Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Problem still unresolved


  • This topic is locked This topic is locked
11 replies to this topic

#1 Choo Yeung

Choo Yeung

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 29 April 2011 - 09:31 PM

Here's what has been done so far.

http://www.bleepingcomputer.com/forums/topic393856.html

Basically:

TDSS revealed nothing

MBAM found one file, removed it

Changed/Flushed/Restarted my DNS info, router, and even established new router passwords et al.

Google is still redirecting me (usually the URL appears briefly with 'goingonearth.com......') then it redirects to a random search page or anti-virus/ad ware site. My google search bar states that the Google Instant is not available.

No other major problems... just really annoying.

Here's the DDS Log.

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Choo Yeung at 22:23:04.39 on 29/04/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.6143.4201 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Users\Choo Yeung\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Choo Yeung\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Edit/Remove the Ravenwood Fair Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Edit/Remove the Ravenwood Fair Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
uRun: [Google Update] "C:\Users\Choo Yeung\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [SansaDispatch] C:\Users\Choo Yeung\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
mRun-x64: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
IE-X64: {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CHOOYE~1\AppData\Roaming\Mozilla\Firefox\Profiles\dbyxpcx5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Choo Yeung\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Choo Yeung\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Choo Yeung\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-31 273488]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-4 203776]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-31 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-31 62032]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-20 40384]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-6-5 315392]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-4 8283136]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-4 294400]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-31 215040]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-12-31 1196032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2011-4-13 13352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-31 30192]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-1-1 150528]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-04-30 02:08:04 -------- d-----w- C:\Users\CHOOYE~1\AppData\Local\Microsoft Games
2011-04-28 20:31:06 -------- d-----w- C:\Program Files (x86)\Gazillionaire III
2011-04-28 20:30:22 -------- d-----w- C:\PROGRA~3\Big Fish Games
2011-04-28 20:30:20 -------- d-----w- C:\Program Files (x86)\bfgclient
2011-04-28 20:29:15 -------- d-----w- C:\BigFishGamesCache
2011-04-27 15:06:31 -------- d-----w- C:\Users\CHOOYE~1\AppData\Local\{DA2754E8-5BF4-40A7-8656-9D86B6E34E26}
2011-04-26 19:26:04 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2011-04-26 18:43:28 -------- d-----w- C:\Program Files\CCleaner
2011-04-26 14:21:48 -------- d-----w- C:\Program Files (x86)\ESET
2011-04-26 14:06:19 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-04-26 14:05:42 -------- d-----w- C:\Users\CHOOYE~1\AppData\Local\Sunbelt Software
2011-04-26 14:04:59 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-04-25 17:16:45 -------- d-----w- C:\Users\CHOOYE~1\AppData\Roaming\Malwarebytes
2011-04-25 17:16:32 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-25 17:16:32 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-25 17:16:29 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-25 17:16:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-25 16:21:48 93184 --sha-r- C:\Windows\SysWow64\unimdmatd.dll
2011-04-24 20:33:35 -------- d-----w- C:\PROGRA~3\Trymedia
2011-04-22 13:50:53 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{EC4DA8B9-8908-4FB1-A05D-FD63FA510E34}\mpengine.dll
2011-04-21 02:00:00 -------- d-----w- C:\Program Files\iPod
2011-04-21 01:59:59 -------- d-----w- C:\Program Files\iTunes
2011-04-21 01:59:59 -------- d-----w- C:\Program Files (x86)\iTunes
2011-04-21 01:58:42 -------- d-----w- C:\Program Files\Bonjour
2011-04-21 01:58:42 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-04-13 23:13:05 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-13 23:13:05 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-04-13 23:13:04 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-04-13 23:13:03 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-04-13 12:06:11 27176 ----a-w- C:\Windows\System32\drivers\ggsemc.sys
2011-04-13 12:06:11 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2011-04-13 12:06:11 13352 ----a-w- C:\Windows\System32\drivers\ggflt.sys
2011-04-07 23:20:15 -------- d-----w- C:\PROGRA~3\Media Center Programs
2011-04-06 20:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 20:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 20:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 20:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 20:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
.
==================== Find3M ====================
.
2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-02-26 06:23:14 2870272 ----a-w- C:\Windows\explorer.exe
2011-02-26 05:33:07 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 21:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 21:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-18 06:33:50 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-02-18 05:33:29 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe
2011-02-03 02:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 22:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 22:23:56.34 ===============

Edited by Choo Yeung, 29 April 2011 - 09:32 PM.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:29 AM

Posted 06 May 2011 - 01:02 PM

Hi Choo Yeung, and welcome to Bleeping Computer.

Ok, let's dig deeper!..

Firstly,
Download aswMBR.exe ( 511KB ) to your Desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click Save Log, save it to your Desktop and post in your next reply.
Note: if anything is found, do not perform a fix yet!

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Choo Yeung

Choo Yeung
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 07 May 2011 - 07:56 PM

Hi snemelk,

Glad to see a response. Must be busy! Let's do this!

Here's the log from aswMBR:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-07 20:54:05
-----------------------------
20:54:05.402 OS Version: Windows x64 6.1.7600
20:54:05.402 Number of processors: 4 586 0x170A
20:54:05.402 ComputerName: CY-DESKTOP UserName: Choo Yeung
20:54:06.541 Initialize success
20:54:11.751 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:54:11.751 Disk 0 Vendor: WDC_WD5000AAKS-22V1A0 05.01D05 Size: 476940MB BusType: 3
20:54:11.751 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-6
20:54:11.751 Disk 1 Vendor: WDC_WD10EARS-00Y5B1 80.00A80 Size: 953869MB BusType: 3
20:54:11.751 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
20:54:11.751 Disk 2 Vendor: WDC_WD10EARS-00Y5B1 80.00A80 Size: 953869MB BusType: 3
20:54:13.795 Disk 0 MBR read successfully
20:54:13.795 Disk 0 MBR scan
20:54:13.795 Disk 0 Windows 7 default MBR code
20:54:13.795 Service scanning
20:54:15.168 Disk 0 trace - called modules:
20:54:15.168 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:54:15.168 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800626d060]
20:54:15.183 3 CLASSPNP.SYS[fffff880018b943f] -> nt!IofCallDriver -> [0xfffffa8005ff4520]
20:54:15.261 5 ACPI.sys[fffff88000e0b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8005fdc680]
20:54:15.261 Scan finished successfully
20:54:28.163 Disk 0 MBR has been saved successfully to "C:\Users\Choo Yeung\Desktop\MBR.dat"
20:54:28.163 The log file has been saved successfully to "C:\Users\Choo Yeung\Desktop\aswMBR.txt"

#4 Choo Yeung

Choo Yeung
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 07 May 2011 - 08:06 PM

Here is the OTL log:

OTL logfile created on: 07/05/2011 8:57:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Choo Yeung\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 126.02 Gb Free Space | 27.06% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 402.39 Gb Free Space | 43.20% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 356.27 Gb Free Space | 38.25% Space Free | Partition Type: NTFS

Computer Name: CY-DESKTOP | User Name: Choo Yeung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 20:54:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Choo Yeung\Desktop\OTL.exe
PRC - [2011/03/08 22:20:31 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Choo Yeung\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/02/28 16:15:30 | 000,427,008 | ---- | M] (Sony Ericsson) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011/01/13 04:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/02 20:38:38 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/12/13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010/03/06 05:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/06/05 13:12:44 | 000,315,392 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/06/04 16:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/06/03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/07 20:54:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Choo Yeung\Desktop\OTL.exe
MOD - [2011/01/20 20:52:00 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 21:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/01/04 22:57:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/12/13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/03 17:54:17 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011/04/11 17:29:30 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/01/02 20:38:38 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 21:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 21:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 21:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 13:12:44 | 000,315,392 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/13 08:06:11 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2011/04/13 08:06:11 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/13 04:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/01/07 17:03:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/01/06 20:37:02 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/01/04 23:37:14 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/01/04 23:37:14 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/04 22:19:38 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/21 18:14:24 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 21:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/07 23:24:58 | 001,196,032 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2011/04/29 19:06:51 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/29 09:17:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/24 08:02:39 | 000,000,000 | ---D | M]

[2011/02/10 13:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Choo Yeung\AppData\Roaming\Mozilla\Extensions
[2011/02/10 13:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Choo Yeung\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2011/03/23 08:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Choo Yeung\AppData\Roaming\Mozilla\Firefox\Profiles\dbyxpcx5.default\extensions
[2011/02/19 12:44:06 | 000,000,000 | ---D | M] (Edit/Remove the Ravenwood Fair Toolbar) -- C:\Users\Choo Yeung\AppData\Roaming\Mozilla\Firefox\Profiles\dbyxpcx5.default\extensions\toolbar@ask.com
[2011/03/24 08:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/01 09:58:58 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/31 18:00:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 22:12:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/29 09:17:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE (CANON INC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Choo Yeung\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: PDFill PDF Editor - {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 20:54:45 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Choo Yeung\Desktop\OTL.exe
[2011/05/07 20:53:47 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Choo Yeung\Desktop\aswMBR.exe
[2011/05/04 19:26:00 | 000,000,000 | ---D | C] -- C:\Users\Choo Yeung\AppData\Local\{A0AA98AB-32C9-435D-83ED-CCFD9552FBFD}
[2011/05/03 13:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Dennison
[2011/05/03 13:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avery Dennison
[2011/05/03 13:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avery
[2011/05/03 12:58:44 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.027
[2011/05/03 12:58:43 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.026
[2011/05/03 12:58:39 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.025
[2011/05/03 12:58:38 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.024
[2011/05/03 12:58:38 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.020
[2011/05/03 12:58:38 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.021
[2011/05/03 12:58:38 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.022
[2011/05/03 12:58:38 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.023
[2011/05/03 12:45:44 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01E
[2011/05/03 12:45:44 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01F
[2011/05/03 12:45:41 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01C
[2011/05/03 12:45:41 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.018
[2011/05/03 12:45:41 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01D
[2011/05/03 12:45:41 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.019
[2011/05/03 12:45:41 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01A
[2011/05/03 12:45:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01B
[2011/05/03 12:44:15 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.016
[2011/05/03 12:44:15 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.017
[2011/05/03 12:44:12 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.014
[2011/05/03 12:44:12 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.010
[2011/05/03 12:44:12 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.015
[2011/05/03 12:44:12 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.011
[2011/05/03 12:44:12 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.012
[2011/05/03 12:44:12 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.013
[2011/05/03 12:40:25 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.00E
[2011/05/03 12:40:25 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.00F
[2011/05/03 12:40:22 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.00C
[2011/05/03 12:40:22 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.008
[2011/05/03 12:40:22 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.00D
[2011/05/03 12:40:22 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.009
[2011/05/03 12:40:22 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.00A
[2011/05/03 12:40:22 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.00B
[2011/05/03 12:27:09 | 001,136,128 | ---- | C] (Smart Projects - Stomp Inc) -- C:\Windows\SysWow64\stmpcdtx.dll
[2011/05/03 12:27:09 | 000,929,844 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mfc42d.dll
[2011/05/03 12:27:09 | 000,798,773 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mfco42d.dll
[2011/05/03 12:27:09 | 000,516,173 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msvcp60d.dll
[2011/05/03 12:27:09 | 000,434,252 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msvcrtd.dll
[2011/05/03 12:27:09 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.006
[2011/05/03 12:27:09 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.007
[2011/05/03 12:27:09 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msflxgrd.ocx
[2011/05/03 12:27:09 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\SysWow64\Pcdlib32.dll
[2011/05/03 12:27:09 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll
[2011/05/03 12:27:08 | 001,040,384 | ---- | C] (Sub Systems, Inc. ) -- C:\Windows\SysWow64\Ter32.dll
[2011/05/03 12:27:07 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.004
[2011/05/03 12:27:07 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll
[2011/05/03 12:27:07 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.005
[2011/05/03 12:27:07 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002
[2011/05/03 12:27:07 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2011/05/03 12:27:07 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.003
[2011/05/03 12:27:06 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2011/05/03 12:27:06 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2011/05/03 12:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Click'N Design 3D (V5)
[2011/05/03 12:17:13 | 000,000,000 | ---D | C] -- C:\Users\Choo Yeung\AppData\Roaming\Avery
[2011/04/29 22:08:04 | 000,000,000 | ---D | C] -- C:\Users\Choo Yeung\AppData\Local\Microsoft Games
[2011/04/28 16:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gazillionaire III
[2011/04/28 16:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gazillionaire III
[2011/04/28 16:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011/04/28 16:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2011/04/28 16:29:15 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2011/04/28 09:19:50 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Choo Yeung\Desktop\mbam-setup.exe
[2011/04/27 21:41:34 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/27 21:41:34 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/27 21:41:33 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/27 21:41:33 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/27 21:41:22 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/27 21:41:22 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/27 21:41:21 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/27 21:41:21 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/27 21:41:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/27 21:41:21 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/27 21:41:21 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/27 21:41:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/27 21:41:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/27 11:06:31 | 000,000,000 | ---D | C] -- C:\Users\Choo Yeung\AppData\Local\{DA2754E8-5BF4-40A7-8656-9D86B6E34E26}
[2011/04/27 09:07:04 | 000,000,000 | ---D | C] -- C:\Users\Choo Yeung\Desktop\Adware Virus Removal
[2011/04/26 14:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/26 14:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/26 10:21:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/04/26 10:06:19 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/04/26 10:05:42 | 000,000,000 | ---D | C] -- C:\Users\Choo Yeung\AppData\Local\Sunbelt Software
[2011/04/26 10:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/04/26 10:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/04/26 10:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/04/25 13:16:45 | 000,000,000 | ---D | C] -- C:\Users\Choo Yeung\AppData\Roaming\Malwarebytes
[2011/04/25 13:16:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/25 13:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/25 13:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/25 13:16:29 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/25 13:16:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/24 16:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011/04/20 22:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/20 22:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/20 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/20 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/04/20 21:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/20 21:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/04/16 13:55:58 | 000,000,000 | ---D | C] -- C:\Users\Choo Yeung\Desktop\Firefly
[2011/04/13 19:13:05 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/13 19:13:05 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/13 19:13:04 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/13 19:13:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/13 19:13:04 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/13 19:12:57 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/13 19:12:57 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/13 19:12:56 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/13 19:12:56 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/13 19:12:53 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/13 19:12:53 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/13 19:12:53 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/13 19:12:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/13 19:12:38 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/04/13 19:12:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/04/13 19:12:38 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/04/13 19:12:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/13 19:12:38 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/04/13 19:12:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/13 19:12:38 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/04/13 19:12:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/04/13 19:12:37 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/04/13 19:12:37 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/04/13 19:12:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/04/13 19:12:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/04/13 19:12:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/04/13 19:12:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/04/13 19:12:32 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/13 19:12:32 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/13 19:12:32 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/13 19:12:31 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/13 19:12:31 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/13 19:12:31 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/13 19:12:31 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/13 19:12:28 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/13 19:12:28 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/13 19:12:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/13 19:12:27 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/04/13 08:06:11 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2011/04/13 08:06:11 | 000,027,176 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2011/04/13 08:06:11 | 000,013,352 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2011/04/11 19:36:38 | 000,000,000 | ---D | C] -- C:\Users\Choo Yeung\Documents\BioWare
[2011/04/10 20:15:06 | 000,000,000 | ---D | C] -- C:\Users\Choo Yeung\Desktop\101ND200
[2011/04/08 15:39:56 | 000,000,000 | ---D | C] -- C:\Users\Choo Yeung\Desktop\Martina Nikolic
[2011/04/08 15:23:06 | 000,000,000 | ---D | C] -- C:\Users\Choo Yeung\Desktop\Lisa Melo
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/07 20:58:58 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/05/07 20:56:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3804309867-560724695-4076208313-1000UA.job
[2011/05/07 20:54:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Choo Yeung\Desktop\OTL.exe
[2011/05/07 20:54:28 | 000,000,512 | ---- | M] () -- C:\Users\Choo Yeung\Desktop\MBR.dat
[2011/05/07 20:53:48 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Choo Yeung\Desktop\aswMBR.exe
[2011/05/07 20:16:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 18:24:07 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 18:24:07 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 18:16:23 | 000,000,324 | -HS- | M] () -- C:\Windows\tasks\snyvvw.job
[2011/05/07 18:15:07 | 536,125,439 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 09:33:48 | 000,080,133 | ---- | M] () -- C:\Users\Choo Yeung\Desktop\Transaction Detail - ACI Canadian Institute.pdf
[2011/05/04 18:47:19 | 005,006,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/03 14:03:05 | 000,015,196 | -H-- | M] () -- C:\Users\Choo Yeung\Documents\clthumbs.zdx
[2011/05/03 14:03:05 | 000,000,113 | -H-- | M] () -- C:\Users\Choo Yeung\Documents\clipart.zdx
[2011/05/02 07:56:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3804309867-560724695-4076208313-1000Core.job
[2011/04/30 13:43:40 | 000,892,962 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/30 13:43:40 | 000,746,012 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/30 13:43:40 | 000,154,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/29 22:22:24 | 000,625,664 | ---- | M] () -- C:\Users\Choo Yeung\Desktop\dds.scr
[2011/04/29 22:21:46 | 000,000,000 | ---- | M] () -- C:\Users\Choo Yeung\defogger_reenable
[2011/04/29 22:21:32 | 000,050,477 | ---- | M] () -- C:\Users\Choo Yeung\Desktop\Defogger.exe
[2011/04/29 19:06:51 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/04/29 09:17:28 | 000,002,052 | ---- | M] () -- C:\Users\Choo Yeung\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 16:31:13 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\Play Gazillionaire III.lnk
[2011/04/28 16:30:42 | 000,000,983 | ---- | M] () -- C:\Users\Choo Yeung\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2011/04/28 09:20:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/28 09:19:57 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Choo Yeung\Desktop\mbam-setup.exe
[2011/04/26 14:50:19 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/26 14:50:19 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/26 14:49:31 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/04/26 10:28:27 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/26 10:06:19 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/04/25 12:21:48 | 000,093,184 | RHS- | M] () -- C:\Windows\SysWow64\unimdmatd.dll
[2011/04/21 16:27:50 | 000,034,967 | ---- | M] () -- C:\Users\Choo Yeung\Documents\CYYao.jpg
[2011/04/14 11:13:11 | 000,085,055 | ---- | M] () -- C:\Users\Choo Yeung\Documents\Therapeutic Modalities - The Art and the Science - TENS Therapy.JPG
[2011/04/13 08:40:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011/04/13 08:40:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011/04/13 08:06:11 | 001,490,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2011/04/13 08:06:11 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2011/04/13 08:06:11 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 20:54:28 | 000,000,512 | ---- | C] () -- C:\Users\Choo Yeung\Desktop\MBR.dat
[2011/05/06 09:33:46 | 000,080,133 | ---- | C] () -- C:\Users\Choo Yeung\Desktop\Transaction Detail - ACI Canadian Institute.pdf
[2011/05/03 14:03:05 | 000,015,196 | -H-- | C] () -- C:\Users\Choo Yeung\Documents\clthumbs.zdx
[2011/05/03 14:03:04 | 000,000,113 | -H-- | C] () -- C:\Users\Choo Yeung\Documents\clipart.zdx
[2011/05/03 12:27:09 | 001,999,872 | ---- | C] () -- C:\Windows\SysWow64\Msvcp60.pdb
[2011/05/03 12:27:09 | 001,442,816 | ---- | C] () -- C:\Windows\SysWow64\Msvcp60d.pdb
[2011/05/03 12:27:09 | 000,594,900 | ---- | C] () -- C:\Windows\SysWow64\vbogl.tlb
[2011/05/03 12:27:09 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\cdTextCtl.dll
[2011/05/03 12:27:09 | 000,006,114 | ---- | C] () -- C:\Windows\SysWow64\SHELLLNK.TLB
[2011/05/03 12:27:09 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\ISWin32.tlb
[2011/05/03 12:27:08 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\Toc.ocx
[2011/04/29 22:22:20 | 000,625,664 | ---- | C] () -- C:\Users\Choo Yeung\Desktop\dds.scr
[2011/04/29 22:21:46 | 000,000,000 | ---- | C] () -- C:\Users\Choo Yeung\defogger_reenable
[2011/04/29 22:21:31 | 000,050,477 | ---- | C] () -- C:\Users\Choo Yeung\Desktop\Defogger.exe
[2011/04/28 16:31:13 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\Play Gazillionaire III.lnk
[2011/04/28 16:30:42 | 000,000,983 | ---- | C] () -- C:\Users\Choo Yeung\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2011/04/28 16:30:23 | 000,001,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2011/04/28 16:30:23 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2011/04/28 09:20:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 15:26:04 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/04/26 10:28:27 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/26 10:07:54 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/04/26 10:06:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/26 10:06:46 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/25 12:21:48 | 000,093,184 | RHS- | C] () -- C:\Windows\SysWow64\unimdmatd.dll
[2011/04/25 12:21:48 | 000,000,324 | -HS- | C] () -- C:\Windows\tasks\snyvvw.job
[2011/04/21 16:26:13 | 000,034,967 | ---- | C] () -- C:\Users\Choo Yeung\Documents\CYYao.jpg
[2011/04/14 11:13:10 | 000,085,055 | ---- | C] () -- C:\Users\Choo Yeung\Documents\Therapeutic Modalities - The Art and the Science - TENS Therapy.JPG
[2011/04/13 08:40:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011/04/13 08:40:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011/02/23 21:30:29 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/02/09 22:51:42 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/02/09 22:51:42 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/02/09 22:51:42 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/02/09 22:51:42 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/02/09 22:51:42 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/02/09 22:51:42 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/02/09 22:51:42 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/02/09 22:51:42 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/02/09 22:51:42 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/02/09 22:51:42 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/02/09 22:51:42 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/02/09 22:51:42 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/02/09 22:51:42 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/02/09 22:51:42 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/02/09 22:51:42 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/02/09 22:51:42 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/02/08 09:07:36 | 000,000,132 | ---- | C] () -- C:\Users\Choo Yeung\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/27 10:45:48 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011/01/05 14:20:49 | 000,007,602 | ---- | C] () -- C:\Users\Choo Yeung\AppData\Local\resmon.resmoncfg
[2011/01/02 20:38:38 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/01/02 20:38:38 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/01/02 20:38:38 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/01/01 17:18:22 | 000,900,860 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/01 10:55:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Devices
[2011/01/01 10:55:59 | 000,000,268 | RH-- | C] () -- C:\Users\Choo Yeung\AppData\Roaming\Limiter
[2011/01/01 10:55:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011/01/01 10:55:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Metadata Importer
[2011/01/01 10:44:06 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010/12/31 15:54:31 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/12/31 15:54:31 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/12/31 15:54:25 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/12/31 15:54:25 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/12/31 15:42:01 | 000,022,079 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/12/31 15:41:26 | 000,015,968 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/12/31 14:14:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/15 15:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:23:40 | 000,032,770 | ---- | C] () -- C:\Windows\SysWow64\vetank_.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/15 08:20:54 | 000,355,432 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/12/01 19:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/12/28 03:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/12/31 17:11:31 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/05/07 20:58:58 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/05/07 18:15:07 | 536,125,439 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 18:15:09 | 2146,492,415 | -HS- | M] () -- C:\pagefile.sys
[2011/04/26 15:32:02 | 000,000,361 | ---- | M] () -- C:\rkill.log
[2010/12/31 15:55:47 | 000,000,057 | -H-- | M] () -- C:\splash.idx
[2011/04/27 07:55:26 | 000,064,396 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_27.04.2011_07.52.31_log.txt
[2011/04/28 16:20:10 | 000,064,396 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_16.19.48_log.txt
[2009/07/06 23:03:24 | 000,009,392 | -H-- | M] () -- C:\version

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:1226FEE8

< End of report >

Here is the Extras log:

OTL Extras logfile created on: 07/05/2011 8:57:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Choo Yeung\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 126.02 Gb Free Space | 27.06% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 402.39 Gb Free Space | 43.20% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 356.27 Gb Free Space | 38.25% Space Free | Partition Type: NTFS

Computer Name: CY-DESKTOP | User Name: Choo Yeung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0874D757-6DE9-31B9-BA0B-2299F3A144C0}" = Microsoft Windows SDK .NET Framework Tools (40715)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{22D02951-5B4C-36FD-801E-ACB3595760B4}" = Microsoft Windows SDK for Windows 7 Samples (40715)
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{3607CBFF-3DC7-35E2-A78C-2A3BE1B72022}" = Microsoft Windows SDK for Windows 7 .NET Documentation (40715)
"{361A49FA-59B3-49FB-8C3E-08AF3EA5791A}" = Application Verifier (x64)
"{4515E93F-DBE9-3A97-B2C5-AD414A02B261}" = Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{698DEE97-5A35-3C60-960F-9FB9C58F4A3B}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715)
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{73BA9A8F-6B40-BF79-541E-464156FBA764}" = ccc-utility64
"{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{965DF723-5688-359E-84D2-417CAFE644B5}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B3012F41-D8C7-5ABD-05D1-3EF39D9ACC22}" = WMV9/VC-1 Video Playback
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{B95653AB-0E7F-204A-3226-17E9F38E6951}" = AMD Drag and Drop Transcoding
"{C5970161-E13E-6661-BBDA-A08268313C83}" = ATI Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{D00E997B-D651-4ec9-B02A-BC8F867CA98C}" = Canon MF4500 Series
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.134
"ImageMagick 6.6.6 Q16_is1" = ImageMagick 6.6.6-9 Q16 (2011-01-01)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
"WinRAR archiver" = WinRAR 4.00 beta 3 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF7EE11-49F5-B47E-1E5A-76E2B9A76EF7}" = Zinio Reader 4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{44D9A2CB-0692-3180-B5E2-26F4E807D067}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6331C6C0-3754-E910-7113-5013355C8E47}" = CCC Help English
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf11
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95C3927C-C899-C5D8-0EA7-67895FC979B2}" = ccc-core-static
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CA8B0FB9-69D0-4B50-8342-7CF0C96F10E6}" = Black's Digital Solution Studio
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED4B50B7-C06B-57FE-7985-AA83DDBEEEF5}" = Catalyst Control Center Graphics Previews Common
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.149
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"avast5" = avast! Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Gazillionaire III" = Gazillionaire III
"CDisplayEx_is1" = CDisplayEx 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Click'N Design 3D (V5)" = Click'N Design 3D (V5)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"ESET Online Scanner" = ESET Online Scanner v3
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"PunkBusterSvc" = PunkBuster Services
"Steam App 15100" = Assassin's Creed
"Steam App 17300" = Crysis
"Steam App 17460" = Mass Effect
"Steam App 17480" = Command and Conquer: Red Alert 3
"Steam App 22370" = Fallout 3 - Game of the Year Edition
"Steam App 48950" = Greed Corp
"Steam App 8980" = Borderlands
"Update Engine" = Sony Ericsson Update Engine
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.1.8
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"176B617376BCB7476A46D45F0C90807519F9A753" = Monster Resume Easy Submit
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/05/2011 6:34:58 PM | Computer Name = CY-Desktop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
Visual Studio 9.0\VC\bin\ia64\pgosweep.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 03/05/2011 6:35:48 PM | Computer Name = CY-Desktop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 04/05/2011 8:28:27 PM | Computer Name = CY-Desktop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
Visual Studio 9.0\VC\bin\ia64\pgocvt.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/05/2011 8:28:39 PM | Computer Name = CY-Desktop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
Visual Studio 9.0\VC\bin\ia64\pgomgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/05/2011 8:28:56 PM | Computer Name = CY-Desktop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
Visual Studio 9.0\VC\bin\ia64\pgosweep.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/05/2011 8:31:12 PM | Computer Name = CY-Desktop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 07/05/2011 6:46:41 PM | Computer Name = CY-Desktop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
Visual Studio 9.0\VC\bin\ia64\pgocvt.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 07/05/2011 6:46:53 PM | Computer Name = CY-Desktop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
Visual Studio 9.0\VC\bin\ia64\pgomgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 07/05/2011 6:47:01 PM | Computer Name = CY-Desktop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
Visual Studio 9.0\VC\bin\ia64\pgosweep.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 07/05/2011 6:47:50 PM | Computer Name = CY-Desktop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

[ Media Center Events ]
Error - 20/02/2011 7:53:19 AM | Computer Name = CY-Desktop | Source = MCUpdate | ID = 0
Description = 6:53:18 AM - Error connecting to the internet. 6:53:18 AM - Unable
to contact server..

Error - 20/02/2011 8:53:24 AM | Computer Name = CY-Desktop | Source = MCUpdate | ID = 0
Description = 7:53:23 AM - Error connecting to the internet. 7:53:23 AM - Unable
to contact server..

Error - 20/02/2011 9:53:29 AM | Computer Name = CY-Desktop | Source = MCUpdate | ID = 0
Description = 8:53:28 AM - Error connecting to the internet. 8:53:28 AM - Unable
to contact server..

Error - 20/02/2011 10:53:34 AM | Computer Name = CY-Desktop | Source = MCUpdate | ID = 0
Description = 9:53:33 AM - Error connecting to the internet. 9:53:33 AM - Unable
to contact server..

Error - 22/02/2011 7:19:17 AM | Computer Name = CY-Desktop | Source = MCUpdate | ID = 0
Description = 6:19:13 AM - Error connecting to the internet. 6:19:13 AM - Unable
to contact server..

Error - 22/02/2011 8:19:22 AM | Computer Name = CY-Desktop | Source = MCUpdate | ID = 0
Description = 7:19:21 AM - Error connecting to the internet. 7:19:21 AM - Unable
to contact server..

Error - 22/02/2011 7:36:40 PM | Computer Name = CY-Desktop | Source = MCUpdate | ID = 0
Description = 6:36:40 PM - Error connecting to the internet. 6:36:40 PM - Unable
to contact server..

Error - 22/02/2011 7:36:47 PM | Computer Name = CY-Desktop | Source = MCUpdate | ID = 0
Description = 6:36:45 PM - Error connecting to the internet. 6:36:45 PM - Unable
to contact server..

Error - 22/02/2011 8:36:52 PM | Computer Name = CY-Desktop | Source = MCUpdate | ID = 0
Description = 7:36:52 PM - Error connecting to the internet. 7:36:52 PM - Unable
to contact server..

Error - 22/02/2011 8:36:59 PM | Computer Name = CY-Desktop | Source = MCUpdate | ID = 0
Description = 7:36:57 PM - Error connecting to the internet. 7:36:57 PM - Unable
to contact server..

[ System Events ]
Error - 27/04/2011 10:43:43 PM | Computer Name = CY-Desktop | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk2\DR2, is not ready for access yet.

Error - 27/04/2011 10:43:43 PM | Computer Name = CY-Desktop | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk2\DR2, is not ready for access yet.

Error - 27/04/2011 10:43:43 PM | Computer Name = CY-Desktop | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk2\DR2, is not ready for access yet.

Error - 27/04/2011 10:43:43 PM | Computer Name = CY-Desktop | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk2\DR2, is not ready for access yet.

Error - 29/04/2011 7:06:07 PM | Computer Name = CY-Desktop | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 29/04/2011 7:06:25 PM | Computer Name = CY-Desktop | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 29/04/2011 7:06:52 PM | Computer Name = CY-Desktop | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 30/04/2011 1:13:06 PM | Computer Name = CY-Desktop | Source = DCOM | ID = 10001
Description =

Error - 02/05/2011 8:59:45 PM | Computer Name = CY-Desktop | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk2\DR2, is not ready for access yet.

Error - 03/05/2011 1:07:28 PM | Computer Name = CY-Desktop | Source = DCOM | ID = 10001
Description =


< End of report >

#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:29 AM

Posted 08 May 2011 - 06:16 PM

Hi again Choo Yeung!!.. :)

I took a quick glance at the logs you've posted - ok, two malicious files are clearly visible, and they're the culprit here...
[2011/04/25 12:21:48 | 000,093,184 | RHS- | C] () -- C:\Windows\SysWow64\unimdmatd.dll
[2011/04/25 12:21:48 | 000,000,324 | -HS- | C] () -- C:\Windows\tasks\snyvvw.job

Please run this tool for me:

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Post the log from ComboFix when you've accomplished that.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#6 Choo Yeung

Choo Yeung
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 08 May 2011 - 07:23 PM

Here it is! I also followed the disabling of AV stuff... but apparently Avast was running an update program of sorts.

Hope that didn't cause a problem.

ComboFix 11-05-08.02 - Choo Yeung 08/05/2011 20:08:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.6143.4372 [GMT -4:00]
Running from: c:\users\Choo Yeung\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))
.
.
2011-05-04 23:26 . 2011-05-04 23:26 -------- d-----w- c:\users\Choo Yeung\AppData\Local\{A0AA98AB-32C9-435D-83ED-CCFD9552FBFD}
2011-05-03 17:08 . 2011-05-03 17:08 -------- d-----w- c:\program files (x86)\Avery Dennison
2011-05-03 17:07 . 2011-05-03 17:08 -------- d-----w- c:\programdata\Avery
2011-05-03 16:58 . 1999-12-07 08:00 253952 ----a-w- c:\windows\SysWow64\temp.027
2011-05-03 16:58 . 2000-08-29 00:00 401462 ----a-w- c:\windows\SysWow64\temp.026
2011-05-03 16:58 . 2001-03-13 17:53 326656 ----a-w- c:\windows\SysWow64\temp.025
2011-05-03 16:58 . 2001-03-13 17:47 17920 ----a-w- c:\windows\SysWow64\temp.023
2011-05-03 16:58 . 2001-03-13 17:47 164112 ----a-w- c:\windows\SysWow64\temp.021
2011-05-03 16:58 . 2001-03-13 17:47 598288 ----a-w- c:\windows\SysWow64\temp.020
2011-05-03 16:58 . 2001-03-13 17:45 147728 ----a-w- c:\windows\SysWow64\temp.022
2011-05-03 16:58 . 2000-08-21 00:00 1388544 ----a-w- c:\windows\SysWow64\temp.024
2011-05-03 16:50 . 2009-07-14 01:15 406528 ----a-w- c:\windows\SysWow64\~GLU0000.TMP
2011-05-03 16:50 . 2009-07-14 01:15 253952 ----a-w- c:\windows\SysWow64\~GLU0001.TMP
2011-05-03 16:45 . 2000-08-29 00:00 401462 ----a-w- c:\windows\SysWow64\temp.01E
2011-05-03 16:45 . 1999-12-07 08:00 253952 ----a-w- c:\windows\SysWow64\temp.01F
2011-05-03 16:45 . 2001-03-13 17:53 326656 ----a-w- c:\windows\SysWow64\temp.01D
2011-05-03 16:45 . 2001-03-13 17:47 17920 ----a-w- c:\windows\SysWow64\temp.01B
2011-05-03 16:45 . 2001-03-13 17:47 164112 ----a-w- c:\windows\SysWow64\temp.019
2011-05-03 16:45 . 2001-03-13 17:47 598288 ----a-w- c:\windows\SysWow64\temp.018
2011-05-03 16:45 . 2001-03-13 17:45 147728 ----a-w- c:\windows\SysWow64\temp.01A
2011-05-03 16:45 . 2000-08-21 00:00 1388544 ----a-w- c:\windows\SysWow64\temp.01C
2011-05-03 16:44 . 2000-08-29 00:00 401462 ----a-w- c:\windows\SysWow64\temp.016
2011-05-03 16:44 . 1999-12-07 08:00 253952 ----a-w- c:\windows\SysWow64\temp.017
2011-05-03 16:44 . 2001-03-13 17:53 326656 ----a-w- c:\windows\SysWow64\temp.015
2011-05-03 16:44 . 2001-03-13 17:47 17920 ----a-w- c:\windows\SysWow64\temp.013
2011-05-03 16:44 . 2001-03-13 17:47 164112 ----a-w- c:\windows\SysWow64\temp.011
2011-05-03 16:44 . 2001-03-13 17:47 598288 ----a-w- c:\windows\SysWow64\temp.010
2011-05-03 16:44 . 2001-03-13 17:45 147728 ----a-w- c:\windows\SysWow64\temp.012
2011-05-03 16:44 . 2000-08-21 00:00 1388544 ----a-w- c:\windows\SysWow64\temp.014
2011-05-03 16:40 . 2000-08-29 00:00 401462 ----a-w- c:\windows\SysWow64\temp.00E
2011-05-03 16:40 . 1999-12-07 08:00 253952 ----a-w- c:\windows\SysWow64\temp.00F
2011-05-03 16:40 . 2001-03-13 17:53 326656 ----a-w- c:\windows\SysWow64\temp.00D
2011-05-03 16:40 . 2001-03-13 17:47 17920 ----a-w- c:\windows\SysWow64\temp.00B
2011-05-03 16:40 . 2001-03-13 17:47 164112 ----a-w- c:\windows\SysWow64\temp.009
2011-05-03 16:40 . 2001-03-13 17:47 598288 ----a-w- c:\windows\SysWow64\temp.008
2011-05-03 16:40 . 2001-03-13 17:45 147728 ----a-w- c:\windows\SysWow64\temp.00A
2011-05-03 16:40 . 2000-08-21 00:00 1388544 ----a-w- c:\windows\SysWow64\temp.00C
2011-05-03 16:17 . 2011-05-03 16:17 53248 ----a-r- c:\users\Choo Yeung\AppData\Roaming\Microsoft\Installer\{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}\ARPPRODUCTICON.exe
2011-05-03 16:17 . 2011-05-03 16:18 -------- d-----w- c:\users\Choo Yeung\AppData\Roaming\Avery
2011-04-30 02:08 . 2011-04-30 02:16 -------- d-----w- c:\users\Choo Yeung\AppData\Local\Microsoft Games
2011-04-28 20:31 . 2011-04-28 20:31 -------- d-----w- c:\program files (x86)\Gazillionaire III
2011-04-28 20:30 . 2011-04-28 20:30 -------- d-----w- c:\programdata\Big Fish Games
2011-04-28 20:30 . 2011-04-28 20:30 -------- d-----w- c:\program files (x86)\bfgclient
2011-04-28 20:29 . 2011-04-28 20:30 -------- d-----w- C:\BigFishGamesCache
2011-04-27 15:06 . 2011-04-27 15:06 -------- d-----w- c:\users\Choo Yeung\AppData\Local\{DA2754E8-5BF4-40A7-8656-9D86B6E34E26}
2011-04-26 19:26 . 2011-04-29 23:06 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-04-26 18:43 . 2011-04-26 18:43 -------- d-----w- c:\program files\CCleaner
2011-04-26 14:21 . 2011-04-26 14:21 -------- d-----w- c:\program files (x86)\ESET
2011-04-26 14:06 . 2011-04-26 14:06 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-26 14:05 . 2011-04-26 14:05 -------- d-----w- c:\users\Choo Yeung\AppData\Local\Sunbelt Software
2011-04-26 14:04 . 2011-04-26 18:51 -------- d-----w- c:\programdata\Lavasoft
2011-04-26 14:04 . 2011-04-26 14:04 -------- d-----w- c:\program files (x86)\Lavasoft
2011-04-25 17:16 . 2011-04-25 17:16 -------- d-----w- c:\users\Choo Yeung\AppData\Roaming\Malwarebytes
2011-04-25 17:16 . 2011-04-25 17:16 -------- d-----w- c:\programdata\Malwarebytes
2011-04-25 17:16 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-25 17:16 . 2011-04-28 13:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-25 17:16 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-25 16:21 . 2011-04-25 16:21 93184 --sha-r- c:\windows\SysWow64\unimdmatd.dll
2011-04-24 20:33 . 2011-04-24 20:33 -------- d-----w- c:\programdata\Trymedia
2011-04-22 13:50 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC4DA8B9-8908-4FB1-A05D-FD63FA510E34}\mpengine.dll
2011-04-21 02:00 . 2011-04-21 02:00 -------- d-----w- c:\program files\iPod
2011-04-21 01:59 . 2011-04-21 02:00 -------- d-----w- c:\program files\iTunes
2011-04-21 01:59 . 2011-04-21 02:00 -------- d-----w- c:\program files (x86)\iTunes
2011-04-21 01:58 . 2011-04-21 01:58 -------- d-----w- c:\program files\Bonjour
2011-04-21 01:58 . 2011-04-21 01:58 -------- d-----w- c:\program files (x86)\Bonjour
2011-04-13 23:13 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-13 23:13 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-13 23:13 . 2011-02-18 06:37 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 23:13 . 2011-02-18 05:36 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-13 12:06 . 2011-04-13 12:06 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-04-13 12:06 . 2011-04-13 12:06 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-04-13 12:06 . 2011-04-13 12:06 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 20:26 . 2011-04-06 20:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:26 . 2011-04-06 20:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:26 . 2011-04-06 20:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:26 . 2011-04-06 20:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-30 15:14 . 2011-03-30 15:14 65536 ----a-r- c:\users\Choo Yeung\AppData\Roaming\Microsoft\Installer\{CA8B0FB9-69D0-4B50-8342-7CF0C96F10E6}\NewShortcut3_CA8B0FB969D04B5083427CF0C96F10E6.exe
2011-03-30 15:14 . 2011-03-30 15:14 65536 ----a-r- c:\users\Choo Yeung\AppData\Roaming\Microsoft\Installer\{CA8B0FB9-69D0-4B50-8342-7CF0C96F10E6}\NewShortcut2_CA8B0FB969D04B5083427CF0C96F10E6.exe
2011-03-11 13:12 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:17 . 2011-04-28 01:41 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-28 01:41 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-02 16:52 . 2011-03-02 16:52 620851 ----a-w- c:\windows\P5Q-ASUS-SE-PLUS-2204.zip
2011-02-23 01:37 . 2011-01-01 15:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-02-23 01:37 . 2011-01-01 14:45 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-02-23 01:37 . 2011-01-01 14:45 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-19 06:37 . 2011-03-09 19:27 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 19:27 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 19:27 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 19:27 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 19:27 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 21:36 . 2011-02-18 21:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 00:25 . 2011-02-18 00:25 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-02-18 00:25 . 2011-01-04 02:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-02-18 00:24 . 2011-01-04 02:53 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-01-03 00:15 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-01-03 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-02-28 427008]
"SansaDispatch"="c:\users\Choo Yeung\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-03-09 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-05-18 2157056]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-31 30192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-31 30192]
R3 Normandy;Normandy SR2; [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-06-05 315392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3804309867-560724695-4076208313-1000Core.job
- c:\users\Choo Yeung\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-03 16:36]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3804309867-560724695-4076208313-1000UA.job
- c:\users\Choo Yeung\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-03 16:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Choo Yeung\AppData\Roaming\Mozilla\Firefox\Profiles\dbyxpcx5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3804309867-560724695-4076208313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3804309867-560724695-4076208313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3804309867-560724695-4076208313-1000\Software\SecuROM\License information*]
"datasecu"=hex:d1,18,16,64,c2,04,2f,cf,73,4b,e0,84,e0,4d,4d,c0,a2,05,42,20,30,
b7,ee,c8,41,0d,46,42,07,77,e6,81,f8,c0,50,11,98,7f,d4,42,d0,f9,8e,29,21,e0,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-08 20:17:35
ComboFix-quarantined-files.txt 2011-05-09 00:17
.
Pre-Run: 134,318,145,536 bytes free
Post-Run: 134,050,639,872 bytes free
.
- - End Of File - - 433E89E7E7D7EC01F90173954103D9F0

#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:29 AM

Posted 09 May 2011 - 09:16 AM

Hi again Choo Yeung!!.. :)

Let's run a script with ComboFix to delete these malicious files:

Firstly,
I see you have this toolbar installed:
Ask Toolbar - bundled with many third party applications... I recommend you uninstall it... For more information, see the notes here: Products with Ask Toolbar

If you decide, use: Start -> Control Panel -> Programs and Features

Secondly,
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


3. Open Notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic394524.html

Collect::
C:\Windows\SysWow64\unimdmatd.dll
C:\Windows\tasks\snyvvw.job

Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 Choo Yeung

Choo Yeung
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 11 May 2011 - 09:27 PM

Here we go!

ComboFix 11-05-08.02 - Choo Yeung 11/05/2011 22:09:52.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.6143.4403 [GMT -4:00]
Running from: c:\users\Choo Yeung\Desktop\ComboFix.exe
Command switches used :: c:\users\Choo Yeung\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\unimdmatd.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))
.
.
2011-05-12 02:19 . 2011-05-12 02:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-11 01:25 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 01:25 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 01:25 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 01:25 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 01:25 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 01:25 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 01:25 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 01:25 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 01:25 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 01:25 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-04 23:26 . 2011-05-04 23:26 -------- d-----w- c:\users\Choo Yeung\AppData\Local\{A0AA98AB-32C9-435D-83ED-CCFD9552FBFD}
2011-05-03 17:08 . 2011-05-03 17:08 -------- d-----w- c:\program files (x86)\Avery Dennison
2011-05-03 17:07 . 2011-05-03 17:08 -------- d-----w- c:\programdata\Avery
2011-05-03 16:58 . 1999-12-07 08:00 253952 ----a-w- c:\windows\SysWow64\temp.027
2011-05-03 16:58 . 2000-08-29 00:00 401462 ----a-w- c:\windows\SysWow64\temp.026
2011-05-03 16:58 . 2001-03-13 17:53 326656 ----a-w- c:\windows\SysWow64\temp.025
2011-05-03 16:58 . 2001-03-13 17:47 17920 ----a-w- c:\windows\SysWow64\temp.023
2011-05-03 16:58 . 2001-03-13 17:47 164112 ----a-w- c:\windows\SysWow64\temp.021
2011-05-03 16:58 . 2001-03-13 17:47 598288 ----a-w- c:\windows\SysWow64\temp.020
2011-05-03 16:58 . 2001-03-13 17:45 147728 ----a-w- c:\windows\SysWow64\temp.022
2011-05-03 16:58 . 2000-08-21 00:00 1388544 ----a-w- c:\windows\SysWow64\temp.024
2011-05-03 16:50 . 2009-07-14 01:15 406528 ----a-w- c:\windows\SysWow64\~GLU0000.TMP
2011-05-03 16:50 . 2009-07-14 01:15 253952 ----a-w- c:\windows\SysWow64\~GLU0001.TMP
2011-05-03 16:45 . 2000-08-29 00:00 401462 ----a-w- c:\windows\SysWow64\temp.01E
2011-05-03 16:45 . 1999-12-07 08:00 253952 ----a-w- c:\windows\SysWow64\temp.01F
2011-05-03 16:45 . 2001-03-13 17:53 326656 ----a-w- c:\windows\SysWow64\temp.01D
2011-05-03 16:45 . 2001-03-13 17:47 17920 ----a-w- c:\windows\SysWow64\temp.01B
2011-05-03 16:45 . 2001-03-13 17:47 164112 ----a-w- c:\windows\SysWow64\temp.019
2011-05-03 16:45 . 2001-03-13 17:47 598288 ----a-w- c:\windows\SysWow64\temp.018
2011-05-03 16:45 . 2001-03-13 17:45 147728 ----a-w- c:\windows\SysWow64\temp.01A
2011-05-03 16:45 . 2000-08-21 00:00 1388544 ----a-w- c:\windows\SysWow64\temp.01C
2011-05-03 16:44 . 2000-08-29 00:00 401462 ----a-w- c:\windows\SysWow64\temp.016
2011-05-03 16:44 . 1999-12-07 08:00 253952 ----a-w- c:\windows\SysWow64\temp.017
2011-05-03 16:44 . 2001-03-13 17:53 326656 ----a-w- c:\windows\SysWow64\temp.015
2011-05-03 16:44 . 2001-03-13 17:47 17920 ----a-w- c:\windows\SysWow64\temp.013
2011-05-03 16:44 . 2001-03-13 17:47 164112 ----a-w- c:\windows\SysWow64\temp.011
2011-05-03 16:44 . 2001-03-13 17:47 598288 ----a-w- c:\windows\SysWow64\temp.010
2011-05-03 16:44 . 2001-03-13 17:45 147728 ----a-w- c:\windows\SysWow64\temp.012
2011-05-03 16:44 . 2000-08-21 00:00 1388544 ----a-w- c:\windows\SysWow64\temp.014
2011-05-03 16:40 . 2000-08-29 00:00 401462 ----a-w- c:\windows\SysWow64\temp.00E
2011-05-03 16:40 . 1999-12-07 08:00 253952 ----a-w- c:\windows\SysWow64\temp.00F
2011-05-03 16:40 . 2001-03-13 17:53 326656 ----a-w- c:\windows\SysWow64\temp.00D
2011-05-03 16:40 . 2001-03-13 17:47 17920 ----a-w- c:\windows\SysWow64\temp.00B
2011-05-03 16:40 . 2001-03-13 17:47 164112 ----a-w- c:\windows\SysWow64\temp.009
2011-05-03 16:40 . 2001-03-13 17:47 598288 ----a-w- c:\windows\SysWow64\temp.008
2011-05-03 16:40 . 2001-03-13 17:45 147728 ----a-w- c:\windows\SysWow64\temp.00A
2011-05-03 16:40 . 2000-08-21 00:00 1388544 ----a-w- c:\windows\SysWow64\temp.00C
2011-05-03 16:17 . 2011-05-03 16:17 53248 ----a-r- c:\users\Choo Yeung\AppData\Roaming\Microsoft\Installer\{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}\ARPPRODUCTICON.exe
2011-05-03 16:17 . 2011-05-03 16:18 -------- d-----w- c:\users\Choo Yeung\AppData\Roaming\Avery
2011-04-30 02:08 . 2011-04-30 02:16 -------- d-----w- c:\users\Choo Yeung\AppData\Local\Microsoft Games
2011-04-28 20:31 . 2011-04-28 20:31 -------- d-----w- c:\program files (x86)\Gazillionaire III
2011-04-28 20:30 . 2011-04-28 20:30 -------- d-----w- c:\programdata\Big Fish Games
2011-04-28 20:30 . 2011-04-28 20:30 -------- d-----w- c:\program files (x86)\bfgclient
2011-04-28 20:29 . 2011-04-28 20:30 -------- d-----w- C:\BigFishGamesCache
2011-04-27 15:06 . 2011-04-27 15:06 -------- d-----w- c:\users\Choo Yeung\AppData\Local\{DA2754E8-5BF4-40A7-8656-9D86B6E34E26}
2011-04-26 19:26 . 2011-04-29 23:06 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-04-26 18:43 . 2011-04-26 18:43 -------- d-----w- c:\program files\CCleaner
2011-04-26 14:21 . 2011-04-26 14:21 -------- d-----w- c:\program files (x86)\ESET
2011-04-26 14:06 . 2011-04-26 14:06 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-26 14:05 . 2011-04-26 14:05 -------- d-----w- c:\users\Choo Yeung\AppData\Local\Sunbelt Software
2011-04-26 14:04 . 2011-04-26 18:51 -------- d-----w- c:\programdata\Lavasoft
2011-04-26 14:04 . 2011-04-26 14:04 -------- d-----w- c:\program files (x86)\Lavasoft
2011-04-25 17:16 . 2011-04-25 17:16 -------- d-----w- c:\users\Choo Yeung\AppData\Roaming\Malwarebytes
2011-04-25 17:16 . 2011-04-25 17:16 -------- d-----w- c:\programdata\Malwarebytes
2011-04-25 17:16 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-25 17:16 . 2011-04-28 13:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-25 17:16 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-24 20:33 . 2011-04-24 20:33 -------- d-----w- c:\programdata\Trymedia
2011-04-22 13:50 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC4DA8B9-8908-4FB1-A05D-FD63FA510E34}\mpengine.dll
2011-04-21 02:00 . 2011-04-21 02:00 -------- d-----w- c:\program files\iPod
2011-04-21 01:59 . 2011-04-21 02:00 -------- d-----w- c:\program files\iTunes
2011-04-21 01:59 . 2011-04-21 02:00 -------- d-----w- c:\program files (x86)\iTunes
2011-04-21 01:58 . 2011-04-21 01:58 -------- d-----w- c:\program files\Bonjour
2011-04-21 01:58 . 2011-04-21 01:58 -------- d-----w- c:\program files (x86)\Bonjour
2011-04-13 23:13 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-13 23:13 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-13 23:13 . 2011-02-18 06:37 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 23:13 . 2011-02-18 05:36 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-13 12:06 . 2011-04-13 12:06 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-04-13 12:06 . 2011-04-13 12:06 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-04-13 12:06 . 2011-04-13 12:06 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 20:26 . 2011-04-06 20:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:26 . 2011-04-06 20:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:26 . 2011-04-06 20:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:26 . 2011-04-06 20:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-30 15:14 . 2011-03-30 15:14 65536 ----a-r- c:\users\Choo Yeung\AppData\Roaming\Microsoft\Installer\{CA8B0FB9-69D0-4B50-8342-7CF0C96F10E6}\NewShortcut3_CA8B0FB969D04B5083427CF0C96F10E6.exe
2011-03-30 15:14 . 2011-03-30 15:14 65536 ----a-r- c:\users\Choo Yeung\AppData\Roaming\Microsoft\Installer\{CA8B0FB9-69D0-4B50-8342-7CF0C96F10E6}\NewShortcut2_CA8B0FB969D04B5083427CF0C96F10E6.exe
2011-03-11 13:12 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:17 . 2011-04-28 01:41 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-28 01:41 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-02 16:52 . 2011-03-02 16:52 620851 ----a-w- c:\windows\P5Q-ASUS-SE-PLUS-2204.zip
2011-02-23 01:37 . 2011-01-01 15:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-02-23 01:37 . 2011-01-01 14:45 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-02-23 01:37 . 2011-01-01 14:45 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-19 06:37 . 2011-03-09 19:27 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 19:27 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 19:27 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 19:27 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 19:27 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 21:36 . 2011-02-18 21:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 00:25 . 2011-02-18 00:25 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-02-18 00:25 . 2011-01-04 02:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-02-18 00:24 . 2011-01-04 02:53 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-09_00.15.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-05-09 00:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-05-12 02:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-05-12 02:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-09 00:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-09 00:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-12 02:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-31 19:52 . 2011-05-11 22:38 31090 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-12 02:23 31916 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-05-08 16:05 31916 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2011-04-28 02:54 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-05-11 22:34 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-05-11 01:25 . 2011-03-25 03:22 30720 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbuhci.sys
+ 2011-05-11 01:25 . 2011-03-25 03:22 25600 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbohci.sys
+ 2011-05-11 01:25 . 2011-03-25 03:22 52224 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbehci.sys
+ 2011-05-11 01:25 . 2011-03-25 03:23 98816 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_d378b476be3d939d\usbccgp.sys
- 2010-12-31 18:45 . 2011-05-05 00:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-31 18:45 . 2011-05-11 22:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-31 18:45 . 2011-05-05 00:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-31 18:45 . 2011-05-11 22:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-05 00:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-11 22:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-31 19:27 . 2011-05-08 16:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-31 19:27 . 2011-05-12 02:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2011-05-05 23:00 79576 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-05-11 23:57 79576 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-12-31 19:27 . 2011-05-08 16:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-31 19:27 . 2011-05-12 02:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-31 19:27 . 2011-05-08 16:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-31 19:27 . 2011-05-12 02:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-31 19:27 . 2011-05-09 00:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-31 19:27 . 2011-05-12 02:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-31 19:27 . 2011-05-12 02:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-31 19:27 . 2011-05-09 00:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-31 20:49 . 2011-04-14 01:40 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-12-31 20:49 . 2011-05-11 01:37 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-12-31 20:49 . 2011-04-14 01:40 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-12-31 20:49 . 2011-05-11 01:37 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-12-31 20:49 . 2011-04-14 01:40 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-12-31 20:49 . 2011-05-11 01:37 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-12-31 19:28 . 2011-05-12 02:23 8256 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3804309867-560724695-4076208313-1000_UserData.bin
+ 2011-05-11 01:25 . 2011-03-25 03:22 7936 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbd.sys
- 2011-05-08 16:03 . 2011-05-08 16:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-12 02:21 . 2011-05-12 02:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-12 02:21 . 2011-05-12 02:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-08 16:03 . 2011-05-08 16:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-04 08:31 . 2011-05-11 00:52 287154 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:30 . 2011-05-11 22:34 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-04-28 02:54 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-04-28 02:54 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-05-11 22:34 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-05-11 01:25 . 2011-03-25 03:23 324608 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbport.sys
+ 2011-05-11 01:25 . 2011-03-25 03:23 343040 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbhub.sys
+ 2011-05-11 01:25 . 2011-03-25 03:23 343040 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_d378b476be3d939d\usbhub.sys
- 2009-07-14 05:31 . 2011-04-28 02:54 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2011-05-11 22:34 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:01 . 2011-05-12 02:20 426564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-05-08 01:18 426564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-12-31 20:49 . 2011-04-14 01:40 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-12-31 20:49 . 2011-05-11 01:37 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-12-31 20:49 . 2011-05-11 01:37 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2010-12-31 20:49 . 2011-04-14 01:40 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-12-31 20:49 . 2011-05-11 01:37 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2010-12-31 20:49 . 2011-04-14 01:40 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2010-12-31 20:49 . 2011-05-11 01:37 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2010-12-31 20:49 . 2011-04-14 01:40 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-07-14 04:45 . 2011-05-04 22:48 3839529 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-05-11 22:38 3839529 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-31 19:49 . 2011-05-12 02:20 1621832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-29 16:27 . 2011-04-29 16:27 4158464 c:\windows\Installer\ab4212.msp
+ 2010-12-31 20:49 . 2011-05-11 01:37 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-12-31 20:49 . 2011-04-14 01:40 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-07-14 02:34 . 2011-05-08 18:45 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-05-11 23:23 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-01-01 18:34 . 2011-05-11 01:37 44548040 c:\windows\system32\MRT.exe
+ 2011-01-01 18:00 . 2011-05-12 02:20 18297676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3804309867-560724695-4076208313-1000-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-02-28 427008]
"SansaDispatch"="c:\users\Choo Yeung\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-03-09 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-05-18 2157056]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-31 30192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-31 30192]
R3 Normandy;Normandy SR2; [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-06-05 315392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3804309867-560724695-4076208313-1000Core.job
- c:\users\Choo Yeung\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-03 16:36]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3804309867-560724695-4076208313-1000UA.job
- c:\users\Choo Yeung\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-03 16:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Choo Yeung\AppData\Roaming\Mozilla\Firefox\Profiles\dbyxpcx5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3804309867-560724695-4076208313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3804309867-560724695-4076208313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3804309867-560724695-4076208313-1000\Software\SecuROM\License information*]
"datasecu"=hex:d1,18,16,64,c2,04,2f,cf,73,4b,e0,84,e0,4d,4d,c0,a2,05,42,20,30,
b7,ee,c8,41,0d,46,42,07,77,e6,81,f8,c0,50,11,98,7f,d4,42,d0,f9,8e,29,21,e0,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
.
**************************************************************************
.
Completion time: 2011-05-11 22:26:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-12 02:26
ComboFix2.txt 2011-05-09 00:17
.
Pre-Run: 131,419,611,136 bytes free
Post-Run: 131,163,254,784 bytes free
.
- - End Of File - - CED4688EF3FCCAA06135DB939DBF3837
Upload was successful

#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:29 AM

Posted 12 May 2011 - 12:23 PM

Hi again Choo Yeung!!.. :)

Looks good!.. The problem with Google redirects should be gone now, could you confirm??..
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 Choo Yeung

Choo Yeung
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 12 May 2011 - 08:15 PM

Hi Snemelk!

After I ran Combofix the first time, everything was fine...

I uninstalled the ASK toolbar like you suggested, and after the second Combofix, everything is great!!!

Thank you so much for all your help!!

#11 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:29 AM

Posted 13 May 2011 - 03:01 PM

Hi again Choo Yeung!!.. :)

I uninstalled the ASK toolbar like you suggested, and after the second Combofix, everything is great!!!

I'm glad to see everything's running smoothly now!!.. :thumbup2:

So, some final steps to perform and you're good to go:

Firstly,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Secondly,
Please set a new Restore Point to prevent infection from any previous Restore Points.
The easiest and safest way to do this is:
  • Open Control Panel (Start --> Control Panel) and double-click the System icon.
  • Click on the System Protection link on the left. If an UAC (User Account Control) prompt appears, click Continue. Close the System window.
  • Make sure that you have System Protection turned on for your System drive (usually C:\):
    • In Windows 7: On under Protection,
    • In Windows Vista: a box on the left will be checked.
  • Click on the Create button. Give the restore point a name, and click Create. Wait till the new system restore point is created, and click Close.
  • Then go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire (usually C:\).
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Thirdly,
- Service Pack 1 for Windows 7 and Internet Explorer 9:
The latest Service pack for Windows 7 is out (see here: KB976932)! I recommend you install it. It should be available via Windows Update...

The newest version of Internet Explorer 9 should also be available via Windows Update (as an optional install) - I recommend you upgrade to the version #9...


Please check my site - snemelk.hekko.pl:

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:29 AM

Posted 23 May 2011 - 06:06 AM

Glad we could help. :)

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users