-01-08 22:22:33	569344	----a-w-	c:\users\gian\appdata\roaming\lqweyun.exe
2011-01-08 21:58:12	372736	----a-w-	c:\users\gian\appdata\roaming\dimxnhz.exe
2011-01-08 20:32:12	569344	----a-w-	c:\users\gian\appdata\roaming\ohyxjzm.exe
2011-01-08 20:04:12	372736	----a-w-	c:\users\gian\appdata\roaming\tytoqah.exe
2011-01-08 18:30:07	372736	----a-w-	c:\users\gian\appdata\roaming\qqrbrav.exe
2011-01-08 05:12:00	138056	----a-w-	c:\users\gian\appdata\roaming\PnkBstrK.sys
2011-01-08 05:11:20	2434856	----a-w-	c:\windows\system32\pbsvc_bc2.exe
2011-01-07 07:27:11	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 05:33:11	294400	----a-w-	c:\windows\system32\atmfd.dll
2011-01-06 01:35:49	376832	----a-w-	c:\users\gian\appdata\roaming\qjqvmjb.exe
2011-01-06 01:22:48	376832	----a-w-	c:\users\gian\appdata\roaming\zdhtcvp.exe
2011-01-05 05:37:33	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-01-05 03:37:38	2329088	----a-w-	c:\windows\system32\win32k.sys
2010-12-21 05:38:24	73728	----a-w-	c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24	51200	----a-w-	c:\windows\system32\wscapi.dll
2010-12-21 05:38:22	981504	----a-w-	c:\windows\system32\wininet.dll
2010-12-21 05:38:22	350720	----a-w-	c:\windows\system32\winhttp.dll
2010-12-21 05:38:21	204800	----a-w-	c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19	204288	----a-w-	c:\windows\system32\upnp.dll
2010-12-21 05:38:16	14336	----a-w-	c:\windows\system32\slwga.dll
2010-12-21 05:36:17	1389568	----a-w-	c:\windows\system32\msxml6.dll
2010-12-21 05:36:16	1236992	----a-w-	c:\windows\system32\msxml3.dll
2010-12-21 05:34:12	80384	----a-w-	c:\windows\system32\davclnt.dll
2010-12-18 05:29:40	44544	----a-w-	c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31	541184	----a-w-	c:\windows\system32\kerberos.dll
2010-12-18 04:20:55	386048	----a-w-	c:\windows\system32\html.iec
2010-12-18 03:47:59	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2010-12-14 23:51:20	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2010-12-02 03:35:18	4280320	----a-w-	c:\windows\system32\GPhotos.scr
2010-11-29 22:38:30	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30	69632	----a-w-	c:\windows\system32\QuickTime.qts

============= FINISH: 18:18:32.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 22 February 2011 - 07:08 PM

Here's the GMER log.

Attached Files

  • Attached File  ark.txt   3.94KB   2 downloads


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 PM

Posted 22 February 2011 - 07:59 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Did you set this proxy in Firefox?

FF - prefs.js: network.proxy.http - 212.138.84.62
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0


Anyways, I just got this rootkit, the one that redirects you to another site on google, and disables particular sites like ESET. Would need some assistance on removing this...

This is due to the infection playing with your host file. We will reset the host file and you should be able to access security sites.


____________________________________________________



NEXT:


Running OTM

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
    c:\users\gian\appdata\roaming\zdhtcvp.exe
    c:\users\gian\appdata\roaming\qjqvmjb.exe
    c:\users\gian\appdata\roaming\znecoqb.exe
    c:\users\gian\appdata\roaming\bguuikk.exe
    c:\users\gian\appdata\roaming\jkuocil.exe
    c:\users\gian\appdata\roaming\hhmqnss.exe
    c:\users\gian\appdata\roaming\tinejwb.exe
    c:\users\gian\appdata\roaming\rmhmxir.exe
    c:\users\gian\appdata\roaming\bpxfgpw.exe
    c:\users\gian\appdata\roaming\hrnqbba.exe
    c:\users\gian\appdata\roaming\jkzerlf.exe
    c:\users\gian\appdata\roaming\lqweyun.exe
    c:\users\gian\appdata\roaming\dimxnhz.exe
    c:\users\gian\appdata\roaming\ohyxjzm.exe
    c:\users\gian\appdata\roaming\tytoqah.exe
    c:\users\gian\appdata\roaming\qqrbrav.exe
    
    :Commands
    [emptytemp]
    [emptyflash]
    [resethosts]
    [createrestorepoint]
    [purity]
    
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:



Please be sure to include an update on how things are currently running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 22 February 2011 - 08:03 PM

Nope, didn't set that proxy in Firefox, on top of that, I've been using Chrome.

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 PM

Posted 22 February 2011 - 08:09 PM

Okay, I'll script it out later than. Thanks for the clarification on that. :)

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 22 February 2011 - 08:11 PM

RkU won't open up, an error comes out. "Error loading driver, NTSTATUS code: 0xC000035F".

#7 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 22 February 2011 - 08:19 PM

Extra didn't come up.

OTL logfile created on: 2/22/2011 8:12:55 PM - Run 4
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Gian\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.47 Gb Total Space | 142.44 Gb Free Space | 49.38% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 65.21 Gb Free Space | 21.88% Space Free | Partition Type: NTFS

Computer Name: GIAN-PC | User Name: Gian | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Gian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\WinRAR\WinRAR.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Gian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (StarWindServiceAE) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (NMSAccessU) -- C:\Windows\System32\NMSAccessU.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SPLITCAM) -- C:\Windows\System32\drivers\splitcam.sys (LoteSoft Co.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (UsbGps) -- C:\Windows\System32\drivers\lgusbgps.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation )
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM) -- C:\Windows\System32\drivers\vrtaucbl.sys (Eugene V. Muzychenko)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (u2kg54) -- C:\Windows\System32\drivers\rt2500usb.sys (Ralink Technology Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-324557414-659355397-3272978054-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-324557414-659355397-3272978054-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKU\S-1-5-21-324557414-659355397-3272978054-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-324557414-659355397-3272978054-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-324557414-659355397-3272978054-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-324557414-659355397-3272978054-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-324557414-659355397-3272978054-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-324557414-659355397-3272978054-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.7.0.1
FF - prefs.js..extensions.enabledItems: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8
FF - prefs.js..network.proxy.http: "212.138.84.62"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 20:32:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/22 20:08:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/22 20:08:21 | 000,000,000 | ---D | M]

[2009/09/27 15:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gian\AppData\Roaming\Mozilla\Extensions
[2009/06/14 17:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gian\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/02/22 17:28:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gian\AppData\Roaming\Mozilla\Firefox\Profiles\bgd3m9d6.default\extensions
[2010/06/21 10:48:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gian\AppData\Roaming\Mozilla\Firefox\Profiles\bgd3m9d6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/14 16:29:51 | 000,000,000 | ---D | M] (SplitCam Toolbar) -- C:\Users\Gian\AppData\Roaming\Mozilla\Firefox\Profiles\bgd3m9d6.default\extensions\{338B4DFE-2E2C-4338-9E41-E176D497299E}
[2010/06/25 10:13:16 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Gian\AppData\Roaming\Mozilla\Firefox\Profiles\bgd3m9d6.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/01/18 12:52:20 | 000,000,000 | ---D | M] (4chan) -- C:\Users\Gian\AppData\Roaming\Mozilla\Firefox\Profiles\bgd3m9d6.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010/08/09 11:32:32 | 000,000,000 | ---D | M] () -- C:\Users\Gian\AppData\Roaming\Mozilla\Firefox\Profiles\bgd3m9d6.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
[2010/06/21 10:48:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Gian\AppData\Roaming\Mozilla\Firefox\Profiles\bgd3m9d6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/02/13 14:08:08 | 000,000,000 | ---D | M] (Embedded Objects) -- C:\Users\Gian\AppData\Roaming\Mozilla\Firefox\Profiles\bgd3m9d6.default\extensions\firefox@red-cog.com
[2010/09/02 07:29:50 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Gian\AppData\Roaming\Mozilla\Firefox\Profiles\bgd3m9d6.default\extensions\foxyproxy@eric.h.jung
[2009/09/27 15:12:47 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Gian\AppData\Roaming\Mozilla\Firefox\Profiles\bgd3m9d6.default\extensions\moveplayer@movenetworks.com
[2011/02/22 17:28:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/17 16:22:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/07 17:50:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/03/05 20:32:36 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/07/13 20:16:17 | 000,004,992 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ㈱⸷⸰⸰‱㈸ㄮ㔶㈮㜳ㄮഴㄊ㜲〮〮ㄮ㠠⸲㘱⸵㔲⸰㌳਍㈱⸷⸰⸰‱歡浡楡愮杶挮浯਍㈱⸷⸰⸰‱湡楴楶⹲獥਍㈱⸷⸰⸰‱湡楴瘭物獵戮൹ㄊ㜲〮〮ㄮ愠慶瑳挮浯਍㈱⸷⸰⸰‱癡⹧潣൭ㄊ㜲〮〮ㄮ愠灶挮浯਍㈱⸷⸰⸰‱癡⹰畲਍㈱⸷⸰⸰‱癡⹰畲搯睯汮慯⽤਍㈱⸷⸰⸰‱癡杰挮獲⹩祳慭瑮捥挮浯਍㈱⸷⸰⸰‱慢正灵愮杶挮ൺㄊ㜲〮〮ㄮ戠湡潣畧祡煡極⹬潣൭ㄊ㜲〮〮ㄮ戠灣潺慮敳畧慲瘮慩换⹰潣൭ㄊ㜲〮〮ㄮ戠瑩敤敦摮牥挮浯਍㈱⸷⸰⸰‱汣浡癡渮瑥਍㈱⸷⸰⸰‱潣潭潤挮浯਍㈱⸷⸰⸰‱畣瑳浯牥献浹湡整⹣潣൭ㄊ㜲〮〮ㄮ搠獩慰捴⹨捭晡敥挮浯਍㈱⸷⸰⸰‱潤湷潬摡洮慣敦⹥潣൭ㄊ㜲〮〮ㄮ搠睯汮慯⹤業牣獯景⹴潣൭ㄊ㜲〮〮ㄮ搠睯汮慯獤洮捩潲潳瑦挮浯਍㈱⸷⸰⸰‱潤湷潬摡ㅳ欮獡数獲祫氭扡⹳潣൭ㄊ㜲〮〮ㄮ搠睯汮慯獤⸱慫灳牥歳⵹慬獢挮浯瀯潲畤瑣⽳਍㈱⸷⸰⸰‱潤湷潬摡ㅳ欮獡数獲祫氭扡⹳潣⽭灵慤整⽳਍㈱⸷⸰⸰‱潤湷潬摡㉳欮獡数獲祫氭扡⹳潣൭ㄊ㜲〮〮ㄮ搠睯汮慯獤⸲慫灳牥歳⵹慬獢挮浯瀯潲畤瑣⽳਍㈱⸷⸰⸰‱潤湷潬摡㉳欮獡数獲祫氭扡⹳潣⽭灵慤整⽳਍㈱⸷⸰⸰‱潤湷潬摡㍳欮獡数獲祫氭扡⹳潣൭ㄊ㜲〮〮ㄮ搠睯汮慯獤⸳慫灳牥歳⵹慬獢挮浯瀯潲畤瑣⽳਍㈱⸷⸰⸰‱潤湷潬摡㍳欮獡数獲祫氭扡⹳潣⽭灵慤整⽳਍㈱⸷⸰⸰‱潤湷潬摡㑳欮獡数獲祫氭扡⹳潣൭ㄊ㜲〮〮ㄮ搠睯汮慯獤⸴慫灳牥歳⵹慬獢挮浯瀯潲畤瑣⽳਍㈱⸷⸰⸰‱潤湷潬摡㑳欮獡数獲祫氭扡⹳潣⽭灵慤整⽳਍㈱⸷⸰⸰‱潤湷潬摡㕳欮獡数獲祫氭扡⹳潣൭ㄊ㜲〮〮ㄮ搠睯汮慯獤⸵慫灳牥歳⵹慬獢挮浯瀯潲畤瑣⽳਍㈱⸷⸰⸰‱潤湷潬摡㕳欮獡数獲祫氭扡⹳潣⽭灵慤整⽳਍㈱⸷⸰⸰‱牤敷⹢潣൭ㄊ㜲〮〮ㄮ攠獭獩景⹴潣൭ㄊ㜲〮〮ㄮ攠敳⹴潣൭ㄊ㜲〮〮ㄮ攠敳⹴潣⽭਍㈱⸷⸰⸰‱獥瑥挮浯搯睯汮慯⽤湩敤⹸桰൰ㄊ㜲〮〮ㄮ攠敳⹴潣⽭潪浯慬യㄊ㜲〮〮ㄮ攠敳⹴潣⽭牰摯捵獴椯摮硥瀮灨਍㈱⸷⸰⸰‱獥瑥攮൳ㄊ㜲〮〮ㄮ映牯楴敮⹴潣൭ㄊ㜲〮〮ㄮ映瀭潲⹴潣൭ㄊ㜲〮〮ㄮ映猭捥牵⹥潣൭ㄊ㜲〮〮ㄮ朠慤慴攮൳ㄊ㜲〮〮ㄮ朠⹯業牣獯景⹴潣൭ㄊ㜲〮〮ㄮ栠捡獫景⹴潣⹭数਍㈱⸷⸰⸰‱歩牡獵愮൴ㄊ㜲〮〮ㄮ欠獡数獲祫挮浯਍㈱⸷⸰⸰‱慫灳牥歳⹹畲਍㈱⸷⸰⸰‱慫灳牥歳⵹慬獢挮浯਍㈱⸷⸰⸰‱楬敶灵慤整献浹湡整⹣潣൭ㄊ㜲〮〮ㄮ氠癩略摰瑡⹥祳慭瑮捥楬敶灵慤整挮浯਍㈱⸷⸰⸰‱慭慣敦⹥潣൭ㄊ㜲〮〮ㄮ洠獡⹴捭晡敥挮浯਍㈱⸷⸰⸰‱捭晡敥挮浯਍㈱⸷⸰⸰‱業牣獯景⹴潣൭ㄊ㜲〮〮ㄮ洠摳⹮業牣獯景⹴潣൭ㄊ㜲〮〮ㄮ洠⵹瑥畲瑳挮浯਍㈱⸷⸰⸰‱敮睴牯慫獳捯慩整⹳潣൭ㄊ㜲〮〮ㄮ渠摯㈳挮浯਍㈱⸷⸰⸰‱潮浲湡挮浯਍㈱⸷⸰⸰‱潮瑲湯挮浯਍㈱⸷⸰⸰‱灮潲整瑣挮浯਍㈱⸷⸰⸰‱慰摮獡捥牵瑩⹹潣൭ㄊ㜲〮〮ㄮ瀠湡慤潳瑦慷敲挮浯਍㈱⸷⸰⸰‱捰潴汯⹳潣൭ㄊ㜲〮〮ㄮ瀠晩献浹湡整⹣潣൭ㄊ㜲〮〮ㄮ瀠晩慭湩献浹湡整⹣潣൭ㄊ㜲〮〮ㄮ爠摡⹳捭晡敥挮浯਍㈱⸷⸰⸰‱楲楳杮札潬慢⹬潣൭ㄊ㜲〮〮ㄮ猠慣湮牥渮癯物獵桴湡獫漮杲਍㈱⸷⸰⸰‱敳畣敲渮楡挮浯਍㈱⸷⸰⸰‱敳畣楲祴敲灳湯敳献浹湡整⹣潣൭ㄊ㜲〮〮ㄮ猠牥楶散⸱祳慭瑮捥挮浯਍㈱⸷⸰⸰‱潳桰獯挮浯਍㈱⸷⸰⸰‱畳扮汥獴景睴牡⹥潣൭ㄊ㜲〮〮ㄮ猠灵潰瑲洮捩潲潳瑦挮浯਍㈱⸷⸰⸰‱祳慭瑮捥挮浯਍㈱⸷⸰⸰‱祳慭瑮捥挮浯甯摰瑡獥਍㈱⸷⸰⸰‱桴敲瑡硥数瑲挮浯਍㈱⸷⸰⸰‱牴湥浤捩潲挮浯਍㈱⸷⸰⸰‱㉵攮敳⹴潣൭ㄊ㜲〮〮ㄮ甠〲攮敳⹴潣൭ㄊ㜲〮〮ㄮ甠⸳獥瑥挮浯਍㈱⸷⸰⸰‱㍵攮敳⹴潣⽭਍㈱⸷⸰⸰‱㑵攮敳⹴潣൭ㄊ㜲〮〮ㄮ甠⸴獥瑥挮浯യㄊ㜲〮〮ㄮ甠⸷獥瑥挮浯਍㈱⸷⸰⸰‱灵慤整愮杶挮浯਍㈱⸷⸰⸰‱灵慤整洮捩潲潳瑦挮浯਍㈱⸷⸰⸰‱灵慤整献浹湡整⹣潣൭ㄊ㜲〮〮ㄮ甠摰瑡獥献浹湡整⹣潣൭ㄊ㜲〮〮ㄮ甠摰瑡獥⸱慫灳牥歳⵹慬獢挮浯਍㈱⸷⸰⸰‱灵慤整㉳欮獡数獲祫氭扡⹳潣൭ㄊ㜲〮〮ㄮ甠摰瑡獥⸳慫灳牥歳⵹慬獢挮浯਍㈱⸷⸰⸰‱獵洮慣敦⹥潣൭ㄊ㜲〮〮ㄮ瘠慩换⹰潣൭ㄊ㜲〮〮ㄮ瘠物捳湡漮杲਍㈱⸷⸰⸰‱楶畲扳獵整⹲畨਍㈱⸷⸰⸰‱楶畲汳獩⹴潣൭ㄊ㜲〮〮ㄮ瘠物獵楬瑳爮൵ㄊ㜲〮〮ㄮ瘠物獵捳湡樮瑯楴漮杲਍㈱⸷⸰⸰‱楶畲瑳瑯污挮浯਍㈱⸷⸰⸰‱楷摮睯畳摰瑡⹥業牣獯景⹴潣൭ㄊ㜲〮〮ㄮ眠睷愮湨慬⹢潣൭ㄊ㜲〮〮ㄮ眠睷愮慬摤湩挮浯਍㈱⸷⸰⸰‱睷⹷湡楴楶⹲獥਍㈱⸷⸰⸰‱睷⹷湡楴⹹敮൴ㄊ㜲〮〮ㄮ眠睷愮瑵敨瑮畩⹭潣൭ㄊ㜲〮〮ㄮ眠睷愮慶瑳挮浯਍㈱⸷⸰⸰‱睷⹷癡⹧潣൭ㄊ㜲〮〮ㄮ眠睷愮灶挮浯਍㈱⸷⸰⸰‱睷⹷癡⹰畲਍㈱⸷⸰⸰‱睷⹷癡⹰畲搯睯汮慯⽤਍㈱⸷⸰⸰‱睷⹷楢摴晥湥敤⹲潣൭ㄊ㜲〮〮ㄮ眠睷挮慬慭⹶敮൴ㄊ㜲〮〮ㄮ眠睷挮浯摯⹯潣൭ㄊ㜲〮〮ㄮ眠睷搮睯汮慯⹤捭晡敥挮浯਍㈱⸷⸰⸰‱睷⹷牤敷⹢潣൭ㄊ㜲〮〮ㄮ眠睷攮獭獩景⹴潣൭ㄊ㜲〮〮ㄮ眠睷攮敳⹴潣൭ㄊ㜲〮〮ㄮ眠睷攮敳⹴潣⽭਍㈱⸷⸰⸰‱睷⹷獥瑥挮浯搯睯汮慯⽤湩敤⹸桰൰ㄊ㜲〮〮ㄮ眠睷攮敳⹴潣⽭潪浯慬യㄊ㜲〮〮ㄮ眠睷攮敳⹴潣⽭牰摯捵獴椯摮硥瀮灨਍㈱⸷⸰⸰‱睷⹷潦瑲湩瑥挮浯਍㈱⸷⸰⸰‱睷⹷ⵦ牰瑯挮浯਍㈱⸷⸰⸰‱睷⹷ⵦ敳畣敲挮浯਍㈱⸷⸰⸰‱睷⹷摧瑡⹡獥਍㈱⸷⸰⸰‱睷⹷牧獩景⹴潣൭ㄊ㜲〮〮ㄮ眠睷椮慫畲⹳瑡਍㈱⸷⸰⸰‱睷⹷慫灳牥歳⹹潣൭ㄊ㜲〮〮ㄮ眠睷欮獡数獲祫爮൵ㄊ㜲〮〮ㄮ眠睷欮獡数獲祫氭扡⹳潣൭ㄊ㜲〮〮ㄮ眠睷洮捡晡敥挮浯਍㈱⸷⸰⸰‱睷⹷捭晡敥挮浯਍㈱⸷⸰⸰‱睷⹷業牣獯景⹴潣൭ㄊ㜲〮〮ㄮ眠睷洮⵹瑥畲瑳挮浯਍㈱⸷⸰⸰‱睷⹷敮睴牯慫獳捯慩整⹳潣൭ㄊ㜲〮〮ㄮ眠睷渮摯㈳挮浯਍㈱⸷⸰⸰‱睷⹷潮浲湡挮浯਍㈱⸷⸰⸰‱睷⹷潮瑲湯挮浯਍㈱⸷⸰⸰‱睷⹷灮潲整瑣挮浯਍㈱⸷⸰⸰‱睷⹷慰摮獡捥牵瑩⹹潣൭ㄊ㜲〮〮ㄮ眠睷瀮湡慤潳瑦慷敲挮浯਍㈱⸷⸰⸰‱睷⹷捰潴汯⹳潣൭ㄊ㜲〮〮ㄮ眠睷爮獩湩ⵧ汧扯污挮浯਍㈱⸷⸰⸰‱睷⹷捳湡敮⹲潮楶畲瑳慨歮⹳牯൧ㄊ㜲〮〮ㄮ眠睷献灯潨⹳潣൭ㄊ㜲〮〮ㄮ眠睷献湵敢瑬潳瑦慷敲挮浯਍㈱⸷⸰⸰‱睷⹷祳慭瑮捥挮浯਍㈱⸷⸰⸰‱睷⹷祳慭瑮捥挮浯甯摰瑡獥਍㈱⸷⸰⸰‱睷⹷牴湥浤捩潲挮浯਍㈱⸷⸰⸰‱睷⹷楶獲慣⹮牯൧ㄊ㜲〮〮ㄮ眠睷瘮物獵楬瑳挮浯਍㈱⸷⸰⸰‱睷⹷楶畲汳獩⹴畲਍㈱⸷⸰⸰‱睷⹷楶畲獳慣⹮潪瑴⹩牯൧ㄊ㜲〮〮ㄮ眠睷瘮物獵潴慴⹬潣൭ㄊ㜲〮〮ㄮ眠睷眮湩潤獷灵慤整洮捩潲潳瑦挮浯਍
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\SplitCam Toolbar\tbcore3.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-324557414-659355397-3272978054-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-324557414-659355397-3272978054-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-324557414-659355397-3272978054-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MMTray] C:\Windows\System32\MMTray.exe (Morgan Multimedia)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-324557414-659355397-3272978054-1000..\Run: [cleansweep.exe] File not found
O4 - HKU\S-1-5-21-324557414-659355397-3272978054-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-324557414-659355397-3272978054-1000..\Run: [Steam] E:\Games\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-324557414-659355397-3272978054-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-324557414-659355397-3272978054-1000..\Run: [Windows Defense Service] File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Gian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\Gian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-324557414-659355397-3272978054-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-324557414-659355397-3272978054-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-324557414-659355397-3272978054-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-324557414-659355397-3272978054-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Gian\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Gian\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/22 20:04:36 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/02/22 20:04:03 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Gian\Desktop\OTM.exe
[2011/02/22 17:49:28 | 000,000,000 | ---D | C] -- C:\Users\Gian\AppData\Roaming\SUPERAntiSpyware.com
[2011/02/22 17:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/02/22 17:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/02/22 17:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/22 17:27:52 | 001,372,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gian\Desktop\tdsskiller.exe
[2011/02/19 22:53:40 | 000,000,000 | ---D | C] -- C:\Users\Gian\Favorites\Documents\BarcelonaHome
[2011/02/13 16:24:55 | 000,000,000 | ---D | C] -- C:\Users\Gian\Favorites\Documents\JuventusHome
[2011/02/13 15:47:37 | 000,000,000 | ---D | C] -- C:\Users\Gian\Favorites\Documents\BrazilHome
[2011/02/13 15:31:55 | 000,000,000 | ---D | C] -- C:\Users\Gian\Favorites\Documents\FranceHome
[2011/02/13 15:26:07 | 000,000,000 | ---D | C] -- C:\Users\Gian\Favorites\Documents\shell
[2011/02/13 15:04:06 | 000,000,000 | ---D | C] -- C:\Users\Gian\Favorites\Documents\nike_brasil_020111
[2011/02/13 15:03:03 | 000,000,000 | ---D | C] -- C:\Users\Gian\AppData\Local\SourceTec
[2011/02/13 15:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec
[2011/02/13 15:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2011/02/13 15:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2011/02/13 14:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Pro CS5
[2011/02/13 14:14:05 | 001,228,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Gian\FlashPro_11_LS1.exe
[2011/02/11 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Graphic Studio
[2011/02/11 18:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Game Graphic Studio
[2011/02/11 17:27:57 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/11 17:27:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/11 17:27:56 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/11 17:27:51 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/11 17:27:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/11 17:27:51 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/11 17:27:51 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/11 17:27:51 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/11 17:27:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/11 17:27:51 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/11 17:27:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/11 17:27:50 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/11 17:27:48 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/11 17:27:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/11 17:27:47 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/11 17:27:46 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/11 17:27:41 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/11 17:27:40 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/11 17:27:40 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/11 17:27:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/11 17:27:38 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/05 21:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/05 21:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/05 21:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/05 20:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/02/05 20:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/05 20:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/26 13:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/01/26 13:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Problem Report Wizard
[2011/01/26 13:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/01/26 13:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/01/25 18:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2011 Patch
[2011/01/25 18:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI
[2011/01/25 18:13:28 | 000,000,000 | ---D | C] -- C:\Users\Gian\Favorites\Documents\KONAMI

========== Files - Modified Within 30 Days ==========

[2011/02/22 20:12:27 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Gian\Desktop\OTL.exe
[2011/02/22 20:11:12 | 000,034,560 | ---- | M] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/02/22 20:07:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/22 20:06:55 | 2415,357,952 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/22 20:04:04 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Gian\Desktop\OTM.exe
[2011/02/22 18:16:26 | 000,624,128 | ---- | M] () -- C:\Users\Gian\Desktop\dds(2).scr
[2011/02/22 17:39:20 | 000,721,253 | ---- | M] () -- C:\Users\Gian\Desktop\rkill.com
[2011/02/22 17:27:50 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gian\Desktop\tdsskiller.exe
[2011/02/22 17:17:45 | 410,303,424 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/22 16:53:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/22 16:32:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-324557414-659355397-3272978054-1000UA.job
[2011/02/22 13:50:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/22 13:39:52 | 000,010,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/22 13:39:52 | 000,010,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/22 13:34:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/21 19:32:06 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-324557414-659355397-3272978054-1000Core.job
[2011/02/21 16:58:56 | 000,002,295 | ---- | M] () -- C:\Users\Gian\.recently-used.xbel
[2011/02/21 12:57:46 | 000,003,304 | ---- | M] () -- C:\Users\Gian\south africa.eps
[2011/02/20 11:30:38 | 004,095,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/19 22:51:38 | 000,352,091 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\BarcelonaHome.swf
[2011/02/17 23:11:57 | 000,067,584 | ---- | M] () -- C:\Users\Gian\Time Management For ALL NEW cadets 2009.doc
[2011/02/13 16:24:06 | 000,344,332 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\JuventusHome.swf
[2011/02/13 15:44:57 | 000,027,307 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\BrazilHome.swf
[2011/02/13 15:31:30 | 000,020,001 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\FranceHome.swf
[2011/02/13 15:30:45 | 000,049,922 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\VictoryNeue.swf
[2011/02/13 15:23:46 | 000,049,929 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\shell.swf
[2011/02/13 15:02:59 | 000,001,112 | ---- | M] () -- C:\Users\Gian\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[2011/02/13 14:35:43 | 001,228,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Gian\FlashPro_11_LS1.exe
[2011/02/13 14:35:41 | 898,984,124 | ---- | M] () -- C:\Users\Gian\FlashPro_11_LS1.7z
[2011/02/12 22:31:09 | 000,082,384 | ---- | M] () -- C:\Users\Gian\REALMADRID2011.ttf
[2011/02/11 23:20:32 | 000,000,746 | ---- | M] () -- C:\Users\Gian\Desktop\NBA 2k11 by TPTB.lnk
[2011/02/11 22:33:50 | 000,002,225 | ---- | M] () -- C:\Users\Gian\Desktop\Google Chrome.lnk
[2011/02/11 22:33:50 | 000,002,102 | ---- | M] () -- C:\Users\Gian\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/05 22:12:23 | 000,038,823 | ---- | M] () -- C:\Users\Gian\Premier League.svg
[2011/02/05 20:52:48 | 000,001,152 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/02/03 00:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/01 18:17:34 | 000,010,037 | ---- | M] () -- C:\Users\Gian\Favorites\Documents\98.docx

========== Files Created - No Company Name ==========

[2011/02/22 20:10:08 | 000,133,632 | ---- | C] () -- C:\Users\Gian\Desktop\RKUnhookerLE.EXE
[2011/02/22 20:09:37 | 000,034,560 | ---- | C] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/02/22 18:22:55 | 000,296,448 | ---- | C] () -- C:\Users\Gian\Desktop\gmer.exe
[2011/02/22 18:16:26 | 000,624,128 | ---- | C] () -- C:\Users\Gian\Desktop\dds(2).scr
[2011/02/22 17:39:24 | 000,721,253 | ---- | C] () -- C:\Users\Gian\Desktop\rkill.com
[2011/02/22 17:17:45 | 410,303,424 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/21 16:58:56 | 000,002,295 | ---- | C] () -- C:\Users\Gian\.recently-used.xbel
[2011/02/21 12:57:46 | 000,003,304 | ---- | C] () -- C:\Users\Gian\south africa.eps
[2011/02/19 22:51:36 | 000,352,091 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\BarcelonaHome.swf
[2011/02/13 16:24:05 | 000,344,332 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\JuventusHome.swf
[2011/02/13 15:44:57 | 000,027,307 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\BrazilHome.swf
[2011/02/13 15:31:30 | 000,020,001 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\FranceHome.swf
[2011/02/13 15:30:44 | 000,049,922 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\VictoryNeue.swf
[2011/02/13 15:23:46 | 000,049,929 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\shell.swf
[2011/02/13 15:02:59 | 000,001,112 | ---- | C] () -- C:\Users\Gian\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[2011/02/13 14:56:36 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CS5.lnk
[2011/02/13 14:55:30 | 000,001,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.lnk
[2011/02/13 14:53:24 | 000,001,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.lnk
[2011/02/13 14:14:06 | 898,984,124 | ---- | C] () -- C:\Users\Gian\FlashPro_11_LS1.7z
[2011/02/12 22:31:02 | 000,082,384 | ---- | C] () -- C:\Users\Gian\REALMADRID2011.ttf
[2011/02/11 23:20:32 | 000,000,746 | ---- | C] () -- C:\Users\Gian\Desktop\NBA 2k11 by TPTB.lnk
[2011/02/05 22:12:23 | 000,038,823 | ---- | C] () -- C:\Users\Gian\Premier League.svg
[2011/02/01 18:17:32 | 000,010,037 | ---- | C] () -- C:\Users\Gian\Favorites\Documents\98.docx
[2011/01/16 00:14:47 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/11/18 20:34:56 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/11/10 16:38:29 | 000,000,000 | ---- | C] () -- C:\Users\Gian\AppData\Local\AutobahnAcceleratorInstall.txt
[2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/03/12 14:02:21 | 000,008,704 | ---- | C] () -- C:\Users\Gian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 21:19:29 | 000,000,768 | ---- | C] () -- C:\Windows\ARPR.INI
[2010/01/11 18:08:06 | 000,138,416 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/01/11 18:08:06 | 000,138,056 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\PnkBstrK.sys
[2009/10/10 20:53:25 | 000,001,086 | ---- | C] () -- C:\Windows\AZPR3.INI
[2009/10/04 14:29:31 | 000,000,139 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\default.rss
[2009/10/03 22:19:18 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/09/26 17:54:51 | 000,017,408 | ---- | C] () -- C:\Windows\System32\SyncBackPro.dll
[2009/09/25 19:42:16 | 000,000,296 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009/09/21 21:26:51 | 000,000,639 | ---- | C] () -- C:\Windows\M3JPEG.INI
[2009/09/21 21:23:50 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/21 21:23:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/21 21:18:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/21 20:41:13 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 18:24:44 | 000,003,584 | ---- | C] () -- C:\Windows\System32\k.dll
[2009/05/27 04:48:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2009/02/18 21:15:02 | 000,000,344 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\wklnhst.dat
[2009/01/31 20:17:51 | 000,000,000 | ---- | C] () -- C:\Windows\wincmd.ini
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/07/26 13:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/04/10 16:33:21 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2007/12/01 14:48:00 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/12/01 14:48:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\Gian\AppData\Roaming\default.rss:OECustomProperty
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Edited by SweetTech, 22 February 2011 - 08:22 PM.
removed code boxes--ST


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 PM

Posted 22 February 2011 - 08:23 PM

Okay, I'm reviewing your OTL log right now. For future logs, i'd be helpful if you did not put them in [code=auto:0] tags.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 PM

Posted 22 February 2011 - 08:29 PM

Hello Dekabreak,

Please download and run the following tool.


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    FF - prefs.js..network.proxy.http: "212.138.84.62"
    FF - prefs.js..network.proxy.http_port: 80
    FF - prefs.js..network.proxy.type: 0
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKU\S-1-5-21-324557414-659355397-3272978054-1000..\Run: [cleansweep.exe] File not found
    O4 - HKU\S-1-5-21-324557414-659355397-3272978054-1000..\Run: [Windows Defense Service] File not found
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-324557414-659355397-3272978054-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    @Alternate Data Stream - 143 bytes -> C:\Users\Gian\AppData\Roaming\default.rss:OECustomProperty
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 22 February 2011 - 09:05 PM

Here's the MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5848

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

2/22/2011 9:04:02 PM
mbam-log-2011-02-22 (21-04-02).txt

Scan type: Quick scan
Objects scanned: 170625
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\cleansweep.exe\config.bin (Trojan.Agent) -> Quarantined and deleted successfully.

Here's the OTL log:
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Prefs.js: "212.138.84.62" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-324557414-659355397-3272978054-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cleansweep.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-324557414-659355397-3272978054-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defense Service deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-324557414-659355397-3272978054-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
ADS C:\Users\Gian\AppData\Roaming\default.rss:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:888AFB86 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Gian\Desktop\cmd.bat deleted successfully.
C:\Users\Gian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gian
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 37488 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37197183 bytes
->Google Chrome cache emptied: 6313150 bytes
->Flash cache emptied: 12737 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1686 bytes
RecycleBin emptied: 133632 bytes

Total Files Cleaned = 42.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Gian
->Flash cache emptied: 0 bytes

User: Mcx1

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.21.0 log created on 02222011_204943


I forgot to say this, but I'm running in Safe Mode because the probably the rootkit caused my computer to BSOD.

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 PM

Posted 22 February 2011 - 09:11 PM

Hello,

I forgot to say this, but I'm running in Safe Mode because the probably the rootkit caused my computer to BSOD.

Okay.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 22 February 2011 - 09:41 PM

ComboFix 11-02-22.01 - Gian 02/22/2011 21:24:01.3.4 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2153 [GMT -5:00]
Running from: c:\users\Gian\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Gian\greenpois0n.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-23 02:32 . 2011-02-23 02:34 -------- d-----w- c:\users\Gian\AppData\Local\temp
2011-02-23 02:32 . 2011-02-23 02:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-02-23 02:32 . 2011-02-23 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 02:32 . 2011-02-23 02:32 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-02-23 01:49 . 2011-02-23 01:49 -------- d-----w- C:\_OTL
2011-02-23 01:09 . 2011-02-23 01:11 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2011-02-23 01:04 . 2011-02-23 01:04 -------- d-----w- C:\_OTM
2011-02-22 22:49 . 2011-02-22 22:49 -------- d-----w- c:\users\Gian\AppData\Roaming\SUPERAntiSpyware.com
2011-02-22 22:49 . 2011-02-22 22:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-22 22:42 . 2011-02-22 22:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-22 18:41 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49F1AC37-68EB-4DC2-A69C-A5189B049EFF}\mpengine.dll
2011-02-13 20:03 . 2011-02-13 20:03 -------- d-----w- c:\users\Gian\AppData\Local\SourceTec
2011-02-13 20:02 . 2011-02-13 20:02 -------- d-----w- c:\program files\Common Files\SourceTec
2011-02-13 20:02 . 2011-02-13 20:02 -------- d-----w- c:\program files\SourceTec
2011-02-13 19:36 . 2011-02-13 19:38 -------- d-----w- c:\program files\Flash Pro CS5
2011-02-13 19:14 . 2011-02-13 19:35 1228424 ----a-w- c:\users\Gian\FlashPro_11_LS1.exe
2011-02-11 23:39 . 2011-02-11 23:39 -------- d-----w- c:\program files\Game Graphic Studio
2011-02-06 02:00 . 2011-02-06 02:00 -------- d-----w- c:\program files\iPod
2011-02-06 02:00 . 2011-02-06 02:01 -------- d-----w- c:\program files\iTunes
2011-02-06 01:57 . 2011-02-06 01:57 -------- d-----w- c:\program files\Bonjour
2011-01-26 18:25 . 2011-01-26 18:25 -------- d-----w- c:\programdata\ATI
2011-01-26 18:23 . 2011-01-26 18:23 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-01-25 23:15 . 2011-01-25 23:15 -------- d-----w- c:\programdata\KONAMI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-09 08:01 . 2010-01-11 23:08 138416 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-09 08:01 . 2010-01-11 23:07 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-09 08:00 . 2010-01-12 00:56 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-09 08:00 . 2010-01-11 23:07 270904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-08 05:12 . 2010-01-11 23:08 138056 ----a-w- c:\users\Gian\AppData\Roaming\PnkBstrK.sys
2011-01-08 05:11 . 2010-01-28 23:59 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-12-20 23:09 . 2010-05-31 18:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-05-31 18:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 23:51 . 2010-12-14 23:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-14 23:51 . 2010-12-14 23:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-07-27 2515552]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-07-27 14:40 2515552 ----a-w- c:\program files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-07-27 2515552]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-07-27 2515552]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Google Update"="c:\users\Gian\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-08 133104]
"Steam"="e:\games\Steam\steam.exe" [2010-11-16 1242448]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"MMTray"="MMTray.exe" [2001-11-09 53248]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 336384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"OTL"="c:\users\Gian\Desktop\OTL.exe" [2011-02-23 577024]

c:\users\Gian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\users\Gian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2010-4-2 802056]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
WeGame.lnk - c:\program files\WeGame\wegame.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@="[6cFgE][S??d, ?de ??d g? o?tr?l?? !!! !!! !]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@="Portable Media Devices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide

R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca1f43cfd1aa98;Google Update Service (gupdate1ca1f43cfd1aa98);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-17 133104]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-13 1394688]
R3 Normandy;Normandy SR2; [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\DRIVERS\rt2500usb.sys [2004-06-22 139904]
R3 UsbGps;LGE Mobile USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgusbgps.sys [2010-01-21 19840]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1343400]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2007-05-15 42496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]


--- Other Services/Drivers In Memory ---

*Deregistered* - SCDEmu

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HsfXAudioService REG_MULTI_SZ HsfXAudioService
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-20 14:05]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-17 14:05]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-17 14:05]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-324557414-659355397-3272978054-1000Core.job
- c:\users\Gian\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-08 01:07]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-324557414-659355397-3272978054-1000UA.job
- c:\users\Gian\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-08 01:07]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\users\Gian\AppData\Roaming\Mozilla\Firefox\Profiles\bgd3m9d6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - %profile%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
FF - Ext: Embedded Objects: firefox@red-cog.com - %profile%\extensions\firefox@red-cog.com
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-BrainBread_is1 - c:\program files\steam\steamapps\dekabreak101\half-life\unins000.exe
AddRemove-CamStudio - c:\program files\CamStudio\uninstall.exe
AddRemove-Doomsday Engine_is1 - c:\users\Gian\Desktop\DOOMY\Doomsday\unins000.exe
AddRemove-Half-Life 2: Jaykin' Bacon Source - c:\program files\Steam\steamapps\dekabreak101\half-life\UninstallHL2JKS.exe
AddRemove-Steam App 100 - c:\program files\Steam\steam.exe
AddRemove-Steam App 10090 - c:\program files\Steam\steam.exe
AddRemove-Steam App 10180 - c:\program files\Steam\steam.exe
AddRemove-Steam App 10190 - c:\program files\Steam\steam.exe
AddRemove-Steam App 1200 - c:\program files\Steam\steam.exe
AddRemove-Steam App 1280 - c:\program files\Steam\steam.exe
AddRemove-Steam App 12910 - c:\program files\Steam\steam.exe
AddRemove-Steam App 13210 - c:\program files\Steam\steam.exe
AddRemove-Steam App 17570 - c:\program files\Steam\steam.exe
AddRemove-Steam App 17700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 218 - c:\program files\Steam\steam.exe
AddRemove-Steam App 240 - c:\program files\Steam\steam.exe
AddRemove-Steam App 2620 - c:\program files\Steam\steam.exe
AddRemove-Steam App 2630 - c:\program files\Steam\steam.exe
AddRemove-Steam App 300 - c:\program files\Steam\steam.exe
AddRemove-Steam App 302 - c:\program files\Steam\steam.exe
AddRemove-Steam App 320 - c:\program files\Steam\steam.exe
AddRemove-Steam App 340 - c:\program files\Steam\steam.exe
AddRemove-Steam App 3483 - c:\program files\Steam\steam.exe
AddRemove-Steam App 360 - c:\program files\Steam\steam.exe
AddRemove-Steam App 3830 - c:\program files\Steam\steam.exe
AddRemove-Steam App 39000 - c:\program files\Steam\steam.exe
AddRemove-Steam App 4000 - c:\program files\Steam\steam.exe
AddRemove-Steam App 410 - c:\program files\Steam\steam.exe
AddRemove-Steam App 42700 - c:\program files\Steam\steam.exe
AddRemove-Steam App 42710 - c:\program files\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
AddRemove-Steam App 500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 6060 - c:\program files\Steam\steam.exe
AddRemove-Steam App 630 - c:\program files\Steam\steam.exe
AddRemove-Steam App 8840 - c:\program files\Steam\steam.exe
AddRemove-Zombie Panic!_is1 - c:\program files\steam\steamapps\dekabreak101\half-life\unins001.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Gian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1636)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2011-02-22 21:39:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-23 02:39
ComboFix2.txt 2010-05-31 17:37
ComboFix3.txt 2010-05-31 17:05

Pre-Run: 152,932,110,336 bytes free
Post-Run: 155,937,697,792 bytes free

- - End Of File - - BE77ED9064E00AE00AAB4BBECD33E525


Is it okay to go to full Win7 mode?

#13 Dekabreak

Dekabreak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 22 February 2011 - 10:22 PM

looks like the redirecting problem is gone...

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 PM

Posted 23 February 2011 - 12:36 PM

Dekabreak,

Is it okay to go to full Win7 mode?


Yes, you should be able to access Normal mode now.

We will run a few additional scans to ensure we've gotten it all.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 PM

Posted 26 February 2011 - 12:17 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users