Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 on my Asus won't boot (in normal mode)


  • This topic is locked This topic is locked
16 replies to this topic

#1 lasjak

lasjak

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 15 July 2011 - 12:31 PM

Hi, I have a problem with booting Win7 system on my Asus after a virus infection. I tried some things, but don't know what to do next. I really hope someone here will be able to help me out.

The problem is a result of me opening exe file with virus (ofx I wasn't aware it was a virus), after clicking it MSE installed on my computer found some Trojan in that file, but it was too late for any action, because in 1s my computer did automatic reboot.

Since then every time I try to start my computer I get Windows Error Recovery screen and no matter what I select (even from advanced menu) it goes to Startup Repair (which doesn't find any solutions). Selecting other Recovery Options doesn't help, because all of my system restore points are gone and I don't have DVDs that would allow me to go back to fabric state (not that I would like to do that anyway...). System starts from partition X, which is something like 70MB. I tried to launch MSE from cmd, but it doesn't work (even after changing all environment variables so that they would point to drive C again).
I scanned computer with bootable BitDefender CD which found nothing and with Kaspersky Rescue Disk, but that also didn't help.

Any ideas of what should I try next? Thanks!

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:43 AM

Posted 15 July 2011 - 02:08 PM

Hi lasjak,

Welcome to Bleeping Computer. I will assist you with your problem.

Also I move this topic to the appropriate forum.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 lasjak

lasjak
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 15 July 2011 - 03:36 PM

Hello farbar, thanks for your quick reply. Here is my log:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.2
Ran by SYSTEM at 2011-07-15 20:17:28
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder [1732608 2009-11-26] ()
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-08-05] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2009-08-05] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2009-08-05] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16336488 2009-08-28] (NVIDIA Corporation)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190472 2009-09-16] (Logitech Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436224 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1860496 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [273544 2011-05-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKU\lasjak\...\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe [9030656 2011-06-14] (Creative Team S.A.)
HKU\lasjak\...\Run: [Google Update] "C:\Users\lasjak\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-07-10] (Google Inc.)
HKU\lasjak\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)
HKU\lasjak\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [15141768 2011-06-15] (Skype Technologies S.A.)
HKU\lasjak\...\Run: [Dguzeb] rundll32.exe "C:\Users\lasjak\AppData\Local\wdlsan.dll",Startup [110592 2010-11-20] (Progressive Networks)
HKU\lasjak\...\Run: [MSWUpdate] "C:\Users\lasjak\AppData\Roaming\spoolsv.exe" [172033 2011-07-12] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 212.67.142.1 212.67.142.2

==================== Services (Whitelisted) ======

2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [64952 2011-06-06] (Adobe Systems Incorporated)
3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
3 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" [183560 2011-02-28] (Microsoft Corporation.)
2 bgsvcgen; "C:\Windows\SysWOW64\bgsvcgen.exe" [145504 2007-06-15] (B.H.A Corporation)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [864032 2009-07-01] (Broadcom Corporation.)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [655624 2011-02-20] (Acresso Software Inc.)
3 fsssvc; "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" [1493352 2010-09-22] (Microsoft Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65888 2008-10-25] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2010-11-11] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [282616 2010-11-11] (Microsoft Corporation)
2 nvsvc; C:\Windows\system32\nvvsvc.exe [382568 2009-08-28] (NVIDIA Corporation)
2 OberonGameConsoleService; "C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe" [44312 2009-09-14] ()
3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441712 2008-11-03] (Microsoft Corporation)
2 SeaPort; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-02-25] (Microsoft Corporation)
3 spmgr; C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [57184 2010-09-22] (Microsoft Corporation)
2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2286976 2010-09-21] (Microsoft Corp.)
2 Akamai; c:\program files (x86)\common files\akamai\netsession_win_e477fed.dll [x]
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x]

========================== Drivers (Whitelisted) =============

3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [44032 2009-08-20] (Alcor Micro, Corp.)
2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1542656 2009-10-04] (Atheros Communications, Inc.)
3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [41984 2009-07-13] (Microsoft Corporation)
3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-13] (Microsoft Corporation)
3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552448 2010-11-20] (Microsoft Corporation)
3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [80384 2010-11-20] (Microsoft Corporation)
3 btusbflt; C:\Windows\System32\drivers\btusbflt.sys [54824 2010-04-13] (Broadcom Corporation.)
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [98344 2009-06-30] (Broadcom Corporation.)
3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [132648 2009-06-30] (Broadcom Corporation.)
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [35104 2009-04-06] (Broadcom Corporation.)
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [21160 2009-06-30] (Broadcom Corporation.)
3 dc3d; C:\Windows\System32\DRIVERS\dc3d.sys [51600 2010-07-01] (Microsoft Corporation)
3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [117760 2009-10-15] (ELAN Microelectronic Corp.)
2 ghaio; \??\C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys [17464 2011-07-10] ()
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2015520 2009-10-13] (Realtek Semiconductor Corp.)
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [62464 2009-09-03] (Atheros Communications, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [15928 2009-05-12] (ASUS)
2 MySQL; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.5\my.ini" MySQL [8956 2011-02-13] ()
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [23952 2010-07-21] (Microsoft Corporation)
3 NVHDA; C:\Windows\System32\drivers\nvhda64v.sys [81440 2009-04-30] (NVIDIA Corporation)
3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [11577192 2009-08-27] (NVIDIA Corporation)
3 Point64; C:\Windows\System32\DRIVERS\point64.sys [45456 2010-07-21] (Microsoft Corporation)
3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-13] (Microsoft Corporation)
3 SiSGbeLH; C:\Windows\System32\DRIVERS\SiSG664.sys [56832 2009-06-10] (Silicon Integrated Systems Corp.)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-09-18] (Duplex Secure Ltd.)
1 truecrypt; C:\Windows\System32\drivers\truecrypt.sys [230352 2011-04-29] (TrueCrypt Foundation)
1 VBoxDrv; C:\Windows\System32\DRIVERS\VBoxDrv.sys [202960 2010-08-05] (Oracle Corporation)
3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [144720 2010-08-05] (Oracle Corporation)
3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [164240 2010-08-05] (Oracle Corporation)
1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [53968 2010-08-05] (Oracle Corporation)
3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [26248 2009-09-11] (Logitech Inc.)
3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [41096 2009-09-11] (Logitech Inc.)
3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [36872 2009-09-11] (Logitech Inc.)
3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15880 2009-09-11] (Logitech Inc.)
3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [76552 2009-09-11] (Logitech Inc.)
3 tmlwf; [x]
3 tmwfp; [x]

========================== NetSvcs ========================

============ One Month Created Files and Folders ==============

2011-07-15 20:16 - 2011-07-15 20:17 - 0000000 ____D C:\FRST
2011-07-14 11:09 - 2011-07-15 03:31 - 0000000 ___AD C:\Kaspersky Rescue Disk 10.0
2011-07-14 08:24 - 2011-07-14 08:25 - 0000000 ____D C:\bd_logs
2011-07-13 00:26 - 2011-01-12 08:27 - 0000434 ____A C:\autorun.inf
2011-07-12 13:23 - 2011-07-12 13:23 - 0172033 __RSH C:\Users\lasjak\AppData\Roaming\spoolsv.exe
2011-06-28 22:22 - 2011-05-24 03:42 - 0404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2011-06-28 22:22 - 2011-05-24 02:40 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2011-06-28 22:22 - 2011-05-24 02:40 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2011-06-28 22:22 - 2011-05-24 02:39 - 0145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2011-06-28 22:22 - 2011-05-24 02:37 - 0252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2011-06-28 22:22 - 2011-05-03 21:25 - 2315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2011-06-28 22:22 - 2011-05-03 21:22 - 2223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2011-06-28 22:22 - 2011-05-03 21:22 - 0778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2011-06-28 22:22 - 2011-05-03 21:22 - 0491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2011-06-28 22:22 - 2011-05-03 21:22 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2011-06-28 22:22 - 2011-05-03 21:22 - 0075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2011-06-28 22:22 - 2011-05-03 21:19 - 0591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2011-06-28 22:22 - 2011-05-03 21:19 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2011-06-28 22:22 - 2011-05-03 21:19 - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2011-06-28 22:22 - 2011-05-03 20:34 - 1549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2011-06-28 22:22 - 2011-05-03 20:32 - 1401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2011-06-28 22:22 - 2011-05-03 20:32 - 0666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2011-06-28 22:22 - 2011-05-03 20:32 - 0337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2011-06-28 22:22 - 2011-05-03 20:32 - 0197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2011-06-28 22:22 - 2011-05-03 20:32 - 0059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2011-06-28 22:22 - 2011-05-03 20:28 - 0427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2011-06-28 22:22 - 2011-05-03 20:28 - 0164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2011-06-28 22:22 - 2011-05-03 20:28 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2011-06-16 22:57 - 2011-06-16 22:57 - 0002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2011-06-15 08:41 - 2011-04-22 17:29 - 2303488 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-06-15 08:41 - 2011-04-22 17:20 - 0818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-06-15 08:41 - 2011-04-22 17:19 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-06-15 08:41 - 2011-04-22 17:19 - 2136064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-06-15 08:41 - 2011-04-22 17:19 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-06-15 08:41 - 2011-04-22 17:17 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-06-15 08:41 - 2011-04-22 15:35 - 1797632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-06-15 08:41 - 2011-04-22 15:26 - 1785344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-06-15 08:41 - 2011-04-22 15:26 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-06-15 08:41 - 2011-04-22 15:26 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-06-15 08:41 - 2011-04-22 15:25 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-06-15 08:41 - 2011-04-22 15:24 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-06-15 08:40 - 2011-04-22 17:37 - 17773568 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-06-15 08:40 - 2011-04-22 17:27 - 10885632 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-06-15 08:40 - 2011-04-22 17:23 - 1344000 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-06-15 08:40 - 2011-04-22 15:36 - 12269056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-06-15 08:40 - 2011-04-22 15:32 - 9703936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-06-15 08:40 - 2011-04-22 15:30 - 1102336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

============ 3 Months Modified Files and Folders =============

2011-07-15 20:17 - 2011-07-15 20:16 - 0000000 ____D C:\FRST
2011-07-15 03:31 - 2011-07-14 11:09 - 0000000 ___AD C:\Kaspersky Rescue Disk 10.0
2011-07-14 08:25 - 2011-07-14 08:24 - 0000000 ____D C:\bd_logs
2011-07-12 23:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\LogFiles
2011-07-12 13:23 - 2011-07-12 13:23 - 0172033 __RSH C:\Users\lasjak\AppData\Roaming\spoolsv.exe
2011-07-12 13:23 - 2010-07-01 08:04 - 0000000 ____D C:\Users\lasjak\AppData\Roaming\BitTorrent
2011-07-12 12:46 - 2010-07-10 14:15 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-569262600-3408741810-436485839-1000UA.job
2011-07-12 12:12 - 2010-06-20 01:33 - 0000000 ____D C:\Users\lasjak\.VirtualBox
2011-07-12 11:34 - 2010-02-20 11:53 - 1736305 ____A C:\Windows\WindowsUpdate.log
2011-07-12 11:23 - 2010-06-25 20:28 - 0000000 ___RD C:\data
2011-07-12 08:09 - 2009-07-13 21:13 - 0729688 ____A C:\Windows\System32\PerfStringBackup.INI
2011-07-12 08:09 - 2009-07-13 18:36 - 0626278 ____A C:\Windows\System32\perfh009.dat
2011-07-12 08:09 - 2009-07-13 18:36 - 0107522 ____A C:\Windows\System32\perfc009.dat
2011-07-12 07:56 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-07-12 07:56 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-07-12 07:53 - 2010-06-22 22:13 - 0000000 ____D C:\Users\lasjak\AppData\Roaming\Skype
2011-07-12 07:49 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-07-12 07:49 - 2009-07-13 20:51 - 0101764 ____A C:\Windows\setupact.log
2011-07-12 07:48 - 2010-06-17 10:07 - 3193716736 __ASH C:\hiberfil.sys
2011-07-12 04:27 - 2011-05-21 19:26 - 8487669 ___AH C:\Users\lasjak\AppData\Local\IconCache.db
2011-07-11 04:00 - 2010-06-22 22:12 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-07-11 04:00 - 2010-06-22 22:12 - 0000000 ____D C:\Users\All Users\Skype
2011-07-11 04:00 - 2010-06-22 22:12 - 0000000 ____D C:\ProgramData\Skype
2011-07-11 03:58 - 2011-05-27 22:52 - 0000000 ____D C:\Users\All Users\Easybits GO
2011-07-11 03:58 - 2011-05-27 22:52 - 0000000 ____D C:\ProgramData\Easybits GO
2011-07-10 23:26 - 2010-02-20 12:48 - 0001247 ____A C:\Windows\System32\ServiceFilter.ini
2011-07-10 23:24 - 2011-05-27 22:52 - 0000000 ____D C:\Users\lasjak\AppData\Roaming\go
2011-07-10 15:27 - 2010-06-17 18:49 - 0000000 ____D C:\Users\All Users\ASUS
2011-07-10 15:27 - 2010-06-17 18:49 - 0000000 ____D C:\ProgramData\ASUS
2011-07-10 15:27 - 2010-02-20 12:29 - 0000000 ____D C:\Program Files (x86)\ASUS
2011-07-10 15:27 - 2010-02-20 12:25 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-07-10 15:24 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-07-10 15:15 - 2010-06-17 22:12 - 0007598 ____A C:\Users\lasjak\AppData\Local\Resmon.ResmonCfg
2011-07-07 21:46 - 2010-07-10 14:15 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-569262600-3408741810-436485839-1000Core.job
2011-07-07 21:12 - 2011-05-27 05:43 - 0000000 ____D C:\Users\All Users\Skype Extras
2011-07-07 21:12 - 2011-05-27 05:43 - 0000000 ____D C:\ProgramData\Skype Extras
2011-07-07 06:57 - 2010-08-20 13:48 - 0000000 ____D C:\eclipse_php
2011-07-04 10:14 - 2011-05-05 05:15 - 0000000 ____D C:\Users\lasjak\Documents\My Kindle Content
2011-07-03 10:55 - 2010-02-20 12:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-06-29 22:17 - 2009-07-13 20:45 - 0487632 ____A C:\Windows\System32\FNTCACHE.DAT
2011-06-26 15:37 - 2010-06-18 15:06 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-06-26 09:39 - 2011-06-01 23:15 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-06-17 22:59 - 2010-02-20 12:41 - 0047278 ____A C:\Windows\PFRO.log
2011-06-16 22:57 - 2011-06-16 22:57 - 0002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2011-06-16 22:57 - 2010-02-20 12:27 - 0000000 ____D C:\Users\All Users\Adobe
2011-06-16 22:57 - 2010-02-20 12:27 - 0000000 ____D C:\ProgramData\Adobe
2011-06-16 22:57 - 2010-02-20 12:27 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-06-15 11:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Microsoft.NET
2011-06-15 08:44 - 2010-06-18 14:28 - 49454024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-06-15 08:44 - 2010-02-20 12:04 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-06-15 08:44 - 2010-02-20 12:04 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-06-15 08:40 - 2010-06-17 18:14 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-06-14 00:48 - 2011-02-20 10:20 - 0000000 ____D C:\Users\All Users\Rosetta Stone
2011-06-14 00:48 - 2011-02-20 10:20 - 0000000 ____D C:\ProgramData\Rosetta Stone
2011-06-03 05:44 - 2010-09-21 15:51 - 0000000 ____D C:\Users\lasjak\AppData\Local\Eclipse
2011-06-03 05:43 - 2010-09-21 15:36 - 0000000 ____D C:\eclipse
2011-05-27 22:33 - 2010-06-22 22:14 - 0000000 ____D C:\Users\lasjak\AppData\Roaming\skypePM
2011-05-27 19:06 - 2011-06-14 22:55 - 3135488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-05-27 01:17 - 2009-07-13 19:20 - 0000000 ___RD C:\Program Files (x86)
2011-05-25 05:43 - 2011-02-12 06:32 - 0000000 ____D C:\tmp
2011-05-24 03:42 - 2011-06-28 22:22 - 0404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2011-05-24 02:40 - 2011-06-28 22:22 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2011-05-24 02:40 - 2011-06-28 22:22 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2011-05-24 02:39 - 2011-06-28 22:22 - 0145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2011-05-24 02:37 - 2011-06-28 22:22 - 0252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2011-05-22 01:15 - 2009-07-13 21:08 - 0032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-05-21 17:45 - 2011-05-21 17:45 - 0001950 ____A C:\Users\Public\Desktop\Free Offers.lnk
2011-05-21 17:45 - 2011-05-21 17:45 - 0001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2011-05-21 17:45 - 2010-07-25 02:49 - 0000000 ____D C:\Program Files (x86)\Real
2011-05-21 17:44 - 2010-11-18 00:41 - 0272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2011-05-21 17:44 - 2010-11-18 00:41 - 0198848 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2011-05-21 17:44 - 2010-11-18 00:41 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2011-05-21 17:44 - 2010-11-18 00:41 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2011-05-21 17:44 - 2010-07-25 02:49 - 0499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2011-05-21 17:44 - 2010-07-25 02:49 - 0348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2011-05-18 06:42 - 2010-06-25 17:53 - 0000000 ____D C:\Users\lasjak\AppData\Roaming\EurekaLog
2011-05-16 23:56 - 2011-05-16 23:55 - 0000613 ____A C:\Users\lasjak\Desktop\Need For Speed - Porsche 2000.lnk
2011-05-16 12:53 - 2010-07-16 00:21 - 0000000 ____D C:\Program Files (x86)\Winamp
2011-05-16 12:52 - 2010-12-16 23:58 - 0000000 ____D C:\Program Files (x86)\Winamp Detect
2011-05-15 13:45 - 2011-05-05 13:28 - 0000000 ____D C:\Users\lasjak\AppData\Local\GOGDownloader
2011-05-14 12:38 - 2011-05-14 12:38 - 0000000 ____D C:\Users\lasjak\Documents\PiBoSo
2011-05-14 12:37 - 2011-05-14 12:37 - 0466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2011-05-14 12:37 - 2011-05-14 12:37 - 0444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2011-05-14 12:37 - 2011-05-14 12:37 - 0122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2011-05-14 12:37 - 2011-05-14 12:37 - 0109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2011-05-14 12:37 - 2011-05-14 12:37 - 0000000 ____D C:\Program Files (x86)\OpenAL
2011-05-12 13:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\DriverStore
2011-05-11 04:14 - 2011-05-11 04:13 - 0000388 ____A C:\Windows\AIM_RACE_STUDIO.INI
2011-05-11 04:12 - 2011-05-11 04:12 - 0001010 ____A C:\Users\Public\Desktop\AIM USB-DRIVER 2008.lnk
2011-05-11 04:12 - 2011-05-11 04:12 - 0000772 ____A C:\Users\Public\Desktop\Race Studio Analysis.lnk
2011-05-11 04:12 - 2011-05-11 04:12 - 0000772 ____A C:\Users\Public\Desktop\Race Studio 2.lnk
2011-05-05 13:28 - 2011-05-05 13:28 - 0000000 ____D C:\Users\lasjak\Documents\GOG.com Downloads
2011-05-05 05:15 - 2011-05-05 05:15 - 0000000 ____D C:\Users\lasjak\AppData\Roaming\Amazon
2011-05-05 05:14 - 2011-05-05 05:14 - 0002302 ____A C:\Users\lasjak\Desktop\Kindle.lnk
2011-05-05 05:14 - 2011-05-05 05:14 - 0000000 ____D C:\Users\lasjak\AppData\Local\Amazon
2011-05-04 09:17 - 2010-09-24 10:06 - 0000000 ____D C:\Users\lasjak\AppData\Local\Kunos_Simulazioni
2011-05-04 09:16 - 2010-09-24 09:43 - 0000000 ____D C:\Windows\SysWOW64\directx
2011-05-03 21:25 - 2011-06-28 22:22 - 2315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2011-05-03 21:22 - 2011-06-28 22:22 - 2223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2011-05-03 21:22 - 2011-06-28 22:22 - 0778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2011-05-03 21:22 - 2011-06-28 22:22 - 0491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2011-05-03 21:22 - 2011-06-28 22:22 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2011-05-03 21:22 - 2011-06-28 22:22 - 0075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2011-05-03 21:19 - 2011-06-28 22:22 - 0591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2011-05-03 21:19 - 2011-06-28 22:22 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2011-05-03 21:19 - 2011-06-28 22:22 - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2011-05-03 20:34 - 2011-06-28 22:22 - 1549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2011-05-03 20:32 - 2011-06-28 22:22 - 1401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2011-05-03 20:32 - 2011-06-28 22:22 - 0666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2011-05-03 20:32 - 2011-06-28 22:22 - 0337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2011-05-03 20:32 - 2011-06-28 22:22 - 0197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2011-05-03 20:32 - 2011-06-28 22:22 - 0059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2011-05-03 20:28 - 2011-06-28 22:22 - 0427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2011-05-03 20:28 - 2011-06-28 22:22 - 0164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2011-05-03 20:28 - 2011-06-28 22:22 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2011-05-03 05:44 - 2011-05-03 05:39 - 0000000 ____D C:\Windows\rescache
2011-05-02 21:29 - 2011-06-14 22:55 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-05-02 20:30 - 2011-06-14 22:55 - 0741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2011-04-29 22:11 - 2010-06-27 13:45 - 0000000 ____D C:\Users\lasjak\AppData\Roaming\TrueCrypt
2011-04-29 14:01 - 2011-04-29 14:01 - 0230352 ____A (TrueCrypt Foundation) C:\Windows\System32\Drivers\truecrypt.sys
2011-04-28 23:54 - 2011-04-28 23:54 - 0000000 ____D C:\Program Files (x86)\Western Digital Corporation
2011-04-28 19:06 - 2011-06-14 22:55 - 0467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2011-04-28 19:05 - 2011-06-14 22:55 - 0410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2011-04-28 19:05 - 2011-06-14 22:55 - 0168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2011-04-28 12:23 - 2010-07-01 08:04 - 0000000 ____D C:\Program Files (x86)\BitTorrent
2011-04-26 18:40 - 2011-06-14 22:55 - 0158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2011-04-26 18:39 - 2011-06-14 22:55 - 0289280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-04-26 18:39 - 2011-06-14 22:55 - 0128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2011-04-24 21:33 - 2011-06-14 22:55 - 1923968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-04-24 18:34 - 2011-06-14 22:55 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-04-22 17:37 - 2011-06-15 08:40 - 17773568 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-04-22 17:29 - 2011-06-15 08:41 - 2303488 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-04-22 17:27 - 2011-06-15 08:40 - 10885632 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-04-22 17:23 - 2011-06-15 08:40 - 1344000 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-04-22 17:20 - 2011-06-15 08:41 - 0818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-04-22 17:19 - 2011-06-15 08:41 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-04-22 17:19 - 2011-06-15 08:41 - 2136064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-04-22 17:19 - 2011-06-15 08:41 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-04-22 17:17 - 2011-06-15 08:41 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-04-22 15:36 - 2011-06-15 08:40 - 12269056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-04-22 15:35 - 2011-06-15 08:41 - 1797632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-04-22 15:32 - 2011-06-15 08:40 - 9703936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-04-22 15:30 - 2011-06-15 08:40 - 1102336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-04-22 15:26 - 2011-06-15 08:41 - 1785344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-04-22 15:26 - 2011-06-15 08:41 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-04-22 15:26 - 2011-06-15 08:41 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-04-22 15:25 - 2011-06-15 08:41 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-04-22 15:24 - 2011-06-15 08:41 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-04-22 14:15 - 2011-05-24 21:53 - 0027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2011-04-19 22:13 - 2010-06-17 18:09 - 0132136 ____A C:\Users\lasjak\AppData\Local\GDIPFONTCACHEV1.DAT
2011-04-19 04:03 - 2011-04-19 04:03 - 0000000 ____D C:\Program Files\Microsoft IntelliType Pro
2011-04-19 03:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-04-19 03:53 - 2011-04-19 03:53 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2011-04-19 03:53 - 2011-04-19 03:53 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2011-04-19 03:53 - 2011-04-19 03:53 - 1492992 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-04-19 03:53 - 2011-04-19 03:53 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-04-19 03:53 - 2011-04-19 03:53 - 1389056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 1126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-04-19 03:53 - 2011-04-19 03:53 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-04-19 03:53 - 2011-04-19 03:53 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0236544 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2011-04-19 03:53 - 2011-04-19 03:53 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2011-04-19 03:53 - 2011-04-19 03:53 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2011-04-19 03:53 - 2011-04-19 03:53 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2011-04-19 03:53 - 2011-04-19 03:53 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-04-19 03:53 - 2011-04-19 03:53 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-04-19 03:53 - 2011-04-19 03:53 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-04-19 03:53 - 2011-04-18 21:28 - 0005969 ____A C:\Windows\IE9_main.log
2011-04-15 14:11 - 2010-10-27 01:31 - 0000000 ____D C:\Users\lasjak\AppData\Local\Windows Live
2011-04-15 11:44 - 2011-04-15 11:44 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf
2011-04-15 11:44 - 2011-04-15 11:44 - 0000000 ____D C:\Program Files\Microsoft IntelliPoint
2011-04-15 11:42 - 2011-04-15 11:42 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_NuidFltr_01009.Wdf
2011-04-15 11:42 - 2011-04-15 11:42 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4061.02 MB
Available physical RAM: 3488.31 MB
Total Pagefile: 4059.17 MB
Available Pagefile: 3483.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:2.09 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:17.08 GB) NTFS
3 Drive e: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.26 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==========================================================

Last Boot: 2011-07-04 04:13

======================= End Of Log ==========================

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:43 AM

Posted 15 July 2011 - 04:00 PM

Among others your computer is infected with TrojanSpy:Win32/Bancos.

TrojanSpy:Win32/Bancos. This is a data-stealing trojan that captures online banking credentials, such as account login names and passwords, then relays the captured information to a remote attacker.


Source: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy%3aWin32%2fBancos.TA

So please take necessary action to protect yourself if you do online banking with this computer.

*************

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

******

Your system is set to go through a server in Poland. If you are not living in Poland it could be the work of the malware hijacking internet traffic. Please let me know if you are not living in Poland.

The next round after your feedback we start with the fix.

#5 lasjak

lasjak
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 15 July 2011 - 04:15 PM

O wow, thanks. I do live in Poland, so that's ok.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:43 AM

Posted 15 July 2011 - 04:20 PM

It is okay then.:)

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKU\lasjak\...\Run: [MSWUpdate] "C:\Users\lasjak\AppData\Roaming\spoolsv.exe" [172033 2011-07-12] ()
2011-07-12 13:23 - 2011-07-12 13:23 - 0172033 __RSH C:\Users\lasjak\AppData\Roaming\spoolsv.exe
cmd: bootrec /FixMbr
Control:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart the computer and let it boot normally and tell me how it went.

#7 lasjak

lasjak
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 15 July 2011 - 04:46 PM

Windows did boot normally and seems to be working fine, thanks:). Only Asus Express Gate (quick computer boot, but not standard) installation is still corrupted, but I expected it and I can live with that. Is there anything else I should do/remove to clean my computer?

Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.1.2)
Ran by SYSTEM at 2011-07-15 21:25:13 R:1
Running from E:\

==============================================

HKEY_USERS\lasjak\Software\Microsoft\Windows\CurrentVersion\Run\\MSWUpdate Value deleted successfully.
C:\Users\lasjak\AppData\Roaming\spoolsv.exe moved successfully.

========= bootrec /FixMbr =========

˙ţT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

The operation completed successfully.

Edited by lasjak, 15 July 2011 - 04:47 PM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:43 AM

Posted 15 July 2011 - 04:52 PM

Great. :thumbup2:


Yes we need to make sure the computer is clean.

Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#9 lasjak

lasjak
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 15 July 2011 - 05:20 PM

Result of my scan:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7153

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/15/2011 10:07:36 PM
mbam-log-2011-07-15 (22-07-36).txt

Scan type: Quick scan
Objects scanned: 171654
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\VB AND VBA PROGRAM SETTINGS\Micronsoft (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\lasjak\AppData\Local\Temp\warshb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\lasjak\local settings\temporary internet files\Content.IE5\SE9MW5SM\warshb[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:43 AM

Posted 15 July 2011 - 05:28 PM

Now I would like to have two more logs and an online scan. But it is too late here and I'll see the logs tomorrow.

  • Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open, copy and paste OTL.txt and attacht Extra.txt to your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
[*]This small application you may want to keep and use to keep the computer clean.
Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.
[*]ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats and the option Scan archives are checked.
  • Now click on Advanced Settings and select the following:
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan![/list]

#11 lasjak

lasjak
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 16 July 2011 - 01:28 AM

Content of OTL.txt:

OTL logfile created on: 7/15/2011 10:33:54 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = D:\downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 49.96% Memory free
7.93 Gb Paging File | 5.54 Gb Available in Paging File | 69.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 2.10 Gb Free Space | 1.80% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 16.83 Gb Free Space | 5.03% Space Free | Partition Type: NTFS

Computer Name: LASJAK-PC | User Name: lasjak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/15 22:30:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/27 01:37:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/22 03:44:27 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/01 18:27:54 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/02/20 22:48:40 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/01/20 16:07:54 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/09 20:27:44 | 006,937,216 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/09/25 19:24:36 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/09/24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/09/16 03:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/08/20 06:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/07/02 04:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/06/24 22:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/12/23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe


========== Modules (SafeList) ==========

MOD - [2011/07/15 22:30:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe
MOD - [2010/11/20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/21 05:52:36 | 009,631,232 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/17 21:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 04:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 20:28:33 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/20 20:20:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/01 18:27:54 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/15 03:03:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/30 00:01:05 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/18 12:17:47 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/08/05 14:02:56 | 000,144,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/07/21 17:14:24 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/10/15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/10/05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/11 21:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/09/11 21:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/09/11 21:48:58 | 000,036,872 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2009/09/11 21:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/11 21:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009/09/04 07:39:07 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/08/21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/28 22:05:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/17 10:52:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 06:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 06:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 06:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/30 15:43:33 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/04/07 09:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2011/07/11 01:26:34 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-569262600-3408741810-436485839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-569262600-3408741810-436485839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKU\S-1-5-21-569262600-3408741810-436485839-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-569262600-3408741810-436485839-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: player@vividas.com:4.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}:5.0.21


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lasjak\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lasjak\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/22 03:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/27 01:37:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/17 08:57:54 | 000,000,000 | ---D | M]

[2010/06/19 01:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lasjak\AppData\Roaming\Mozilla\Extensions
[2011/06/23 09:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lasjak\AppData\Roaming\Mozilla\Firefox\Profiles\e20tad8q.default\extensions
[2011/03/19 21:45:02 | 000,000,000 | ---D | M] (Vividas player plugin) -- C:\Users\lasjak\AppData\Roaming\Mozilla\Firefox\Profiles\e20tad8q.default\extensions\player@vividas.com
[2010/12/01 22:08:30 | 000,000,000 | ---D | M] (vShare) -- C:\Users\lasjak\AppData\Roaming\Mozilla\Firefox\Profiles\e20tad8q.default\extensions\vshare@toolbar
[2011/05/27 15:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/11 14:00:23 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/02/08 20:26:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
[2010/06/19 01:09:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/15 12:15:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/24 12:10:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\LASJAK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E20TAD8Q.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/06/27 01:37:05 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/21 12:26:44 | 000,197,224 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npVividasPlayer.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/03/22 20:15:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-569262600-3408741810-436485839-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Setwallpaper] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-569262600-3408741810-436485839-1000..\Run: [AQQ] C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.)
O4 - HKU\S-1-5-21-569262600-3408741810-436485839-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-569262600-3408741810-436485839-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab (Java Plug-in 1.5.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.233.233.233 87.204.204.204
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/12 18:27:18 | 000,000,434 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/16 06:16:54 | 000,000,000 | ---D | C] -- C:\FRST
[2011/07/15 21:59:14 | 000,000,000 | ---D | C] -- C:\Users\lasjak\AppData\Roaming\Malwarebytes
[2011/07/15 21:59:06 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/15 21:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/15 21:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/15 21:59:01 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/15 21:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/14 21:09:50 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011/07/14 18:24:47 | 000,000,000 | ---D | C] -- C:\bd_logs
[2011/07/11 14:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/29 08:22:43 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/29 08:22:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/06/29 08:22:41 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/06/29 08:22:41 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/06/29 08:22:40 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/06/29 08:22:40 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/06/29 08:22:39 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/06/29 08:22:39 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/06/29 08:22:38 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/06/29 08:22:38 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/06/29 08:22:38 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/06/29 08:22:38 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/06/29 08:22:37 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/06/29 08:22:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/06/29 08:22:37 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/06/29 08:22:36 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/03/04 18:13:03 | 000,121,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/15 22:19:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 22:19:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 22:17:54 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/15 22:17:54 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/15 22:17:54 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/15 22:15:41 | 000,001,269 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/07/15 22:15:40 | 000,002,104 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/07/15 22:12:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/15 22:12:12 | 3193,716,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/15 21:59:06 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/15 21:48:07 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-569262600-3408741810-436485839-1000UA.job
[2011/07/15 21:28:09 | 000,487,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/11 01:15:22 | 000,007,598 | ---- | M] () -- C:\Users\lasjak\AppData\Local\Resmon.ResmonCfg
[2011/07/08 07:46:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-569262600-3408741810-436485839-1000Core.job
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/27 01:37:33 | 000,002,050 | ---- | M] () -- C:\Users\lasjak\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/26 19:39:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/17 08:57:55 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/15 21:59:06 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/13 10:26:38 | 000,000,434 | ---- | C] () -- C:\autorun.inf
[2011/06/17 08:57:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/17 08:57:55 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/11 14:13:25 | 000,000,388 | ---- | C] () -- C:\Windows\AIM_RACE_STUDIO.INI
[2011/05/11 14:12:41 | 000,000,023 | ---- | C] () -- C:\Windows\AIM_LANGUAGE.INI
[2011/05/11 14:12:39 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll
[2011/03/04 18:13:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/04 18:13:02 | 002,600,448 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/03/04 18:13:01 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/04 18:13:01 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/04 18:13:00 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/26 09:41:23 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/01 18:28:13 | 000,235,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/01 18:27:54 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/09/01 18:27:54 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/07/25 12:41:41 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/07/03 10:15:02 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/07/03 10:15:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/07/03 10:15:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/07/03 10:15:02 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/07/03 10:15:02 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/07/03 10:15:02 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/07/03 10:15:02 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/07/03 10:15:02 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/07/03 10:15:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/07/03 10:15:02 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/07/03 10:15:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/07/03 10:15:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/07/03 10:15:02 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/07/03 10:15:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/07/03 10:15:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/07/03 10:15:02 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/07/03 10:15:02 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/07/03 10:15:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/07/03 10:15:02 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/06/30 20:22:28 | 000,000,600 | ---- | C] () -- C:\Users\lasjak\AppData\Local\PUTTY.RND
[2010/06/28 17:27:13 | 000,000,600 | ---- | C] () -- C:\Users\lasjak\AppData\Roaming\winscp.rnd
[2010/06/23 08:14:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/18 08:12:40 | 000,007,598 | ---- | C] () -- C:\Users\lasjak\AppData\Local\Resmon.ResmonCfg
[2010/06/18 04:52:08 | 000,003,584 | ---- | C] () -- C:\Users\lasjak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 22:48:37 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010/02/20 22:29:46 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/10/26 05:38:20 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/08/19 10:33:09 | 000,018,432 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/28 22:04:11 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/28 22:04:11 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/28 22:04:11 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/28 22:04:11 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/12/02 04:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2006/05/19 05:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:15024E60
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B88E99C8

< End of report >

Content of Extras.txt:

OTL Extras logfile created on: 7/15/2011 10:33:54 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = D:\downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 49.96% Memory free
7.93 Gb Paging File | 5.54 Gb Available in Paging File | 69.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 2.10 Gb Free Space | 1.80% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 16.83 Gb Free Space | 5.03% Space Free | Partition Type: NTFS

Computer Name: LASJAK-PC | User Name: lasjak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-569262600-3408741810-436485839-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4E2D1823-C889-4CA9-9BB2-08E962A5E735}" = MySQL Server 5.5
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CC95E3FF-822B-47CD-9B4D-C89536615461}" = Oracle VM VirtualBox 3.2.8
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"ASUS WebStorage" = ASUS WebStorage
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"USB 2.0 UVC 0.3M WebCam" = USB 2.0 UVC 0.3M WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3248F0A8-6813-11D6-A77B-00B0D0150210}" = J2SE Runtime Environment 5.0 Update 21
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39090871-9464-4DFC-900C-18AFA3102770}}_is1" = netKar PRO v1.2 B
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7E688166-B7D0-44A1-A1C8-739D4AD6D3D6}}_is1" = netKar PRO v1.3 Beta1
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110304260}" = Island Wars 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0415-1000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B149B9A2-3FA8-40ED-866F-C08BB56BFD81}" = Express Gate
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C09EDA0B-0F8A-4F02-8922-43247E695F0F}" = RACE STUDIO 2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.22beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AQQ" = WapSter AQQ
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS_UL_Series_Screensaver" = ASUS_UL_Series_Screensaver
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Chessmaster 9000_is1" = Chessmaster 9000
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CommandosAmmo Pack_is1" = CommandosAmmo Pack
"Edraw Max_is1" = Edraw Max 5.6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GameSpy Arcade" = GameSpy Arcade
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"ipla" = ipla 2.1.5
"Jagged Alliance_is1" = Jagged Alliance
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"MDK_is1" = MDK
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"TrueCrypt" = TrueCrypt
"Veetle TV" = Veetle TV 0.9.18
"Weka 3.6.2" = Weka 3.6.2
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-569262600-3408741810-436485839-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2011 9:35:55 AM | Computer Name = lasjak-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.1.0.112, time stamp:
0x4d4037c2 Faulting module name: Skype.exe, version: 5.1.0.112, time stamp: 0x4d4037c2
Exception
code: 0xc0000005 Fault offset: 0x006c0355 Faulting process id: 0xf50 Faulting application
start time: 0x01cc1c72f4ef3637 Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Faulting
module path: C:\Program Files (x86)\Skype\Phone\Skype.exe Report Id: 3eedc062-8866-11e0-824b-0025d3ade64e

Error - 5/27/2011 9:40:37 AM | Computer Name = lasjak-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.1.0.112, time stamp:
0x4d4037c2 Faulting module name: Skype.exe, version: 5.1.0.112, time stamp: 0x4d4037c2
Exception
code: 0xc0000005 Fault offset: 0x006c0355 Faulting process id: 0x16a8 Faulting application
start time: 0x01cc1c73a7045564 Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Faulting
module path: C:\Program Files (x86)\Skype\Phone\Skype.exe Report Id: e6e7fc7b-8866-11e0-824b-0025d3ade64e

Error - 5/30/2011 1:06:18 PM | Computer Name = lasjak-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/30/2011 1:06:19 PM | Computer Name = lasjak-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\WapSter\wapster
aqq\System\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\WapSter\wapster
aqq\System\DelZip179.dll" on line 8. The value "*" of attribute "language" in element
"assemblyIdentity" is invalid.

Error - 6/1/2011 4:47:45 AM | Computer Name = lasjak-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/1/2011 4:47:47 AM | Computer Name = lasjak-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\WapSter\wapster
aqq\System\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\WapSter\wapster
aqq\System\DelZip179.dll" on line 8. The value "*" of attribute "language" in element
"assemblyIdentity" is invalid.

Error - 6/4/2011 7:21:13 PM | Computer Name = lasjak-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nks.exe, version: 0.0.0.0, time stamp:
0x4d5e40b7 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x0002e39e Faulting process id:
0x2b0 Faulting application start time: 0x01cc230e13d80a2b Faulting application path:
D:\nkpro13\nks.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id:
5635e24b-8f01-11e0-aca2-0025d3ade64e

Error - 6/7/2011 11:53:49 AM | Computer Name = lasjak-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AQQ.exe, version: 2.2.4.70, time stamp:
0x4db66cf0 Faulting module name: AQQ.exe, version: 2.2.4.70, time stamp: 0x4db66cf0
Exception
code: 0xc0000005 Fault offset: 0x00270273 Faulting process id: 0x3bc Faulting application
start time: 0x01cc24dc00fe5e1e Faulting application path: C:\Program Files (x86)\WapSter\WapSter
AQQ\AQQ.exe Faulting module path: C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe
Report
Id: 55372e9b-911e-11e0-8279-0025d3ade64e

Error - 6/7/2011 11:58:32 AM | Computer Name = lasjak-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AQQ.exe, version: 2.2.4.70, time stamp:
0x4db66cf0 Faulting module name: AQQ.exe, version: 2.2.4.70, time stamp: 0x4db66cf0
Exception
code: 0xc0000005 Fault offset: 0x00270273 Faulting process id: 0x514 Faulting application
start time: 0x01cc252b1ba3ae1e Faulting application path: C:\Program Files (x86)\WapSter\WapSter
AQQ\AQQ.exe Faulting module path: C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe
Report
Id: fddbf852-911e-11e0-8279-0025d3ade64e

Error - 6/8/2011 1:50:38 AM | Computer Name = lasjak-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.3.0.116, time stamp:
0x4ddea058 Faulting module name: Skype.exe, version: 5.3.0.116, time stamp: 0x4ddea058
Exception
code: 0xc0000005 Fault offset: 0x005ddd98 Faulting process id: 0xd74 Faulting application
start time: 0x01cc259fdfff7f8d Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Faulting
module path: C:\Program Files (x86)\Skype\Phone\Skype.exe Report Id: 3c4ec525-9193-11e0-9c59-0025d3ade64e

[ OSession Events ]
Error - 1/2/2011 7:40:59 AM | Computer Name = lasjak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/20/2011 6:57:17 PM | Computer Name = lasjak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/30/2011 4:15:41 AM | Computer Name = lasjak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/18/2011 11:50:25 AM | Computer Name = lasjak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/12/2011 7:07:44 AM | Computer Name = lasjak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/12/2011 7:47:31 AM | Computer Name = lasjak-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 7/12/2011 7:47:32 AM | Computer Name = lasjak-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 7/12/2011 11:49:42 AM | Computer Name = lasjak-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 7/12/2011 12:01:33 PM | Computer Name = lasjak-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 7/15/2011 3:28:12 PM | Computer Name = lasjak-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:23:26 PM on ?7/?12/?2011 was unexpected.

Error - 7/15/2011 3:29:15 PM | Computer Name = lasjak-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 7/15/2011 3:37:05 PM | Computer Name = lasjak-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 7/15/2011 4:13:01 PM | Computer Name = lasjak-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 7/15/2011 4:27:05 PM | Computer Name = lasjak-PC | Source = bowser | ID = 8003
Description =

Error - 7/15/2011 4:30:32 PM | Computer Name = lasjak-PC | Source = BROWSER | ID = 8032
Description =


< End of report >

#12 lasjak

lasjak
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 16 July 2011 - 01:31 AM

ESET log file:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Plus ESET scan results:
C:\autorun.inf INF/Autorun virus deleted - quarantined
C:\FRST\Quarantine\spoolsv.exe a variant of Win32/Injector.HSZ trojan cleaned by deleting - quarantined
C:\tmp\autorun.inf INF/Autorun virus deleted - quarantined

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:43 AM

Posted 16 July 2011 - 05:54 AM

ESET found the trojan we moved to the Quarantine folder of FRST tool and the autorun.inf virus.

  • Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    • Please follow these steps to remove older version Java components and update:[list]
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "JDK 6 Update 26 (JDK or JRE)".
    • Click the "Download JRE" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
    • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
    -- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
    To disable the JQS service if you don't want to use it:
    • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    • Click Ok and reboot your computer.
  • Also tell me how is the computer running.


#14 lasjak

lasjak
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 17 July 2011 - 02:52 PM

I've updated my Java and the computer's running ok. A bit slow, but I still have Anti-malware software running along with MSE, so that's something I'd expect. Is there anything else I should do?

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:43 AM

Posted 17 July 2011 - 02:59 PM

It looks good. :thumbup2:

  • Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.
  • Please run OTL.
    • Click Clean Up button.
    • Accept any prompts.
    • This will remove OTL, and will require a reboot.
  • You delete any log from your your computer.
  • Remove the old restore points and create a new restore point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Setting a new restore point AFTER cleaning your system will enable your computer to "roll-back" to a clean working state if needed. :
    • Go to Start => Right-click "Computer" and select "Properties".
    • In the left pane select "System Protection".
    • Press "Configure".
    • Select "Delete". Then press "Continue" close and "OK".
    • Select your drive (drive C) and press "Create".
      Fill in a name for the restore point and press "Create".
      After finished press "Close".
Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • Download and install it.
  • Update it manually by clicking on Updates in the left pane and then Check for Updates.
  • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
  • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.
Happy Surfing lasjak.:)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users