Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 EXEUNT

EXEUNT

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 26 April 2011 - 10:43 AM

Hello,

I'm hoping someone can help. My comp has been infected by some kind of redirect virus, so when I click on legitimate links I'm redirected to spam sites. It has also interfered with some of the .exe files I've attempted to run. In addition it's been playing with my network connection.

I'm afraid I haven't been very systematic in trying to combat this, a panic and throw-everything-I-can-at-it approach, vaguely hoping it will all go away - erk!

I've run my priorly installed malwarebytes and SpybotS&D (which managed to update their databases) and they threw up a few things which I clicked to fix.

I ran CC Cleaner on the registry and all the caches. I restored my registry with Little Registry Cleaner.

I managed to run TDSSKiller and it got rid of a couple of things, but now comes up clean.

I'm afraid I ran Combofix. At first it was giving me a "CFS Script name error" but I borrowed some code off a forum for a fix.bat and managed to run it. I deleted the suspicious files (!).

The same renaming trick didn't help with Hitman Pro which gives the error "not a valid Win 32 application". Rootkit Unhooker similarly returns an "Error Loading Driver, NTSSTATUS code: C000036B" and refuses to run, and Icesword brings up "Initialise failed[1]".

I thought I might try something from the router-end, so I reset to factory settings and newly configured my network name and security. I also flushed the DNS. After that I connected a few times successfully, but shortly after it began giving me limited access and the message "no network identified". Rebooting the router has got me back online for now.

I also ran Hijack This but can't left it alone.

So that's where I'm haphazardly and stumpedly at. It's a virulent horrible user experience, and I'm freaking out about it infecting other drives. If someone could help I would be eternally grateful.

---

*update*

I no longer appear to be getting the redirect, which is good news (I think malwarebytes worked here). I still wary of my networks connection/router, and those .exe's still appear to be compromised, so I guess it's likely there are still things lurking.

---

Here is the DDS log:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by DBY at 16:09:17.61 on 26/04/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4095.2736 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ASDR.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
C:\Users\DBY\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\DBY\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:56525
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: {074c1dc5-9320-4a9a-947d-c042949c6216} - ContributeBHO Class
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} -
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\DBY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\DBY\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DBY\AppData\Roaming\Mozilla\Firefox\Profiles\moleeaxl.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56525
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Users\DBY\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-20 55280]
R1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2010-6-19 16384]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-6-19 20968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2009-6-10 867328]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-10-4 131688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-1-13 79360]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 FoxAwdWINFLASH64;FoxAwdWINFLASH64;C:\Program Files (x86)\FOXCONN\FOX LiveUpdate\FoxAwdWINFLASH64.sys [2010-3-29 17808]
S3 FXDrv32;FXDrv32;C:\Program Files (x86)\FOXCONN\FOX LiveUpdate\FXDrv64.sys [2010-3-29 32024]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\Sandra Lite 2010\RpcAgentSrv.exe [2010-3-29 93848]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-19 1255736]
.
=============== Created Last 30 ================
.
2011-04-26 14:26:32 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-26 07:02:22 6611280 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-04-26 07:02:17 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{81C57CA7-6A09-4E2B-9536-C43D025BE018}\mpengine.dll
2011-04-26 05:49:51 -------- d-----w- C:\PROGRA~3\MFAData
2011-04-26 05:26:54 388608 ----a-w- C:\HijackThis.exe
2011-04-26 05:17:06 95744 ----a-w- C:\rku37300509.exe
2011-04-26 05:11:58 143 ----a-w- C:\fix.bat
2011-04-26 04:53:50 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys
2011-04-26 04:48:00 98816 ----a-w- C:\Windows\sed.exe
2011-04-26 04:48:00 89088 ----a-w- C:\Windows\MBR.exe
2011-04-26 04:48:00 256512 ----a-w- C:\Windows\PEV.exe
2011-04-26 04:48:00 161792 ----a-w- C:\Windows\SWREG.exe
2011-04-26 04:42:29 4330054 ----a-r- C:\ComboFix.exe
2011-04-26 04:30:18 0 ----a-w- C:\HitmanPro35_x64.exe
2011-04-26 04:01:02 -------- d-----w- C:\Program Files\iTunes
2011-04-26 04:01:02 -------- d-----w- C:\Program Files\iPod
2011-04-26 04:01:02 -------- d-----w- C:\Program Files (x86)\iTunes
2011-04-26 03:59:24 -------- d-----w- C:\Program Files\Bonjour
2011-04-26 02:36:49 -------- d-----w- C:\Users\DBY\AppData\Roaming\iPhone Tool Kits
2011-04-26 02:36:15 6144 ----a-w- C:\Windows\System32\ff_acm.acm
2011-04-26 02:36:15 60273 ----a-w- C:\Windows\System32\pthreadGC2.dll
2011-04-26 02:36:15 57344 ----a-w- C:\Windows\System32\ff_vfw.dll
2011-04-26 02:36:15 258352 ----a-w- C:\Windows\System32\unicows.dll
2011-04-26 02:36:14 98304 ----a-w- C:\Windows\System32\L3CODECX.AX
2011-04-26 02:36:14 499712 ----a-w- C:\Windows\System32\MSVCP71.DLL
2011-04-26 02:36:14 348160 ----a-w- C:\Windows\System32\MSVCR71.DLL
2011-04-26 02:36:14 1060864 ----a-w- C:\Windows\System32\MFC71.DLL
2011-04-26 02:36:13 -------- d-----w- C:\Program Files\Cucusoft
2011-04-14 23:21:11 -------- d-----w- C:\Users\DBY\AppData\Local\AirVideoServer
2011-04-14 23:20:59 -------- d-----w- C:\jexepackres
2011-04-14 23:20:53 -------- d-----w- C:\Program Files (x86)\AirVideoServer
2011-04-08 21:51:49 -------- d-----w- C:\Users\DBY\AppData\Roaming\GetRightToGo
2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 15:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 15:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 15:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 15:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-04-04 17:40:04 -------- d-----w- C:\OkiDriver
2011-04-04 14:53:19 -------- d-----w- C:\Program Files (x86)\kBilling
.
==================== Find3M ====================
.
2011-02-18 15:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 15:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-02 21:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 17:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:09:32.59 ===============

Edited by EXEUNT, 26 April 2011 - 11:01 AM.


BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 AM

Posted 03 May 2011 - 07:45 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 EXEUNT

EXEUNT
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 04 May 2011 - 02:55 PM

Thanks so much for getting back. Don't know whether the GMER log is going to be too useful as I'm on a 64bit OS, but have attached it as instructed. DDS to follow:


.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by DBY at 19:56:47.94 on 04/05/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4095.2429 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\ASDR.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\DBY\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DBY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\DBY\Desktop\dds (1).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:56525
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: {074c1dc5-9320-4a9a-947d-c042949c6216} - ContributeBHO Class
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} -
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
uRun: [Google Update] "C:\Users\DBY\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\DBY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\DBY\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DBY\AppData\Roaming\Mozilla\Firefox\Profiles\moleeaxl.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56525
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Users\DBY\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-20 55280]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-4-26 600920]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-4-26 287064]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-5-4 254528]
R1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2010-6-19 16384]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-4-26 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-4-26 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-4-26 42184]
R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-6-19 20968]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-4-25 1771336]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-3-8 341832]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2009-6-10 867328]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-10-4 131688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-1-13 79360]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 FoxAwdWINFLASH64;FoxAwdWINFLASH64;C:\Program Files (x86)\FOXCONN\FOX LiveUpdate\FoxAwdWINFLASH64.sys [2010-3-29 17808]
S3 FXDrv32;FXDrv32;C:\Program Files (x86)\FOXCONN\FOX LiveUpdate\FXDrv64.sys [2010-3-29 32024]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\Sandra Lite 2010\RpcAgentSrv.exe [2010-3-29 93848]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-19 1255736]
.
=============== Created Last 30 ================
.
2011-05-04 09:04:57 -------- d-----w- C:\FM Genie Scout 11
2011-05-04 04:43:25 -------- d-----w- C:\Users\DBY\AppData\Local\Sports Interactive
2011-05-04 04:23:48 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-05-04 04:23:39 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-05-03 14:08:28 -------- d-----w- C:\PROGRA~3\Splashtop
2011-05-03 14:08:04 -------- d-----w- C:\Program Files (x86)\Splashtop
2011-05-03 14:07:11 -------- d-----w- C:\Program Files (x86)\Downloaded Installations
2011-04-26 15:54:52 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-04-26 15:54:51 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-04-26 15:53:59 40112 ----a-w- C:\Windows\avastSS.scr
2011-04-26 15:53:54 -------- d-----w- C:\Program Files\AVAST Software
2011-04-26 15:53:54 -------- d-----w- C:\PROGRA~3\AVAST Software
2011-04-26 14:26:32 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-26 07:02:22 6611280 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-04-26 07:02:17 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{81C57CA7-6A09-4E2B-9536-C43D025BE018}\mpengine.dll
2011-04-26 05:49:51 -------- d-----w- C:\PROGRA~3\MFAData
2011-04-26 05:26:54 388608 ----a-w- C:\HijackThis.exe
2011-04-26 05:17:06 95744 ----a-w- C:\rku37300509.exe
2011-04-26 05:11:58 143 ----a-w- C:\fix.bat
2011-04-26 04:53:50 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys
2011-04-26 04:48:00 98816 ----a-w- C:\Windows\sed.exe
2011-04-26 04:48:00 89088 ----a-w- C:\Windows\MBR.exe
2011-04-26 04:48:00 256512 ----a-w- C:\Windows\PEV.exe
2011-04-26 04:48:00 161792 ----a-w- C:\Windows\SWREG.exe
2011-04-26 04:42:29 4330054 ----a-r- C:\ComboFix.exe
2011-04-26 04:30:18 0 ----a-w- C:\HitmanPro35_x64.exe
2011-04-26 04:01:02 -------- d-----w- C:\Program Files\iTunes
2011-04-26 04:01:02 -------- d-----w- C:\Program Files\iPod
2011-04-26 04:01:02 -------- d-----w- C:\Program Files (x86)\iTunes
2011-04-26 03:59:24 -------- d-----w- C:\Program Files\Bonjour
2011-04-26 02:36:49 -------- d-----w- C:\Users\DBY\AppData\Roaming\iPhone Tool Kits
2011-04-26 02:36:15 6144 ----a-w- C:\Windows\System32\ff_acm.acm
2011-04-26 02:36:15 60273 ----a-w- C:\Windows\System32\pthreadGC2.dll
2011-04-26 02:36:15 57344 ----a-w- C:\Windows\System32\ff_vfw.dll
2011-04-26 02:36:15 258352 ----a-w- C:\Windows\System32\unicows.dll
2011-04-26 02:36:14 98304 ----a-w- C:\Windows\System32\L3CODECX.AX
2011-04-26 02:36:14 499712 ----a-w- C:\Windows\System32\MSVCP71.DLL
2011-04-26 02:36:14 348160 ----a-w- C:\Windows\System32\MSVCR71.DLL
2011-04-26 02:36:14 1060864 ----a-w- C:\Windows\System32\MFC71.DLL
2011-04-26 02:36:13 -------- d-----w- C:\Program Files\Cucusoft
2011-04-14 23:21:11 -------- d-----w- C:\Users\DBY\AppData\Local\AirVideoServer
2011-04-14 23:20:59 -------- d-----w- C:\jexepackres
2011-04-14 23:20:53 -------- d-----w- C:\Program Files (x86)\AirVideoServer
2011-04-08 21:51:49 -------- d-----w- C:\Users\DBY\AppData\Roaming\GetRightToGo
2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 15:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 15:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 15:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 15:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
.
==================== Find3M ====================
.
2011-02-18 15:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 15:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
.
============= FINISH: 19:57:05.42 ===============

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 06 May 2011 - 05:06 AM

Hello EXEUNT ! Welcome to BleepingComputer Forums! :welcome:


My name is Georgi and and I will be helping you with your computer problems.


Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



Please do not run any tools on your own ! These tools are not a toy and not for everyday use. You can easily misunderstand the results of the scan that can cause you to make mistakes that could render your PC unusable.



:step1:



Please download Malwarebytes Anti-Malware 1.50.1 Final and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



:step2:



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



:step3:



We need to run an OTL Custom Scan


  • Please download OTL from the link below:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Under the Standard Registry box change it to All
    - Check the boxes beside LOP Check and Purity Check.
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\Application Data\*.*
    %USERPROFILE%\Local Settings\Application Data\*.*
    %AllUsersProfile%\*.*
    %AllUsersProfile%\Application Data\*.*
    %USERPROFILE%\AppData\*.*
    %USERPROFILE%\My Documents\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    userinit.exe
    explorer.exe
    volsnap.sys
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Please include the following logs in your next reply:

  • MBAM log
  • ASWmbr.txt
  • OTL.txt and Extra.txt



Regards,
Georgi

cXfZ4wS.png


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 09 May 2011 - 10:20 AM

Hi EXEUNT,



It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 48 hours.



Regards,
Georgi

cXfZ4wS.png


#6 EXEUNT

EXEUNT
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 09 May 2011 - 03:04 PM

Hi Georgi, sorry about the slow reply - will endeavour to respond much more swiftly in future. Here are the log files. Good luck with deciphering them. Thanks for this. John.

-----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6540

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/05/2011 20:46:50
mbam-log-2011-05-09 (20-46-50).txt

Scan type: Quick scan
Objects scanned: 167435
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-09 20:47:42
-----------------------------
20:47:42.017 OS Version: Windows x64 6.1.7600
20:47:42.017 Number of processors: 3 586 0x402
20:47:42.018 ComputerName: DBY-PC UserName: DBY
20:47:42.709 Initialize success
20:48:02.212 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
20:48:02.213 Disk 0 Vendor: WDC_WD3200SD-01KNB0 08.05J08 Size: 305244MB BusType: 3
20:48:02.218 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
20:48:02.219 Disk 1 Vendor: WDC_WD2500JB-19GVA0 08.02D08 Size: 238475MB BusType: 3
20:48:02.234 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-4
20:48:02.235 Disk 2 Vendor: ExcelStor_Technology_J8160S P22OA50U Size: 157065MB BusType: 3
20:48:04.272 Disk 2 MBR read successfully
20:48:04.274 Disk 2 MBR scan
20:48:04.276 Disk 2 Windows 7 default MBR code
20:48:04.278 Service scanning
20:48:05.744 Disk 2 trace - called modules:
20:48:05.755 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:48:05.758 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8004919060]
20:48:05.760 3 CLASSPNP.SYS[fffff880018eb43f] -> nt!IofCallDriver -> [0xfffffa8004765580]
20:48:05.764 5 ACPI.sys[fffff88000e37781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0xfffffa8004768060]
20:48:05.767 Scan finished successfully
20:48:24.956 Disk 2 MBR has been saved successfully to "C:\Users\DBY\Desktop\MBR.dat"
20:48:24.960 The log file has been saved successfully to "C:\Users\DBY\Desktop\aswMBR.txt"

-----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------

OTL logfile created on: 09/05/2011 20:49:58 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\DBY\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
8.00 Gb Paging File | 4.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 153.38 Gb Total Space | 19.28 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 298.08 Gb Total Space | 12.64 Gb Free Space | 4.24% Space Free | Partition Type: NTFS
Drive F: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 1008.67 Mb Total Space | 604.86 Mb Free Space | 59.97% Space Free | Partition Type: FAT
Drive H: | 931.28 Gb Total Space | 165.01 Gb Free Space | 17.72% Space Free | Partition Type: FAT32
Drive R: | 232.88 Gb Total Space | 121.06 Gb Free Space | 51.98% Space Free | Partition Type: NTFS

Computer Name: DBY-PC | User Name: DBY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 20:43:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DBY\Desktop\OTL.exe
PRC - [2011/05/09 20:43:39 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\DBY\Desktop\aswMBR.exe
PRC - [2011/05/07 04:27:52 | 033,486,152 | ---- | M] (Sports Interactive) -- C:\Program Files (x86)\Sports Interactive\Football Manager 2011\fm.exe
PRC - [2011/04/25 13:57:56 | 001,771,336 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/04/25 13:57:42 | 002,190,152 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011/04/18 18:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/08 03:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/09/22 02:03:56 | 004,923,784 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/06/10 21:57:14 | 007,201,280 | ---- | M] (NewsGator Technologies, Inc.) -- C:\Program Files (x86)\FeedDemon\FeedDemon.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/02/26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Users\DBY\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/09 20:43:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DBY\Desktop\OTL.exe
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/02 17:44:30 | 000,039,424 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- C:\Program Files\nHancer\nHancerService.exe -- (nHancer)
SRV:64bit: - [2009/08/10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\Sandra Lite 2010\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/25 13:57:56 | 001,771,336 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/03/08 03:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/01/13 16:32:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/07/29 15:48:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/04 05:23:48 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/04/18 18:13:13 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/06/21 23:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/19 19:14:50 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/03/18 20:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010/03/18 20:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010/03/18 20:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010/03/18 20:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/03/18 20:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/03/18 20:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/03/18 20:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/03/18 20:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/03/18 20:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/03/18 20:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2010/03/18 20:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2010/03/18 20:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2010/03/18 20:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2010/03/18 20:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2010/03/18 20:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2010/03/18 20:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2010/03/18 20:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandra Lite 2010\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009/07/30 10:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/04/26 16:28:37 | 000,024,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\rkhdrv40.sys -- (rkhdrv40)
DRV - [2010/08/16 00:56:20 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2007/06/13 06:50:26 | 000,017,808 | ---- | M] (Foxconn ® Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\FOXCONN\FOX LiveUpdate\FoxAwdWINFLASH64.sys -- (FoxAwdWINFLASH64)
DRV - [2007/02/07 19:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005/12/08 10:46:00 | 000,032,024 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\FOXCONN\FOX LiveUpdate\FXDrv64.sys -- (FXDrv32)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 3E F2 5E 05 19 CB 01 [binary data]
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56525

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56525
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/26 16:54:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/27 00:31:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/27 00:31:14 | 000,000,000 | ---D | M]

[2010/08/21 15:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DBY\AppData\Roaming\Mozilla\Extensions
[2010/08/21 15:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DBY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/26 18:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DBY\AppData\Roaming\Mozilla\Firefox\Profiles\moleeaxl.default\extensions
[2011/03/12 18:13:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DBY\AppData\Roaming\Mozilla\Firefox\Profiles\moleeaxl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/26 18:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/27 00:31:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/08/21 15:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/04 05:03:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/12 20:00:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/26 16:54:07 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/03/27 00:31:13 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2011/03/27 00:31:13 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/27 00:31:13 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2011/01/23 05:18:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2011/01/23 05:18:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/01/23 05:18:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/01/23 05:18:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/01/23 05:18:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/01/23 05:18:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/01/23 05:18:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/09/23 02:51:10 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/23 02:51:10 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/09/23 02:51:10 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/23 02:51:10 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/23 02:51:10 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/23 02:51:10 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/09/23 02:51:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/23 02:51:10 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/26 06:37:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-682687048-1201014716-1814729331-1001..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe ()
O4 - HKU\S-1-5-21-682687048-1201014716-1814729331-1001..\Run: [Google Update] C:\Users\DBY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-682687048-1201014716-1814729331-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\DBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DBY\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/26 06:12:27 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/06/16 18:53:05 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/16 13:57:50 | 000,000,154 | R--- | M] () - F:\autorun.cfg -- [ UDF ]
O32 - AutoRun File - [2010/10/05 15:53:16 | 000,214,344 | R--- | M] (Sports Interactive) - F:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/11 14:26:42 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/02/20 05:17:38 | 000,000,029 | -H-- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/14 16:57:52 | 000,000,766 | -H-- | M] () - H:\autorun.ico -- [ FAT32 ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - R:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^DBY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\DBY\AppData\Roaming\Dropbox\bin\Dropbox.exe - ()
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe_ID0EYTHM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Aim - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: CTHelper - hkey= - key= - C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\DBY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

========== Files/Folders - Created Within 90 Days ==========

[2011/05/09 20:43:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\DBY\Desktop\OTL.exe
[2011/05/09 20:43:38 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\DBY\Desktop\aswMBR.exe
[2011/05/09 20:39:30 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\DBY\Desktop\mbam-setup.exe
[2011/05/08 01:12:16 | 000,000,000 | ---D | C] -- C:\Users\DBY\Desktop\fwdchekhovinhellphotos
[2011/05/08 00:49:03 | 000,000,000 | ---D | C] -- C:\Users\DBY\Desktop\fwdproductionimages
[2011/05/07 20:59:12 | 000,000,000 | ---D | C] -- C:\FMRTE
[2011/05/04 20:10:36 | 000,000,000 | ---D | C] -- C:\Users\DBY\Desktop\jailbreak
[2011/05/04 20:09:46 | 000,000,000 | ---D | C] -- C:\Users\DBY\Desktop\fm
[2011/05/04 10:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 11
[2011/05/04 10:04:57 | 000,000,000 | ---D | C] -- C:\FM Genie Scout 11
[2011/05/04 05:43:25 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Local\Sports Interactive
[2011/05/04 05:23:48 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/05/04 05:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/05/04 05:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/05/03 15:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2011/05/03 15:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
[2011/05/03 15:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop
[2011/05/03 15:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
[2011/05/01 22:25:47 | 000,000,000 | ---D | C] -- C:\Users\DBY\Desktop\Testacular - week 1
[2011/04/26 16:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/04/26 16:54:56 | 000,287,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/04/26 16:54:56 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/04/26 16:54:54 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/04/26 16:54:53 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/04/26 16:54:52 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/04/26 16:54:51 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/04/26 16:54:51 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/04/26 16:53:59 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/26 16:53:58 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/04/26 16:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/26 16:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/26 15:26:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/26 14:55:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/26 14:51:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/26 06:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/26 06:26:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HijackThis.exe
[2011/04/26 06:13:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/26 06:12:27 | 000,000,000 | ---D | C] -- C:\Autorun.inf
[2011/04/26 05:48:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/26 05:48:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/26 05:47:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/26 05:47:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/26 05:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/26 05:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/26 05:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/04/26 05:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/26 04:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/26 03:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/26 03:36:49 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Roaming\iPhone Tool Kits
[2011/04/26 03:36:15 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unicows.dll
[2011/04/26 03:36:15 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysNative\pthreadGC2.dll
[2011/04/26 03:36:14 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFC71.DLL
[2011/04/26 03:36:14 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVCP71.DLL
[2011/04/26 03:36:14 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVCR71.DLL
[2011/04/26 03:36:14 | 000,098,304 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\L3CODECX.AX
[2011/04/26 03:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Cucusoft
[2011/04/15 00:21:11 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Local\AirVideoServer
[2011/04/15 00:20:59 | 000,000,000 | ---D | C] -- C:\jexepackres
[2011/04/15 00:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Video Server
[2011/04/15 00:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AirVideoServer
[2011/04/08 22:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2011/04/08 22:51:49 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Roaming\GetRightToGo
[2011/04/06 16:26:58 | 000,237,856 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/04/06 16:26:58 | 000,119,584 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/04/06 16:26:58 | 000,096,544 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/04/06 16:26:58 | 000,069,408 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[2011/04/04 18:40:04 | 000,000,000 | ---D | C] -- C:\OkiDriver
[2011/04/04 15:53:20 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kBilling
[2011/04/04 15:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kBilling
[2011/04/04 15:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kBilling
[2011/03/27 02:04:39 | 000,000,000 | ---D | C] -- C:\Users\DBY\Desktop\John Betjeman
[2011/03/16 23:18:08 | 000,000,000 | ---D | C] -- C:\Users\DBY\Desktop\LSE
[2011/03/12 20:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/03/12 20:00:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/03/12 20:00:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/03/12 20:00:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/03/12 19:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/03/12 13:50:29 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/11 17:12:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweetDeck
[2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\DBY\Desktop\TDSSKiller.exe
[2011/02/18 16:36:58 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2011/02/18 16:36:58 | 000,051,712 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2011/02/09 13:11:20 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/02/09 13:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Selteco
[2011/02/09 13:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Selteco
[2010/03/18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/03/18 18:59:50 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[6 C:\Users\DBY\Desktop\*.tmp files -> C:\Users\DBY\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/05/09 20:48:24 | 000,000,512 | ---- | M] () -- C:\Users\DBY\Desktop\MBR.dat
[2011/05/09 20:43:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DBY\Desktop\OTL.exe
[2011/05/09 20:43:39 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\DBY\Desktop\aswMBR.exe
[2011/05/09 20:41:25 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/09 20:39:56 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\DBY\Desktop\mbam-setup.exe
[2011/05/09 20:13:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-682687048-1201014716-1814729331-1001UA.job
[2011/05/09 17:22:39 | 000,003,421 | ---- | M] () -- C:\Users\DBY\Desktop\Zero Sea' Fairyland V3.rar
[2011/05/08 23:13:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-682687048-1201014716-1814729331-1001Core.job
[2011/05/08 17:45:37 | 122,149,458 | ---- | M] () -- C:\Users\DBY\Desktop\HRM 2nd.pdf
[2011/05/08 17:42:00 | 000,037,824 | ---- | M] () -- C:\Users\DBY\Desktop\[MONOVA.ORG] Human_Resource_Management_2nd_Edition_Steen_Noe_Hollenbeck_Barr.torrent
[2011/05/08 03:28:23 | 000,014,712 | ---- | M] () -- C:\Users\DBY\Desktop\J.G.++Ballard+-+The+Drowned+World+%28Unabridged%29.torrent
[2011/05/08 00:49:41 | 005,689,024 | ---- | M] () -- C:\Users\DBY\Desktop\fwdchekhovinhellphotos.zip
[2011/05/08 00:48:20 | 002,319,001 | ---- | M] () -- C:\Users\DBY\Desktop\fwdproductionimages.zip
[2011/05/07 20:59:22 | 000,002,533 | ---- | M] () -- C:\Users\Public\Desktop\Mini-FMRTE.lnk
[2011/05/07 04:27:53 | 010,542,592 | ---- | M] () -- C:\Users\DBY\Desktop\FMRTE - v4.3.0.msi
[2011/05/07 03:43:45 | 198,549,504 | ---- | M] () -- C:\Users\DBY\Desktop\fm2011v11.3.0_pc_patch.exe
[2011/05/06 02:52:22 | 000,013,366 | ---- | M] () -- C:\Users\DBY\Desktop\41FC6169BBEF1EC0E32A52429E7B8E74CA9CD28C.torrent
[2011/05/06 02:51:17 | 000,026,470 | ---- | M] () -- C:\Users\DBY\Desktop\Peter_Ackroyd_-_The_Mystery_Of_Charles_Dickens_(Simon_Callow).4599233.TPB.torrent
[2011/05/05 13:20:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/05 10:11:02 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2011/05/05 10:11:02 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2011/05/05 10:11:02 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2011/05/05 10:11:02 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2011/05/05 10:11:02 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2011/05/04 19:57:40 | 000,000,168 | ---- | M] () -- C:\Users\DBY\defogger_reenable
[2011/05/04 19:56:26 | 000,302,080 | ---- | M] () -- C:\Users\DBY\Desktop\gmer.exe
[2011/05/04 19:54:10 | 000,293,775 | ---- | M] () -- C:\Users\DBY\Desktop\gmer.zip
[2011/05/04 19:52:13 | 000,625,664 | ---- | M] () -- C:\Users\DBY\Desktop\dds (1).scr
[2011/05/04 19:25:12 | 000,818,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/04 19:25:12 | 000,694,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/04 19:25:12 | 000,132,608 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/04 19:20:52 | 005,459,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/04 19:19:46 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/04 05:23:48 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/05/04 05:23:46 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/05/01 22:25:34 | 000,178,962 | ---- | M] () -- C:\Users\DBY\Desktop\Testacular.zip
[2011/04/27 01:22:06 | 000,000,000 | ---- | M] () -- C:\Users\DBY\Desktop\HitmanPro35_x64.exe
[2011/04/26 16:54:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/04/26 16:28:37 | 000,024,448 | ---- | M] () -- C:\Windows\SysWow64\drivers\rkhdrv40.sys
[2011/04/26 14:10:30 | 000,016,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/26 14:10:30 | 000,016,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/26 06:37:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/26 06:26:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2011/04/26 06:11:58 | 000,000,143 | ---- | M] () -- C:\fix.bat
[2011/04/26 05:44:05 | 000,017,267 | ---- | M] () -- C:\Users\DBY\AppData\Roaming\821A.E71
[2011/04/26 05:42:46 | 004,330,054 | R--- | M] () -- C:\ComboFix.exe
[2011/04/26 05:20:30 | 000,000,000 | ---- | M] () -- C:\HitmanPro35_x64.exe
[2011/04/26 05:02:30 | 004,931,577 | ---- | M] () -- C:\Windows\{00000001-00000000-00000008-00001102-00000004-20021102}.CDF
[2011/04/26 04:53:45 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\DBY\Desktop\TDSSKiller.exe
[2011/04/26 03:57:45 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/26 03:46:27 | 015,865,660 | ---- | M] () -- C:\Users\DBY\Desktop\The-Anxiety-of-Influence-A-Theory-of-Poetry-Harold-Bloom.pdf
[2011/04/25 21:06:43 | 002,349,846 | ---- | M] () -- C:\Users\DBY\Desktop\mythologies.rar
[2011/04/20 01:24:19 | 000,000,679 | ---- | M] () -- C:\Users\DBY\Desktop\Dropbox.lnk
[2011/04/19 00:05:36 | 000,086,601 | ---- | M] () -- C:\Users\DBY\Desktop\Camus - Create Dangerously.pdf
[2011/04/19 00:03:15 | 000,723,657 | ---- | M] () -- C:\Users\DBY\Desktop\Butler, Judith - Performativitys Social Magic.pdf
[2011/04/19 00:02:47 | 005,561,123 | ---- | M] () -- C:\Users\DBY\Desktop\Butler, Judith - Excitable Speech.pdf
[2011/04/18 23:57:35 | 000,556,694 | ---- | M] () -- C:\Users\DBY\Desktop\Brook, Peter - The Empty Space.pdf
[2011/04/18 18:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 18:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/04/18 18:25:00 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/04/18 18:18:01 | 000,287,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/04/18 18:17:59 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/04/18 18:16:23 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/04/18 18:13:24 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/04/18 18:13:13 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/04/18 18:13:01 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/04/08 22:54:53 | 000,266,336 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/04/08 22:54:14 | 000,002,515 | ---- | M] () -- C:\Users\DBY\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/08 16:31:30 | 001,634,720 | ---- | M] () -- C:\Users\DBY\Desktop\Prisms - Theodor Adorno.zip
[2011/04/06 16:26:58 | 000,237,856 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/04/06 16:26:58 | 000,119,584 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/04/06 16:26:58 | 000,096,544 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/04/06 16:26:58 | 000,069,408 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[2011/04/04 18:41:00 | 001,283,584 | ---- | M] () -- C:\Users\DBY\Desktop\OKIB2200B2400x64GB_tcm3-33107.exe
[2011/03/15 03:19:11 | 000,000,208 | ---- | M] () -- C:\Users\DBY\AppData\Roaming\default.rss
[2011/03/15 02:34:31 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/02/18 16:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[6 C:\Users\DBY\Desktop\*.tmp files -> C:\Users\DBY\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/09 20:48:24 | 000,000,512 | ---- | C] () -- C:\Users\DBY\Desktop\MBR.dat
[2011/05/09 20:41:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/09 17:22:39 | 000,003,421 | ---- | C] () -- C:\Users\DBY\Desktop\Zero Sea' Fairyland V3.rar
[2011/05/08 17:42:18 | 122,149,458 | ---- | C] () -- C:\Users\DBY\Desktop\HRM 2nd.pdf
[2011/05/08 17:42:00 | 000,037,824 | ---- | C] () -- C:\Users\DBY\Desktop\[MONOVA.ORG] Human_Resource_Management_2nd_Edition_Steen_Noe_Hollenbeck_Barr.torrent
[2011/05/08 03:28:23 | 000,014,712 | ---- | C] () -- C:\Users\DBY\Desktop\J.G.++Ballard+-+The+Drowned+World+%28Unabridged%29.torrent
[2011/05/08 00:49:33 | 005,689,024 | ---- | C] () -- C:\Users\DBY\Desktop\fwdchekhovinhellphotos.zip
[2011/05/08 00:48:16 | 002,319,001 | ---- | C] () -- C:\Users\DBY\Desktop\fwdproductionimages.zip
[2011/05/07 20:59:22 | 000,002,533 | ---- | C] () -- C:\Users\Public\Desktop\Mini-FMRTE.lnk
[2011/05/07 04:27:37 | 010,542,592 | ---- | C] () -- C:\Users\DBY\Desktop\FMRTE - v4.3.0.msi
[2011/05/07 03:39:22 | 198,549,504 | ---- | C] () -- C:\Users\DBY\Desktop\fm2011v11.3.0_pc_patch.exe
[2011/05/06 02:52:21 | 000,013,366 | ---- | C] () -- C:\Users\DBY\Desktop\41FC6169BBEF1EC0E32A52429E7B8E74CA9CD28C.torrent
[2011/05/06 02:51:17 | 000,026,470 | ---- | C] () -- C:\Users\DBY\Desktop\Peter_Ackroyd_-_The_Mystery_Of_Charles_Dickens_(Simon_Callow).4599233.TPB.torrent
[2011/05/04 19:54:10 | 000,293,775 | ---- | C] () -- C:\Users\DBY\Desktop\gmer.zip
[2011/05/04 19:52:05 | 000,625,664 | ---- | C] () -- C:\Users\DBY\Desktop\dds (1).scr
[2011/05/04 13:54:12 | 000,302,080 | ---- | C] () -- C:\Users\DBY\Desktop\gmer.exe
[2011/05/04 05:23:46 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/05/04 05:18:07 | 2720,006,144 | ---- | C] () -- C:\Users\DBY\Desktop\rld-fb11.iso
[2011/05/01 22:25:34 | 000,178,962 | ---- | C] () -- C:\Users\DBY\Desktop\Testacular.zip
[2011/04/27 01:22:06 | 000,000,000 | ---- | C] () -- C:\Users\DBY\Desktop\HitmanPro35_x64.exe
[2011/04/26 16:54:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/04/26 16:07:34 | 000,000,168 | ---- | C] () -- C:\Users\DBY\defogger_reenable
[2011/04/26 06:17:06 | 000,095,744 | ---- | C] () -- C:\rku37300509.exe
[2011/04/26 06:11:58 | 000,000,143 | ---- | C] () -- C:\fix.bat
[2011/04/26 05:53:50 | 000,024,448 | ---- | C] () -- C:\Windows\SysWow64\drivers\rkhdrv40.sys
[2011/04/26 05:48:00 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/26 05:48:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/26 05:48:00 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/26 05:48:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/26 05:48:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/26 05:42:29 | 004,330,054 | R--- | C] () -- C:\ComboFix.exe
[2011/04/26 05:30:18 | 000,000,000 | ---- | C] () -- C:\HitmanPro35_x64.exe
[2011/04/26 03:57:45 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/26 03:46:06 | 015,865,660 | ---- | C] () -- C:\Users\DBY\Desktop\The-Anxiety-of-Influence-A-Theory-of-Poetry-Harold-Bloom.pdf
[2011/04/26 03:36:15 | 000,057,344 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2011/04/26 03:36:15 | 000,006,144 | ---- | C] () -- C:\Windows\SysNative\ff_acm.acm
[2011/04/26 03:33:45 | 000,017,267 | ---- | C] () -- C:\Users\DBY\AppData\Roaming\821A.E71
[2011/04/25 21:06:39 | 002,349,846 | ---- | C] () -- C:\Users\DBY\Desktop\mythologies.rar
[2011/04/20 01:24:19 | 000,000,679 | ---- | C] () -- C:\Users\DBY\Desktop\Dropbox.lnk
[2011/04/19 00:05:35 | 000,086,601 | ---- | C] () -- C:\Users\DBY\Desktop\Camus - Create Dangerously.pdf
[2011/04/19 00:03:14 | 000,723,657 | ---- | C] () -- C:\Users\DBY\Desktop\Butler, Judith - Performativitys Social Magic.pdf
[2011/04/19 00:02:40 | 005,561,123 | ---- | C] () -- C:\Users\DBY\Desktop\Butler, Judith - Excitable Speech.pdf
[2011/04/18 23:57:51 | 000,949,725 | ---- | C] () -- C:\Users\DBY\Desktop\Boal, Augusto - Theatre of the Oppressed.pdf
[2011/04/18 23:57:34 | 000,556,694 | ---- | C] () -- C:\Users\DBY\Desktop\Brook, Peter - The Empty Space.pdf
[2011/04/08 22:54:14 | 000,002,515 | ---- | C] () -- C:\Users\DBY\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/08 22:54:14 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/04/08 16:31:29 | 001,634,720 | ---- | C] () -- C:\Users\DBY\Desktop\Prisms - Theodor Adorno.zip
[2011/04/04 18:40:58 | 001,283,584 | ---- | C] () -- C:\Users\DBY\Desktop\OKIB2200B2400x64GB_tcm3-33107.exe
[2011/01/13 16:31:06 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/01/13 16:31:06 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/10/04 08:30:22 | 000,000,128 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2010/09/24 18:48:03 | 000,266,336 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/13 00:35:34 | 000,000,258 | -H-- | C] () -- C:\ProgramData\tmaster8.net
[2010/08/21 15:32:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/02 20:52:23 | 000,803,646 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/29 15:52:38 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010/06/23 03:22:14 | 000,000,208 | ---- | C] () -- C:\Users\DBY\AppData\Roaming\default.rss
[2010/06/23 02:56:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/06/23 01:47:10 | 000,000,329 | ---- | C] () -- C:\Windows\pdf2word.INI
[2010/06/23 01:33:52 | 000,000,164 | ---- | C] () -- C:\Windows\SysWow64\psconv.ini
[2010/06/20 00:11:38 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/06/19 17:55:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/06/19 17:55:24 | 000,021,930 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/29 01:00:36 | 012,824,576 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/03/18 19:59:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2010/03/18 19:17:50 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe
[2010/03/18 19:07:54 | 000,386,852 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/03/18 19:07:54 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/03/18 18:59:56 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2010/03/18 18:59:56 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2010/03/18 18:59:54 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009/07/27 11:13:28 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\ASDR.exe
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 15:10:56 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 21:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/12/05 21:56:12 | 000,006,516 | ---- | C] () -- C:\Windows\xbox360cemu.ini
[2008/09/01 01:18:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\xinput9_1_0.dll
[2008/09/01 01:18:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\xinput1_3.dll
[2008/09/01 01:18:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\xinput1_2.dll
[2008/09/01 01:18:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\xinput1_1.dll
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll

========== LOP Check ==========

[2010/10/28 02:45:24 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Acapela Group
[2010/07/27 19:58:06 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\acccore
[2011/02/08 03:13:25 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Aleo Software
[2010/07/22 12:58:49 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\DAEMON Tools Lite
[2011/05/09 20:41:54 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Dropbox
[2011/05/09 20:40:38 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\foobar2000
[2010/12/21 00:03:57 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\FreeAudioPack
[2011/04/26 03:36:09 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\GetRightToGo
[2011/04/26 03:36:49 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\iPhone Tool Kits
[2010/10/04 07:00:39 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Leadertech
[2010/08/15 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\nHancer
[2010/11/10 20:28:24 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Notepad++
[2010/06/22 04:34:06 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\PACE Anti-Piracy
[2011/05/04 05:45:42 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Sports Interactive
[2011/05/09 18:35:36 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Spotify
[2010/06/20 00:14:26 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/19 19:23:22 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\StreamTorrent
[2010/10/02 16:28:11 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\TeamViewer
[2010/08/15 23:37:55 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\The Creative Assembly
[2010/07/20 00:03:00 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/09/13 00:42:51 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\TypingMaster7
[2011/05/09 20:42:17 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\uTorrent
[2010/10/28 02:45:25 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Xtranormal
[2010/08/28 11:47:03 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/27 06:26:32 | 000,000,000 | ---- | M] () -- C:\2010-08-27 at 06
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/29 09:18:01 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/04/26 05:42:46 | 004,330,054 | R--- | M] () -- C:\ComboFix.exe
[2011/04/26 14:56:53 | 000,023,048 | ---- | M] () -- C:\ComboFix.txt
[2011/04/26 06:11:58 | 000,000,143 | ---- | M] () -- C:\fix.bat
[2011/05/04 19:19:46 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/26 06:26:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2011/04/26 06:27:27 | 000,012,470 | ---- | M] () -- C:\hijackthis.log
[2011/04/26 05:20:30 | 000,000,000 | ---- | M] () -- C:\HitmanPro35_x64.exe
[2010/07/27 19:56:27 | 000,000,348 | -H-- | M] () -- C:\IPH.PH
[2011/05/04 19:19:50 | 4294,107,136 | -HS- | M] () -- C:\pagefile.sys
[2010/08/15 20:23:49 | 000,004,209 | ---- | M] () -- C:\pcwdbg.log
[2007/10/04 10:44:02 | 000,095,744 | ---- | M] () -- C:\rku37300509.exe
[2011/04/26 04:55:42 | 000,068,454 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_04.54.34_log.txt
[2011/04/26 05:10:00 | 000,069,064 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_05.08.38_log.txt
[2011/04/26 05:12:46 | 000,067,554 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_05.11.54_log.txt
[2011/04/26 05:36:10 | 000,067,554 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_05.35.44_log.txt
[2011/04/26 14:25:47 | 000,067,554 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_14.13.41_log.txt

< %USERPROFILE%\*.* >
[2011/05/04 19:57:40 | 000,000,168 | ---- | M] () -- C:\Users\DBY\defogger_reenable
[2011/05/09 20:50:50 | 003,145,728 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT
[2011/05/09 20:50:50 | 000,262,144 | -HS- | M] () -- C:\Users\DBY\ntuser.dat.LOG1
[2010/03/29 00:30:47 | 000,000,000 | -HS- | M] () -- C:\Users\DBY\ntuser.dat.LOG2
[2010/03/29 01:39:49 | 000,065,536 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/03/29 01:39:49 | 000,524,288 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/03/29 01:39:49 | 000,524,288 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/09/15 18:37:32 | 000,065,536 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT{11a22567-c0ef-11df-a707-485b39c9e8ab}.TM.blf
[2010/09/15 18:37:32 | 000,524,288 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT{11a22567-c0ef-11df-a707-485b39c9e8ab}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 18:37:32 | 000,524,288 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT{11a22567-c0ef-11df-a707-485b39c9e8ab}.TMContainer00000000000000000002.regtrans-ms
[2010/03/29 00:30:47 | 000,000,020 | -HS- | M] () -- C:\Users\DBY\ntuser.ini

< %USERPROFILE%\Application Data\*.* >

< %USERPROFILE%\Local Settings\Application Data\*.* >

< %AllUsersProfile%\*.* >
[2010/10/04 08:47:58 | 000,000,128 | ---- | M] () -- C:\ProgramData\sandra.ldb
[2010/06/02 01:06:02 | 012,824,576 | ---- | M] () -- C:\ProgramData\sandra.mda
[2010/09/13 00:35:34 | 000,000,258 | -H-- | M] () -- C:\ProgramData\tmaster8.net
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

< %AllUsersProfile%\Application Data\*.* >

< %USERPROFILE%\AppData\*.* >

< %USERPROFILE%\My Documents\*.* >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/04/26 16:28:37 | 000,024,448 | ---- | M] () -- C:\Windows\SysWOW64\drivers\rkhdrv40.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >


< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/14 02:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\drivers\volsnap.sys
[2009/07/14 02:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/14 02:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 2583344 bytes -> C:\2010-08-27 at 06:26 AM 4.anf
@Alternate Data Stream - 1223 bytes -> C:\Program Files\Common Files\System:RlplChvVWoTKpUEwCUCIIGTIu5u
@Alternate Data Stream - 1203 bytes -> C:\Program Files\Common Files\System:elcCoXc4WAa5KXECvBnLUsHhQX
@Alternate Data Stream - 1154 bytes -> C:\Users\DBY\AppData\Local:c32WDoCJfYDEwsFQHC4ln4
@Alternate Data Stream - 1150 bytes -> C:\ProgramData\Microsoft:3bEWFxq4JBxd6MBhIgcU
@Alternate Data Stream - 1116 bytes -> C:\Users\DBY\AppData\Local\dIogSFu8v:3PyI20VIG3ljvexhNWSwLVQwUaMF
@Alternate Data Stream - 1044724 bytes -> C:\2010-08-27 at 06:26 AM 2.anf
@Alternate Data Stream - 1017 bytes -> C:\ProgramData\Microsoft:6iZGIYlqhrEyAGwvWnJl

< End of report >


-----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 09/05/2011 20:49:58 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\DBY\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
8.00 Gb Paging File | 4.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 153.38 Gb Total Space | 19.28 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 298.08 Gb Total Space | 12.64 Gb Free Space | 4.24% Space Free | Partition Type: NTFS
Drive F: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 1008.67 Mb Total Space | 604.86 Mb Free Space | 59.97% Space Free | Partition Type: FAT
Drive H: | 931.28 Gb Total Space | 165.01 Gb Free Space | 17.72% Space Free | Partition Type: FAT32
Drive R: | 232.88 Gb Total Space | 121.06 Gb Free Space | 51.98% Space Free | Partition Type: NTFS

Computer Name: DBY-PC | User Name: DBY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.DBY] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A9B8BE97-CE22-465F-AEFE-66AFC05F4FAB}" = nHancer
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP2
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1696C54E-599A-4BA2-9941-BB70C4727887}" = Xtranormal State - Voicepack-English-UK-Daniel
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}" = FMRTE
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{316B3C3F-6B5A-DBC3-1398-FBE614ECCAA7}" = TweetDeck
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{467A3BF8-4C87-4E68-835C-CE5318C157C2}" = Xtranormal State - Voicepack-English-US-Tom
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7c7bbb68-6f86-4931-a713-1d9a713007c7}" = Nero 9 Trial
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7EC9E7A1-A576-43C8-9CBB-31BD5625EBCA}" = FOX LiveUpdate
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838A22DF-81CA-4452-9BDD-A1745224D960}" = Xtranormal State - Voicepack-English-UK-Serena
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EC4F64D-92E4-4274-9495-4C887D49DEC3}" = Xtranormal State
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{912536C4-273C-416F-B42C-BBC5B72114D7}" = Xtranormal State - Voicepack-English-US-Samantha
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}" = Splashtop Remote
"{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}" = Add or Remove Adobe Premiere Pro CS5
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C314F7-928B-44E3-A8A3-169648B1077D}" = Xtranormal State - SoundPack-Starter Kit
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D28CB048-A0AB-4F98-909F-69F3F25AA87D}" = Xtranormal State - Showpak-Playgoz-Preview
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F78E43E9-79D6-4E53-A06E-C0DEB417FF89}" = FMRTE
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Afterburner" = MSI Afterburner 1.6.1
"Air Video Server" = Air Video Server 2.4.3
"Aleo Flash Intro Banner Maker_is1" = Aleo Flash Intro Banner Maker 3.0
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Console
"avast" = avast! Free Antivirus
"AVS Audio Converter 6.3_is1" = AVS Audio Converter version 6.3
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Bannershop GIF Animator" = Selteco Bannershop GIF Animator
"Belarc Advisor" = Belarc Advisor 8.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DAEMON Tools Lite" = DAEMON Tools Lite
"Direct WAV MP3 Splitter_is1" = Direct WAV MP3 Splitter version 2.7.0.24
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FeedDemon_is1" = FeedDemon
"FM Genie Scout 11_is1" = FM Genie Scout 11 version 1.00
"foobar2000" = foobar2000 v1.0.3
"Football Manager 2011" = Football Manager 2011
"Fraps" = Fraps
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallShield_{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}" = Splashtop Remote
"kBilling" = kBilling
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Little Registry Cleaner" = Little Registry Cleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"nHancer" = nHancer
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PC Wizard 2010_is1" = PC Wizard 2010.1.94
"Precision" = EVGA Precision 1.9.6
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Screenshot Pilot (full)_is1" = Screenshot Pilot version 1.46.01
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.2.9
"Soulseek2" = SoulSeek 157 NS 13e
"SpeedFan" = SpeedFan (remove only)
"Spotify" = Spotify
"Steam App 20540" = Company of Heroes: Tales of Valor
"StreamTorrent 1.0" = StreamTorrent 1.0
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"uTorrent" = µTorrent
"Vector Magic" = Vector Magic
"Veetle TV" = Veetle TV 0.9.18
"VeryPDF PDF2Word v3.0_is1" = VeryPDF PDF2Word v3.0
"VLC media player" = VLC media player 1.0.5
"XtremeTuner" = XtremeTuner

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 09 May 2011 - 03:56 PM

Hi EXEUNT,



No problems about the delay. I wanted to make sure you are still with me. :)



We need to run an OTL Fix



  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56525
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 56525
    FF - prefs.js..network.proxy.type: 1
    O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - No CLSID value found.
    O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No CLSID value found.
    [2011/04/26 05:44:05 | 000,017,267 | ---- | M] () -- C:\Users\DBY\AppData\Roaming\821A.E71
    @Alternate Data Stream - 2583344 bytes -> C:\2010-08-27 at 06:26 AM 4.anf
    @Alternate Data Stream - 1223 bytes -> C:\Program Files\Common Files\System:RlplChvVWoTKpUEwCUCIIGTIu5u
    @Alternate Data Stream - 1203 bytes -> C:\Program Files\Common Files\System:elcCoXc4WAa5KXECvBnLUsHhQX
    @Alternate Data Stream - 1154 bytes -> C:\Users\DBY\AppData\Local:c32WDoCJfYDEwsFQHC4ln4
    @Alternate Data Stream - 1150 bytes -> C:\ProgramData\Microsoft:3bEWFxq4JBxd6MBhIgcU
    @Alternate Data Stream - 1116 bytes -> C:\Users\DBY\AppData\Local\dIogSFu8v:3PyI20VIG3ljvexhNWSwLVQwUaMF
    @Alternate Data Stream - 1044724 bytes -> C:\2010-08-27 at 06:26 AM 2.anf
    @Alternate Data Stream - 1017 bytes -> C:\ProgramData\Microsoft:6iZGIYlqhrEyAGwvWnJl
    :commands
    [reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.



I'd like us to scan your machine with ESET OnlineScan



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image



Regards,
Georgi

cXfZ4wS.png


#8 EXEUNT

EXEUNT
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 09 May 2011 - 05:51 PM

Hi Georgi,

Thanks for the quick reply. A bit of a problem with these two.

OTL seemed to run fine, but after reboot it didn't start - consequently no log file. Nothing on the desktop, and I tried twice just in case.

ESET just goes straight to its final stage, reporting it's scanned zero files with a total scan time of 00:00:00 (screengrab attached). I've tried with both native IE and Chrome. It does report that Windows Defender might be comprising the scan, but I've stopped the WinDefend service and confirmed it's stopped with Task Manager, so I don't know why it continues to tell me that.

Any ideas?

John.

Attached Files


Edited by EXEUNT, 09 May 2011 - 05:52 PM.


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 10 May 2011 - 12:59 AM

Hi EXEUNT,


Please navigate to the C:\_OTL\MovedFiles folder, and open each of the logs present.

Copy/paste the content of the logs back here in your next post.



Let's try a different scanner.



Click here to download Kaspersky Virus Removal Tool.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.


Note: This tool will self uninstall when you close it so please save the log before closing it.



Regards,
Georgi

cXfZ4wS.png


#10 EXEUNT

EXEUNT
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 11 May 2011 - 01:06 PM

Hi Georgi, here are the requested logs; two OTL and one Kaspersky.


========== OTL ==========
HKU\S-1-5-21-682687048-1201014716-1814729331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 56525 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{074C1DC5-9320-4A9A-947D-C042949C6216}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}\ deleted successfully.
C:\Users\DBY\AppData\Roaming\821A.E71 moved successfully.
ADS C:\2010-08-27 at 06:26 AM 4.anf deleted successfully.
ADS C:\Program Files\Common Files\System:RlplChvVWoTKpUEwCUCIIGTIu5u deleted successfully.
ADS C:\Program Files\Common Files\System:elcCoXc4WAa5KXECvBnLUsHhQX deleted successfully.
ADS C:\Users\DBY\AppData\Local:c32WDoCJfYDEwsFQHC4ln4 deleted successfully.
ADS C:\ProgramData\Microsoft:3bEWFxq4JBxd6MBhIgcU deleted successfully.
ADS C:\Users\DBY\AppData\Local\dIogSFu8v:3PyI20VIG3ljvexhNWSwLVQwUaMF deleted successfully.
ADS C:\2010-08-27 at 06:26 AM 2.anf deleted successfully.
ADS C:\ProgramData\Microsoft:6iZGIYlqhrEyAGwvWnJl deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 05092011_225848

-------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------


========== OTL ==========
HKU\S-1-5-21-682687048-1201014716-1814729331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 56525 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{074C1DC5-9320-4A9A-947D-C042949C6216}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}\ not found.
File C:\Users\DBY\AppData\Roaming\821A.E71 not found.
Unable to delete ADS C:\2010-08-27 at 06:26 AM 4.anf .
Unable to delete ADS C:\Program Files\Common Files\System:RlplChvVWoTKpUEwCUCIIGTIu5u .
Unable to delete ADS C:\Program Files\Common Files\System:elcCoXc4WAa5KXECvBnLUsHhQX .
Unable to delete ADS C:\Users\DBY\AppData\Local:c32WDoCJfYDEwsFQHC4ln4 .
Unable to delete ADS C:\ProgramData\Microsoft:3bEWFxq4JBxd6MBhIgcU .
Unable to delete ADS C:\Users\DBY\AppData\Local\dIogSFu8v:3PyI20VIG3ljvexhNWSwLVQwUaMF .
Unable to delete ADS C:\2010-08-27 at 06:26 AM 2.anf .
Unable to delete ADS C:\ProgramData\Microsoft:6iZGIYlqhrEyAGwvWnJl .
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 05092011_230730


-------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------

Autoscan: completed 11 hours ago (events: 4, objects: 1912813, time: 10:14:04)
11/05/2011 05:03:42 Task completed
10/05/2011 23:14:16 Untreated: Packed.Win32.Krap.hc E:\System Volume Information\_restore{B249A3F0-79B1-45C8-A5FB-B5E047E3525F}\RP489\A0130233.dll Cannot be disinfected
10/05/2011 23:14:16 Detected: Packed.Win32.Krap.hc E:\System Volume Information\_restore{B249A3F0-79B1-45C8-A5FB-B5E047E3525F}\RP489\A0130233.dll
10/05/2011 18:49:38 Task started

#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 11 May 2011 - 04:09 PM

Hi EXEUNT,



That file is in your system restore cache. We will empty that later.





P2P software Warning !!



Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent and StreamTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."



Also, please take a look here:



How cyber criminals infect victims via P2P with pirated software





Registry Editor / Cleaner Warning !!



The following is referring to CCleaner.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools


Please do NOT use the "Registry" button in the left pane if you don’t know how to use it, you may cause irreparable damage to your system.





Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 25 .
  • Click the JDK 6 Update 25 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u25-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. (Java™ 6 Update 24)
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u25-windows-i586.exe and select "Run as an Administrator.")




Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader X to your PC's desktop.

* Uninstall Adobe Reader 9.3 via Start => Control Panel > Add/Remove Programs
* Install the new downloaded updated software.


Note: Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
Posted Image



Note: Adobe Reader X is a large program and if you prefer a smaller program you can get Foxit Reader 4 x instead.

Foxit Reader 4x offer 5 levels of security. Click Me for more information.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.





Your Mozilla Firefox is out of date!

You can download and install the latest version 4.0.1 from here if you want.
I would recommend you to do a backup of your existing profile using Mozbackup before you proceed with the update (just in case).





:step1:



Please update Malwarebytes and run a quick scan. After that please post back the log in your next reply.



:step2:



I want to be sure that nothing reappeared. Please perform the following scan:



We need to run an OTL Custom Scan



  • Please reopen Posted Image on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Under the Standard Registry box change it to All
    - Check the boxes beside LOP Check and Purity Check.
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Roaming\*.*
    %ProgramData%\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    userinit.exe
    explorer.exe
    volsnap.sys
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized



Regards,
Georgi

cXfZ4wS.png


#12 EXEUNT

EXEUNT
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 11 May 2011 - 10:40 PM

Hey Georgi, thanks for the housekeeping tips - duly noted.

Mbam came up clean which was nice. Only one OTL log produced this time (no sign of Extra.txt), hope it will suffice.

John

-------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6558

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/05/2011 00:11:50
mbam-log-2011-05-12 (00-11-50).txt

Scan type: Quick scan
Objects scanned: 167132
Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 12/05/2011 01:13:27 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\DBY\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 153.38 Gb Total Space | 19.06 Gb Free Space | 12.43% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 298.08 Gb Total Space | 12.64 Gb Free Space | 4.24% Space Free | Partition Type: NTFS
Drive F: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 1008.67 Mb Total Space | 604.86 Mb Free Space | 59.97% Space Free | Partition Type: FAT
Drive H: | 931.28 Gb Total Space | 165.01 Gb Free Space | 17.72% Space Free | Partition Type: FAT32
Drive R: | 232.88 Gb Total Space | 121.06 Gb Free Space | 51.98% Space Free | Partition Type: NTFS

Computer Name: DBY-PC | User Name: DBY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 20:43:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DBY\Desktop\OTL.exe
PRC - [2011/05/04 00:42:12 | 024,172,208 | ---- | M] (Dropbox, Inc.) -- C:\Users\DBY\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/25 13:57:56 | 001,771,336 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/04/25 13:57:42 | 002,190,152 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011/04/18 18:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/08 03:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2011/01/20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/09 20:43:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DBY\Desktop\OTL.exe
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/02 17:44:30 | 000,039,424 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- C:\Program Files\nHancer\nHancerService.exe -- (nHancer)
SRV:64bit: - [2009/08/10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\Sandra Lite 2010\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/25 13:57:56 | 001,771,336 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/03/08 03:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/01/13 16:32:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/07/29 15:48:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/04 05:23:48 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/04/18 18:13:13 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/06/21 23:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/19 19:14:50 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/03/18 20:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010/03/18 20:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010/03/18 20:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010/03/18 20:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/03/18 20:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/03/18 20:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/03/18 20:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/03/18 20:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/03/18 20:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/03/18 20:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2010/03/18 20:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2010/03/18 20:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2010/03/18 20:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2010/03/18 20:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2010/03/18 20:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2010/03/18 20:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2010/03/18 20:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandra Lite 2010\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009/07/30 10:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/04/26 16:28:37 | 000,024,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\rkhdrv40.sys -- (rkhdrv40)
DRV - [2010/08/16 00:56:20 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2007/06/13 06:50:26 | 000,017,808 | ---- | M] (Foxconn ® Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\FOXCONN\FOX LiveUpdate\FoxAwdWINFLASH64.sys -- (FoxAwdWINFLASH64)
DRV - [2007/02/07 19:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005/12/08 10:46:00 | 000,032,024 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\FOXCONN\FOX LiveUpdate\FXDrv64.sys -- (FXDrv32)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 3E F2 5E 05 19 CB 01 [binary data]
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/26 16:54:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/11 18:51:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/11 18:51:54 | 000,000,000 | ---D | M]

[2010/08/21 15:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DBY\AppData\Roaming\Mozilla\Extensions
[2010/08/21 15:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DBY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/12 00:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DBY\AppData\Roaming\Mozilla\Firefox\Profiles\moleeaxl.default\extensions
[2011/03/12 18:13:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DBY\AppData\Roaming\Mozilla\Firefox\Profiles\moleeaxl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/12 00:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/11 18:51:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/08/21 15:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/04 05:03:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/26 16:54:07 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/05/11 18:51:53 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2011/05/11 18:51:53 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/11 18:51:53 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2011/01/23 05:18:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2011/01/23 05:18:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/01/23 05:18:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/01/23 05:18:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/01/23 05:18:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/01/23 05:18:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/01/23 05:18:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/09/23 02:51:10 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/23 02:51:10 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/09/23 02:51:10 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/23 02:51:10 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/23 02:51:10 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/23 02:51:10 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/09/23 02:51:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/23 02:51:10 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/26 06:37:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-682687048-1201014716-1814729331-1001..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe ()
O4 - HKU\S-1-5-21-682687048-1201014716-1814729331-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-682687048-1201014716-1814729331-1001..\Run: [Google Update] C:\Users\DBY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-682687048-1201014716-1814729331-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\DBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DBY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682687048-1201014716-1814729331-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/26 06:12:27 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/06/16 18:53:05 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/16 13:57:50 | 000,000,154 | R--- | M] () - F:\autorun.cfg -- [ UDF ]
O32 - AutoRun File - [2010/10/05 15:53:16 | 000,214,344 | R--- | M] (Sports Interactive) - F:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/11 14:26:42 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/02/20 05:17:38 | 000,000,029 | -H-- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/14 16:57:52 | 000,000,766 | -H-- | M] () - H:\autorun.ico -- [ FAT32 ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - R:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^DBY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\DBY\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe_ID0EYTHM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Aim - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: CTHelper - hkey= - key= - C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\DBY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

========== Files/Folders - Created Within 90 Days ==========

[2011/05/12 00:39:13 | 000,000,000 | ---D | C] -- C:\Users\DBY\Desktop\LSE now
[2011/05/12 00:06:59 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Roaming\Foxit Software
[2011/05/12 00:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2011/05/12 00:02:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/12 00:00:22 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/05/12 00:00:22 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/05/12 00:00:22 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/05/12 00:00:22 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/05/12 00:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/10 18:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/05/09 23:22:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\DBY\Desktop\esetsmartinstaller_enu.exe
[2011/05/09 23:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/05/09 22:58:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/09 20:43:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\DBY\Desktop\OTL.exe
[2011/05/09 20:43:38 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\DBY\Desktop\aswMBR.exe
[2011/05/07 20:59:12 | 000,000,000 | ---D | C] -- C:\FMRTE
[2011/05/04 20:10:36 | 000,000,000 | ---D | C] -- C:\Users\DBY\Desktop\jailbreak
[2011/05/04 20:09:46 | 000,000,000 | ---D | C] -- C:\Users\DBY\Desktop\fm
[2011/05/04 10:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 11
[2011/05/04 10:04:57 | 000,000,000 | ---D | C] -- C:\FM Genie Scout 11
[2011/05/04 05:43:25 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Local\Sports Interactive
[2011/05/04 05:23:48 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/05/04 05:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/05/04 05:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/05/03 15:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2011/05/03 15:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
[2011/05/03 15:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop
[2011/05/03 15:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
[2011/05/01 22:25:47 | 000,000,000 | ---D | C] -- C:\Users\DBY\Desktop\Testacular - week 1
[2011/04/26 16:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/04/26 16:54:56 | 000,287,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/04/26 16:54:56 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/04/26 16:54:54 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/04/26 16:54:53 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/04/26 16:54:52 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/04/26 16:54:51 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/04/26 16:54:51 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/04/26 16:53:59 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/26 16:53:58 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/04/26 16:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/26 16:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/26 15:26:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/26 14:55:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/26 14:51:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/26 06:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/26 06:26:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HijackThis.exe
[2011/04/26 06:13:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/26 06:12:27 | 000,000,000 | ---D | C] -- C:\Autorun.inf
[2011/04/26 05:48:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/26 05:48:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/26 05:47:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/26 05:47:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/26 05:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/26 05:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/26 05:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/04/26 05:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/26 04:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/26 03:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/26 03:36:49 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Roaming\iPhone Tool Kits
[2011/04/26 03:36:15 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unicows.dll
[2011/04/26 03:36:15 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysNative\pthreadGC2.dll
[2011/04/26 03:36:14 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFC71.DLL
[2011/04/26 03:36:14 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVCP71.DLL
[2011/04/26 03:36:14 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVCR71.DLL
[2011/04/26 03:36:14 | 000,098,304 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\L3CODECX.AX
[2011/04/26 03:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Cucusoft
[2011/04/15 00:21:11 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Local\AirVideoServer
[2011/04/15 00:20:59 | 000,000,000 | ---D | C] -- C:\jexepackres
[2011/04/15 00:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Video Server
[2011/04/15 00:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AirVideoServer
[2011/04/08 22:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2011/04/08 22:51:49 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Roaming\GetRightToGo
[2011/04/06 16:26:58 | 000,237,856 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/04/06 16:26:58 | 000,119,584 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/04/06 16:26:58 | 000,096,544 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/04/06 16:26:58 | 000,069,408 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[2011/04/04 18:40:04 | 000,000,000 | ---D | C] -- C:\OkiDriver
[2011/04/04 15:53:20 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kBilling
[2011/04/04 15:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kBilling
[2011/04/04 15:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kBilling
[2011/03/27 02:04:39 | 000,000,000 | ---D | C] -- C:\Users\DBY\Desktop\John Betjeman
[2011/03/16 23:18:08 | 000,000,000 | ---D | C] -- C:\Users\DBY\Desktop\LSE
[2011/03/12 19:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/03/12 13:50:29 | 000,000,000 | ---D | C] -- C:\Users\DBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/11 17:12:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweetDeck
[2011/02/18 16:36:58 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2011/02/18 16:36:58 | 000,051,712 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2010/03/18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/03/18 18:59:50 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/05/12 01:13:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-682687048-1201014716-1814729331-1001UA.job
[2011/05/12 00:06:55 | 000,001,254 | ---- | M] () -- C:\Users\DBY\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/05/12 00:06:55 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011/05/12 00:00:10 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/05/12 00:00:10 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/05/12 00:00:10 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/05/12 00:00:10 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/05/11 23:49:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/11 23:49:21 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/11 23:48:14 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2011/05/11 23:48:14 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2011/05/11 23:48:14 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2011/05/11 23:48:14 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2011/05/11 23:48:14 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2011/05/11 23:21:48 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-682687048-1201014716-1814729331-1001Core.job
[2011/05/09 23:22:25 | 002,322,184 | ---- | M] (ESET) -- C:\Users\DBY\Desktop\esetsmartinstaller_enu.exe
[2011/05/09 23:06:30 | 000,001,009 | ---- | M] () -- C:\Users\DBY\Desktop\Dropbox.lnk
[2011/05/09 23:06:30 | 000,000,989 | ---- | M] () -- C:\Users\DBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/09 20:43:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DBY\Desktop\OTL.exe
[2011/05/09 20:43:39 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\DBY\Desktop\aswMBR.exe
[2011/05/09 20:41:25 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/04 19:57:40 | 000,000,168 | ---- | M] () -- C:\Users\DBY\defogger_reenable
[2011/05/04 19:25:12 | 000,818,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/04 19:25:12 | 000,694,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/04 19:25:12 | 000,132,608 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/04 19:20:52 | 005,459,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/04 05:23:48 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/05/01 22:25:34 | 000,178,962 | ---- | M] () -- C:\Users\DBY\Desktop\Testacular.zip
[2011/04/26 16:54:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/04/26 16:28:37 | 000,024,448 | ---- | M] () -- C:\Windows\SysWow64\drivers\rkhdrv40.sys
[2011/04/26 14:10:30 | 000,016,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/26 14:10:30 | 000,016,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/26 06:37:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/26 06:26:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2011/04/26 06:11:58 | 000,000,143 | ---- | M] () -- C:\fix.bat
[2011/04/26 05:42:46 | 004,330,054 | R--- | M] () -- C:\ComboFix.exe
[2011/04/26 05:20:30 | 000,000,000 | ---- | M] () -- C:\HitmanPro35_x64.exe
[2011/04/26 05:02:30 | 004,931,577 | ---- | M] () -- C:\Windows\{00000001-00000000-00000008-00001102-00000004-20021102}.CDF
[2011/04/26 03:46:27 | 015,865,660 | ---- | M] () -- C:\Users\DBY\Desktop\The-Anxiety-of-Influence-A-Theory-of-Poetry-Harold-Bloom.pdf
[2011/04/25 21:06:43 | 002,349,846 | ---- | M] () -- C:\Users\DBY\Desktop\mythologies.rar
[2011/04/19 00:05:36 | 000,086,601 | ---- | M] () -- C:\Users\DBY\Desktop\Camus - Create Dangerously.pdf
[2011/04/19 00:03:15 | 000,723,657 | ---- | M] () -- C:\Users\DBY\Desktop\Butler, Judith - Performativitys Social Magic.pdf
[2011/04/19 00:02:47 | 005,561,123 | ---- | M] () -- C:\Users\DBY\Desktop\Butler, Judith - Excitable Speech.pdf
[2011/04/18 23:57:35 | 000,556,694 | ---- | M] () -- C:\Users\DBY\Desktop\Brook, Peter - The Empty Space.pdf
[2011/04/18 18:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 18:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/04/18 18:25:00 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/04/18 18:18:01 | 000,287,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/04/18 18:17:59 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/04/18 18:16:23 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/04/18 18:13:24 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/04/18 18:13:13 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/04/18 18:13:01 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/04/08 22:54:53 | 000,266,336 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/04/08 22:54:14 | 000,002,515 | ---- | M] () -- C:\Users\DBY\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/08 16:31:30 | 001,634,720 | ---- | M] () -- C:\Users\DBY\Desktop\Prisms - Theodor Adorno.zip
[2011/04/06 16:26:58 | 000,237,856 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/04/06 16:26:58 | 000,119,584 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/04/06 16:26:58 | 000,096,544 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/04/06 16:26:58 | 000,069,408 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[2011/04/04 18:41:00 | 001,283,584 | ---- | M] () -- C:\Users\DBY\Desktop\OKIB2200B2400x64GB_tcm3-33107.exe
[2011/03/15 03:19:11 | 000,000,208 | ---- | M] () -- C:\Users\DBY\AppData\Roaming\default.rss
[2011/03/15 02:34:31 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/02/18 16:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/12 00:06:55 | 000,001,254 | ---- | C] () -- C:\Users\DBY\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/05/12 00:06:55 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011/05/09 20:41:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/04 05:18:07 | 2720,006,144 | ---- | C] () -- C:\Users\DBY\Desktop\rld-fb11.iso
[2011/05/01 22:25:34 | 000,178,962 | ---- | C] () -- C:\Users\DBY\Desktop\Testacular.zip
[2011/04/26 16:54:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/04/26 16:07:34 | 000,000,168 | ---- | C] () -- C:\Users\DBY\defogger_reenable
[2011/04/26 06:17:06 | 000,095,744 | ---- | C] () -- C:\rku37300509.exe
[2011/04/26 06:11:58 | 000,000,143 | ---- | C] () -- C:\fix.bat
[2011/04/26 05:53:50 | 000,024,448 | ---- | C] () -- C:\Windows\SysWow64\drivers\rkhdrv40.sys
[2011/04/26 05:48:00 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/26 05:48:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/26 05:48:00 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/26 05:48:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/26 05:48:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/26 05:42:29 | 004,330,054 | R--- | C] () -- C:\ComboFix.exe
[2011/04/26 05:30:18 | 000,000,000 | ---- | C] () -- C:\HitmanPro35_x64.exe
[2011/04/26 03:46:06 | 015,865,660 | ---- | C] () -- C:\Users\DBY\Desktop\The-Anxiety-of-Influence-A-Theory-of-Poetry-Harold-Bloom.pdf
[2011/04/26 03:36:15 | 000,057,344 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2011/04/26 03:36:15 | 000,006,144 | ---- | C] () -- C:\Windows\SysNative\ff_acm.acm
[2011/04/25 21:06:39 | 002,349,846 | ---- | C] () -- C:\Users\DBY\Desktop\mythologies.rar
[2011/04/20 01:24:19 | 000,001,009 | ---- | C] () -- C:\Users\DBY\Desktop\Dropbox.lnk
[2011/04/19 00:05:35 | 000,086,601 | ---- | C] () -- C:\Users\DBY\Desktop\Camus - Create Dangerously.pdf
[2011/04/19 00:03:14 | 000,723,657 | ---- | C] () -- C:\Users\DBY\Desktop\Butler, Judith - Performativitys Social Magic.pdf
[2011/04/19 00:02:40 | 005,561,123 | ---- | C] () -- C:\Users\DBY\Desktop\Butler, Judith - Excitable Speech.pdf
[2011/04/18 23:57:51 | 000,949,725 | ---- | C] () -- C:\Users\DBY\Desktop\Boal, Augusto - Theatre of the Oppressed.pdf
[2011/04/18 23:57:34 | 000,556,694 | ---- | C] () -- C:\Users\DBY\Desktop\Brook, Peter - The Empty Space.pdf
[2011/04/08 22:54:14 | 000,002,515 | ---- | C] () -- C:\Users\DBY\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/08 22:54:14 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/04/08 16:31:29 | 001,634,720 | ---- | C] () -- C:\Users\DBY\Desktop\Prisms - Theodor Adorno.zip
[2011/04/04 18:40:58 | 001,283,584 | ---- | C] () -- C:\Users\DBY\Desktop\OKIB2200B2400x64GB_tcm3-33107.exe
[2011/01/13 16:31:06 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/01/13 16:31:06 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/10/04 08:30:22 | 000,000,128 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2010/09/24 18:48:03 | 000,266,336 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/13 00:35:34 | 000,000,258 | -H-- | C] () -- C:\ProgramData\tmaster8.net
[2010/08/21 15:32:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/02 20:52:23 | 000,803,646 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/29 15:52:38 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010/06/23 03:22:14 | 000,000,208 | ---- | C] () -- C:\Users\DBY\AppData\Roaming\default.rss
[2010/06/23 02:56:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/06/23 01:47:10 | 000,000,329 | ---- | C] () -- C:\Windows\pdf2word.INI
[2010/06/23 01:33:52 | 000,000,164 | ---- | C] () -- C:\Windows\SysWow64\psconv.ini
[2010/06/20 00:11:38 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/06/19 17:55:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/06/19 17:55:24 | 000,021,930 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/29 01:00:36 | 012,824,576 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/03/18 19:59:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2010/03/18 19:17:50 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe
[2010/03/18 19:07:54 | 000,386,852 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/03/18 19:07:54 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/03/18 18:59:56 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2010/03/18 18:59:56 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2010/03/18 18:59:54 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009/07/27 11:13:28 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\ASDR.exe
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 15:10:56 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 21:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/12/05 21:56:12 | 000,006,516 | ---- | C] () -- C:\Windows\xbox360cemu.ini
[2008/09/01 01:18:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\xinput9_1_0.dll
[2008/09/01 01:18:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\xinput1_3.dll
[2008/09/01 01:18:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\xinput1_2.dll
[2008/09/01 01:18:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\xinput1_1.dll
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll

========== LOP Check ==========

[2010/10/28 02:45:24 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Acapela Group
[2010/07/27 19:58:06 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\acccore
[2011/02/08 03:13:25 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Aleo Software
[2010/07/22 12:58:49 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\DAEMON Tools Lite
[2011/05/11 23:50:42 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Dropbox
[2011/05/09 20:40:38 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\foobar2000
[2011/05/12 00:06:59 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Foxit Software
[2010/12/21 00:03:57 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\FreeAudioPack
[2011/04/26 03:36:09 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\GetRightToGo
[2011/04/26 03:36:49 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\iPhone Tool Kits
[2010/10/04 07:00:39 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Leadertech
[2010/08/15 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\nHancer
[2010/11/10 20:28:24 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Notepad++
[2010/06/22 04:34:06 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\PACE Anti-Piracy
[2011/05/04 05:45:42 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Sports Interactive
[2011/05/11 18:57:26 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Spotify
[2010/06/20 00:14:26 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/19 19:23:22 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\StreamTorrent
[2010/10/02 16:28:11 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\TeamViewer
[2010/08/15 23:37:55 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\The Creative Assembly
[2010/07/20 00:03:00 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/09/13 00:42:51 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\TypingMaster7
[2011/05/09 20:42:17 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\uTorrent
[2010/10/28 02:45:25 | 000,000,000 | ---D | M] -- C:\Users\DBY\AppData\Roaming\Xtranormal
[2010/08/28 11:47:03 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/27 06:26:32 | 000,000,000 | ---- | M] () -- C:\2010-08-27 at 06
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/29 09:18:01 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/04/26 05:42:46 | 004,330,054 | R--- | M] () -- C:\ComboFix.exe
[2011/04/26 14:56:53 | 000,023,048 | ---- | M] () -- C:\ComboFix.txt
[2011/04/26 06:11:58 | 000,000,143 | ---- | M] () -- C:\fix.bat
[2011/05/11 23:49:21 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/26 06:26:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2011/04/26 06:27:27 | 000,012,470 | ---- | M] () -- C:\hijackthis.log
[2011/04/26 05:20:30 | 000,000,000 | ---- | M] () -- C:\HitmanPro35_x64.exe
[2010/07/27 19:56:27 | 000,000,348 | -H-- | M] () -- C:\IPH.PH
[2011/05/11 23:49:24 | 4294,107,136 | -HS- | M] () -- C:\pagefile.sys
[2010/08/15 20:23:49 | 000,004,209 | ---- | M] () -- C:\pcwdbg.log
[2007/10/04 10:44:02 | 000,095,744 | ---- | M] () -- C:\rku37300509.exe
[2011/04/26 04:55:42 | 000,068,454 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_04.54.34_log.txt
[2011/04/26 05:10:00 | 000,069,064 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_05.08.38_log.txt
[2011/04/26 05:12:46 | 000,067,554 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_05.11.54_log.txt
[2011/04/26 05:36:10 | 000,067,554 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_05.35.44_log.txt
[2011/04/26 14:25:47 | 000,067,554 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_14.13.41_log.txt

< %USERPROFILE%\*.* >
[2011/05/04 19:57:40 | 000,000,168 | ---- | M] () -- C:\Users\DBY\defogger_reenable
[2011/05/12 01:14:26 | 003,145,728 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT
[2011/05/12 01:14:26 | 000,262,144 | -HS- | M] () -- C:\Users\DBY\ntuser.dat.LOG1
[2010/03/29 00:30:47 | 000,000,000 | -HS- | M] () -- C:\Users\DBY\ntuser.dat.LOG2
[2010/03/29 01:39:49 | 000,065,536 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/03/29 01:39:49 | 000,524,288 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/03/29 01:39:49 | 000,524,288 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/09/15 18:37:32 | 000,065,536 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT{11a22567-c0ef-11df-a707-485b39c9e8ab}.TM.blf
[2010/09/15 18:37:32 | 000,524,288 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT{11a22567-c0ef-11df-a707-485b39c9e8ab}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 18:37:32 | 000,524,288 | -HS- | M] () -- C:\Users\DBY\NTUSER.DAT{11a22567-c0ef-11df-a707-485b39c9e8ab}.TMContainer00000000000000000002.regtrans-ms
[2010/03/29 00:30:47 | 000,000,020 | -HS- | M] () -- C:\Users\DBY\ntuser.ini

< %USERPROFILE%\AppData\Local\*.* >
[2011/05/04 12:32:34 | 000,179,664 | ---- | M] () -- C:\Users\DBY\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/05/11 23:47:23 | 001,687,932 | -H-- | M] () -- C:\Users\DBY\AppData\Local\IconCache.db

< %USERPROFILE%\AppData\Roaming\*.* >
[2011/03/15 03:19:11 | 000,000,208 | ---- | M] () -- C:\Users\DBY\AppData\Roaming\default.rss

< %ProgramData%\*.* >
[2010/10/04 08:47:58 | 000,000,128 | ---- | M] () -- C:\ProgramData\sandra.ldb
[2010/06/02 01:06:02 | 012,824,576 | ---- | M] () -- C:\ProgramData\sandra.mda
[2010/09/13 00:35:34 | 000,000,258 | -H-- | M] () -- C:\ProgramData\tmaster8.net
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

< %CommonProgramFiles%\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/04/26 16:28:37 | 000,024,448 | ---- | M] () -- C:\Windows\SysWOW64\drivers\rkhdrv40.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >


< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/14 02:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\drivers\volsnap.sys
[2009/07/14 02:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/14 02:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

< End of report >

#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 12 May 2011 - 06:02 AM

Hi EXEUNT,



Nicely done ! :)
How are the things now ? Are there any problems left ?



I have some final words for you.



All Clean :thumbsup:



Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean :)



STEP 1 CLEANUP



1. Uninstall Combofix



  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
  • ComboFix /Uninstall



2. To remove all of the tools we used and the files and folders they created, please do the following:



Please reopen Posted Image on your desktop.

In the upper right click CleanUp

Posted Image

This will delete OTL and will clean up after it.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


You can uninstall now - ESET Online Scanner v3.





STEP 2 SECURITY ADVICES





Change all your passwords !



Since your computer was infected with an rootkit for peace of mind, I would however advise you that all your passwords be changed immediately !! (just in case).





Keep your antivirus software turned on and up-to-date


  • Make sure your antivirus software is turned on and up-to-date.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note:
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.




Practice Safe Internet



One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:


  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.

  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.

  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.

  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:

    Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites

  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.

  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.

  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.

  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.

  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.

  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.




Don't use pirated software !!!



Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.

Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems.

So my advice is - stay away from them!





Create an image of your system



It is always a good idea to do a backup of all important files just in case something happens it.

Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.

The download link is here => http://www.macrium.com/reflectfree.asp

The tutorials can be found here => http://www.macrium.com/tutorial.asp

Be sure to read the tutorial first. :thumbup2:



Follow this list and your potential for being infected again will reduce dramatically.





STEP 3 IMPROVE YOUR PC PERFORMANCE



Use Disk Cleanup to delete files you no longer need and reclaim storage space on your computer.



Open Disk Cleanup by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Cleanup.

If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.

Click the Disk Cleanup tab, and then select the check boxes for the files you want to delete.

When you finish selecting the files you want to delete, click OK, and then click Delete files to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.





You can use Disk Defragmenter to rearrange files and unused space on your hard disk so that programs run faster



Please Open Disk Defragmenter by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Defragmenter

Select the drive you want to Defragment (the drive where Windows is installed).

Click Defragment Now.





Use MSConfig to disable any processes that you do not want running in the background of the computer.



Please type msconfig in the start menu, then hit enter.

Go to the startup tab and then uncheck any programs that you don't need to load with Windows.

Click the "Apply" button and click "OK" to close the MSCONFIG window.

Restart your computer to save the changes you made to the Startup.

You might have a popup window when you log on. This is typical. Just click ok. You can also make the popup window not come up anymore by checking the box there.

The programs you removed will no longer automatically launch once Windows starts up.



Safe Surfing ! :thumbup2:



Regards,
Georgi

cXfZ4wS.png


#14 EXEUNT

EXEUNT
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 12 May 2011 - 09:39 AM

Fantastic, no symptoms remaining as far as I can tell. Thank you so much for your time on this, extraordinary really. The spirit of whitehat lives on.

Thanks again Georgi

John.

#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:03 AM

Posted 12 May 2011 - 10:44 AM

Hi John,



You are more than welcome ! :)
Take care.



It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.



Regards,
Georgi

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users