Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects / Windows Security Center Cannot be Enbaled


  • This topic is locked This topic is locked
11 replies to this topic

#1 Teh Giggles

Teh Giggles

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 27 July 2011 - 07:10 PM

!!!NOTICE!!! I will be on vacation between August 1 and August 7 2011! So please don't delete my post thinking I'm inactive for no reason! Thank you!

Hello there!

1) I got a virus recently which disables (or at least that's what I think it's doing) "Windows Security Center". I've tried re-enabling it by opening up services, scrolling down to "Security Center", and once opened, I select the "automatic" option, click apply and then click start. Unfortunately, seconds later, I get a message saying (at the bottom right corner of the screen from "Windows Action Center") that the Security Center is disabled.

2) I used the Avast! quick scan, the Malwarebytes quick scan, and the AntiSpyware quick scan, and neither one of them detected a virus. However, when I used Spybot, it detects the following:

Microsoft.WindowsSecurityCenter_disabled:

[SBI $2E20C9A9] Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start (is not) W=2

[SBI $2E20C9A9] Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start (is not) W=2 (64 bit)

I then proceed to click on "Fix selected problems", which, unfortunately, does not work.

3) In addition to disabling the Security Center, it also appears to have hijacked my Internet browser (Firefox 5.0 with NoScript enabled). Sometimes, when I click on a website link, it either redirects me back to the Google home page, or sends me to different video sharing websites. Thankfully it hasn't sent me to any advertising sites, or even explicit sex ones for that matter.

4) I've also tried using "SmitFraudFix", which someone suggested using on another forum (to someone else with the same issue), however that didn't work either.

5) I was going to use a "system restore point", but it appears that I've never even created one, so that too is out of the question.

6) I'm trying to stay away from the last resort, which in my case is reformatting the computer, because I have no external hard drive, and I have close to 600 gigs in use at the moment.

7) I posted this very topic in the "Am I infected?" forum (see link below), however the generous and kind Moderator (Jason) was not able to help me unfortunately, and therefore sent me here. (I really appreciated his help though)

http://www.bleepingcomputer.com/forums/topic411257.html

8) I tried using the GMER program 3 times, however it didn't work. I then read that it does not work on 64 bit versions of Windows, which is my case.

9) I also tried using TDSSKiller, but that too didn't work.

10) I've also cleared my Java cache, and still get the problem. Both Firefox and IE redirect my searches. (Either back to Google or http://www.videobash.com/video_play?utm_source=chad_new_source&utm_medium=PT&utm_campaign=chad_new_source-shortvideopage) It's a another video sharing website. Also, my connection seems to be getting slower and slower. However, I have another computer on the same network, but that one works perfectly fine.

Also, I'm using Windows 7 Home Premium (64 bit), and when I used all of the aforementioned programs, I made sure I ran them as an administrator.

If there's any other information (or logs) I can share, please let me know.

Thanks for taking the time to look at my problem. I really really appreciate it! :)

- Giggles
____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

DDS LOG

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
Run by Lucas at 19:45:10 on 2011-07-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.8183.5699 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
svchost.exe
C:\Windows\system32\taskhost.exe
svchost.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
svchost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Super Anti Spyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Security Tools\Avast5\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Firefox\firefox.exe
svchost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [ccleaner] "C:\Security Tools\CCleaner\CCleaner64.exe" /AUTO
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\Super Anti Spyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [avast5] "C:\Security Tools\Avast5\avastUI.exe" /nogui
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4CBC6D9A-E060-40F2-97FD-8710BA9D2F12} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [avast5] "C:\Security Tools\Avast5\avastUI.exe" /nogui
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce-x64: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\q0zjsw2h.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\q0zjsw2h.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\Super Anti Spyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\Super Anti Spyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files (x86)\Super Anti Spyware\SASCore64.exe [2011-5-4 128384]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-1-15 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Security Tools\Avast5\AvastSvc.exe [2011-7-23 42184]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-14 656624]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-7-22 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-7-22 487280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-20 1153368]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-26 03:42:02 -------- d-----w- C:\Users\Lucas\AppData\Roaming\SUPERAntiSpyware.com
2011-07-26 03:42:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-26 03:41:59 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-26 03:41:41 -------- d-----w- C:\Program Files (x86)\Super Anti Spyware
2011-07-24 03:49:06 3638 ----a-w- C:\Windows\SysWow64\tmp.reg
2011-07-23 17:16:53 -------- d-----w- C:\ProgramData\Corel Painter 12
2011-07-23 17:02:01 -------- d-----w- C:\Users\Lucas\AppData\Local\Google
2011-07-23 17:01:57 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-07-23 17:01:57 -------- d-----w- C:\Users\Lucas\AppData\Local\Conduit
2011-07-23 17:01:05 -------- d-----w- C:\Users\Lucas\AppData\Roaming\uTorrent
2011-07-23 16:51:48 64512 --sha-r- C:\Windows\SysWow64\findstrk.dll
2011-07-22 23:36:17 749936 ----a-w- C:\Windows\System32\Pen_Touch_Tablet.dll
2011-07-22 23:36:17 642928 ----a-w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
2011-07-22 23:36:13 18288 ----a-w- C:\Windows\System32\drivers\wacmoumonitor.sys
2011-07-22 23:35:43 -------- d-----w- C:\Program Files\Tablet
2011-07-22 18:32:51 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0D4AFDC7-FD04-4C11-974D-AA780AA5BE22}\mpengine.dll
2011-07-14 00:19:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-12 03:41:27 -------- d-----w- C:\Users\Lucas\AppData\Local\FalloutNV
2011-06-28 02:08:28 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
2011-06-28 02:08:28 4682 ----a-w- C:\Windows\SysWow64\npptNT2.sys
2011-06-28 02:08:22 -------- d-----w- C:\Program Files\Common Files\INCA Shared
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-04 11:36:56 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-04 11:32:24 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-06-23 01:39:13 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-06-23 01:39:13 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-06-23 01:36:18 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-06-20 19:03:42 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-22 22:25:18 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
.
============= FINISH: 19:47:02.96 ===============

Edited by Teh Giggles, 27 July 2011 - 07:45 PM.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:28 AM

Posted 06 August 2011 - 06:43 AM

Hi Teh Giggles!!.. :)

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Teh Giggles

Teh Giggles
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 09 August 2011 - 10:06 PM

Hi snemelk!

Here are the logs:
___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

MBAM LOG:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7423

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/08/2011 10:51:57 PM
mbam-log-2011-08-09 (22-51-57).txt

Scan type: Quick scan
Objects scanned: 176546
Time elapsed: 1 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

OTL.TXT LOG:

OTL logfile created on: 09/08/2011 10:54:19 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Lucas\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.99 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.40% Memory free
15.98 Gb Paging File | 13.80 Gb Available in Paging File | 86.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.35 Gb Total Space | 571.71 Gb Free Space | 62.05% Space Free | Partition Type: NTFS
Drive D: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GIGGLES | User Name: Lucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/09 22:52:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Security Tools\Avast5\AvastUI.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/09/18 18:10:26 | 000,335,600 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2009/09/17 15:06:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/05/26 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/09 22:52:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Security Tools\Avast5\snxhk.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/15 17:05:53 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/21 09:38:38 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2010/10/21 09:38:38 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/05/26 18:54:34 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/03/31 18:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2011/08/07 23:09:24 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Security Tools\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/22 18:25:18 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/04 13:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Stopped] -- C:\Program Files (x86)\Super Anti Spyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 23:49:40 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/14 22:49:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/09/17 15:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/06/26 13:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/15 17:05:47 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/15 17:05:43 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/12/15 17:05:43 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/15 17:05:41 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/12 14:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/24 22:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 12:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 12:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/09 18:40:26 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/09 18:36:30 | 001,707,776 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/06/05 21:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/04 20:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/02/16 15:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\Super Anti Spyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\Super Anti Spyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009/06/26 12:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/01/01 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/23 23:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/23 23:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Firefox\components [2011/07/27 20:39:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011/05/07 01:47:20 | 000,000,000 | ---D | M]

[2011/03/05 18:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Extensions
[2011/03/05 18:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/08/07 23:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\q0zjsw2h.default\extensions
[2011/05/22 16:22:11 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\q0zjsw2h.default\extensions\battlefieldplay4free@ea.com
[2011/03/05 18:37:37 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2011/03/05 18:37:37 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2011/03/05 18:37:37 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2011/03/05 18:37:37 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2011/03/05 18:37:37 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2011/03/05 18:37:37 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2011/03/05 18:37:37 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG

O1 HOSTS File: ([2011/07/24 21:43:28 | 000,436,657 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1activate.adobe.com
O1 - Hosts: 127.0.0.1practivate.adobe.com
O1 - Hosts: 127.0.0.1ereg.adobe.com
O1 - Hosts: 127.0.0.1activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1wip3.adobe.com
O1 - Hosts: 127.0.0.13dns-3.adobe.com
O1 - Hosts: 127.0.0.13dns-2.adobe.com
O1 - Hosts: 127.0.0.1adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1activate-sea.adobe.com
O1 - Hosts: 127.0.0.1wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 15025 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Security Tools\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DellSupportCenter] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Security Tools\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\Super Anti Spyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/11 20:21:22 | 000,000,055 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{137e73b6-888c-11e0-9572-a4badb020351}\Shell - "" = AutoRun
O33 - MountPoints2\{137e73b6-888c-11e0-9572-a4badb020351}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{b2b6702b-018f-11df-804e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b2b6702b-018f-11df-804e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Install.exe -- [2009/12/03 18:22:48 | 000,513,130 | R--- | M] (Adobe Systems, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/09 22:52:37 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe
[2011/07/27 19:36:43 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\Virus Related Programs
[2011/07/25 23:42:02 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/25 23:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/25 23:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/25 23:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/07/25 23:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Super Anti Spyware
[2011/07/23 23:47:47 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2011/07/23 23:47:47 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2011/07/23 23:47:47 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2011/07/23 23:47:47 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2011/07/23 23:47:47 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2011/07/23 23:47:47 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2011/07/23 23:47:47 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2011/07/23 23:47:47 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2011/07/23 23:47:47 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2011/07/23 23:47:47 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2011/07/23 23:47:47 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2011/07/23 13:38:05 | 311,767,568 | ---- | C] (Acresso Software Inc. ) -- C:\Users\Lucas\Desktop\CorelPainter12_TBYB_EN.exe
[2011/07/23 13:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel Painter 12
[2011/07/23 13:11:19 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\Corel.Painter.v12.0.0.502.Incl.Keymaker-CORE
[2011/07/23 13:02:01 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Google
[2011/07/23 13:01:57 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Conduit
[2011/07/23 13:01:05 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\uTorrent
[2011/07/22 19:36:17 | 000,749,936 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Touch_Tablet.dll
[2011/07/22 19:36:17 | 000,642,928 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
[2011/07/22 19:36:13 | 000,018,288 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys
[2011/07/22 19:36:13 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
[2011/07/22 19:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2011/07/22 15:11:49 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\WTablet
[2011/07/22 15:11:43 | 000,290,088 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Touch_Tablet.dll
[2011/07/22 15:11:43 | 000,245,032 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Touch_Tablet.dll
[2011/07/22 15:11:43 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\WTouch
[2011/07/22 15:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2011/07/22 15:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2011/07/22 15:11:19 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys
[2011/07/22 15:11:13 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys
[2011/07/22 15:11:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WTablet
[2011/07/22 15:11:08 | 000,506,736 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll
[2011/07/22 15:11:07 | 000,756,592 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.dll
[2011/07/22 15:11:07 | 000,650,096 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll
[2011/07/22 15:11:06 | 005,556,520 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.exe
[2011/07/22 15:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tablet
[2011/07/13 20:20:07 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/13 20:20:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 20:20:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 20:20:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 20:20:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 20:20:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 20:20:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 20:20:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 20:20:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 20:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 20:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 20:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 20:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 20:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 20:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 20:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 20:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 20:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 20:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 20:20:02 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/13 20:20:01 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/13 20:20:01 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/13 20:20:01 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/13 20:20:00 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/13 20:20:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/13 20:20:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/13 20:20:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/13 20:20:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/13 20:20:00 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/13 20:20:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/13 20:19:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/11 23:41:27 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\FalloutNV
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/09 22:52:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe
[2011/08/09 10:36:08 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 10:36:08 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 10:34:58 | 000,778,750 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/09 10:34:58 | 000,664,284 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/09 10:34:58 | 000,125,020 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/09 10:29:03 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\Zuhtrrqft.job
[2011/08/09 10:28:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/09 10:28:49 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/07 23:20:33 | 005,787,648 | ---- | M] () -- C:\Users\Lucas\Desktop\Back To Black.mp3
[2011/08/07 23:16:39 | 002,720,932 | ---- | M] () -- C:\Users\Lucas\Desktop\Love Grows Where My Rosemary Goes.mp3
[2011/08/07 23:15:49 | 004,128,768 | ---- | M] () -- C:\Users\Lucas\Desktop\Rock This Town.mp3
[2011/08/07 23:13:44 | 005,095,050 | ---- | M] () -- C:\Users\Lucas\Desktop\Evil Woman.mp3
[2011/07/31 23:04:09 | 183,765,660 | ---- | M] () -- C:\Users\Lucas\Desktop\Futurama.S06E20.All.the.Presidents.Heads.HDTV.XviD-FQM.avi
[2011/07/31 00:57:44 | 490,522,816 | ---- | M] () -- C:\Users\Lucas\Desktop\the thing.divx
[2011/07/27 20:39:53 | 000,001,745 | ---- | M] () -- C:\Users\Lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/26 02:34:00 | 002,916,141 | ---- | M] () -- C:\Users\Lucas\Desktop\The French Job.psd
[2011/07/26 02:33:57 | 000,635,737 | ---- | M] () -- C:\Users\Lucas\Desktop\The French Job.jpg
[2011/07/25 23:16:56 | 000,571,356 | ---- | M] () -- C:\Users\Lucas\Desktop\Untitled-1.jpg
[2011/07/25 20:06:34 | 000,501,594 | ---- | M] () -- C:\Users\Lucas\Desktop\Wtf.jpg
[2011/07/24 21:43:28 | 000,436,657 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/24 00:40:23 | 000,003,638 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2011/07/23 15:45:56 | 000,000,000 | RHS- | M] () -- C:\Windows\wininit.ini
[2011/07/23 13:42:15 | 311,767,568 | ---- | M] (Acresso Software Inc. ) -- C:\Users\Lucas\Desktop\CorelPainter12_TBYB_EN.exe
[2011/07/23 13:34:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/23 12:51:48 | 000,064,512 | RHS- | M] () -- C:\Windows\SysWow64\findstrk.dll
[2011/07/22 00:12:33 | 183,654,400 | ---- | M] () -- C:\Users\Lucas\Desktop\aaf-1wtd.s05e09.avi
[2011/07/21 23:04:44 | 183,889,920 | ---- | M] () -- C:\Users\Lucas\Desktop\1000.Ways.To.Die.S05E10.HDTV.XviD-aAF.avi
[2011/07/14 10:24:08 | 002,963,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/07 23:20:08 | 005,787,648 | ---- | C] () -- C:\Users\Lucas\Desktop\Back To Black.mp3
[2011/08/07 23:16:37 | 002,720,932 | ---- | C] () -- C:\Users\Lucas\Desktop\Love Grows Where My Rosemary Goes.mp3
[2011/08/07 23:15:40 | 004,128,768 | ---- | C] () -- C:\Users\Lucas\Desktop\Rock This Town.mp3
[2011/08/07 23:13:25 | 005,095,050 | ---- | C] () -- C:\Users\Lucas\Desktop\Evil Woman.mp3
[2011/07/31 23:01:49 | 183,765,660 | ---- | C] () -- C:\Users\Lucas\Desktop\Futurama.S06E20.All.the.Presidents.Heads.HDTV.XviD-FQM.avi
[2011/07/31 00:51:35 | 490,522,816 | ---- | C] () -- C:\Users\Lucas\Desktop\the thing.divx
[2011/07/27 20:39:34 | 000,000,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/26 02:01:53 | 000,635,737 | ---- | C] () -- C:\Users\Lucas\Desktop\The French Job.jpg
[2011/07/26 01:23:12 | 002,916,141 | ---- | C] () -- C:\Users\Lucas\Desktop\The French Job.psd
[2011/07/25 23:16:55 | 000,571,356 | ---- | C] () -- C:\Users\Lucas\Desktop\Untitled-1.jpg
[2011/07/25 20:06:32 | 000,501,594 | ---- | C] () -- C:\Users\Lucas\Desktop\Wtf.jpg
[2011/07/23 23:49:06 | 000,003,638 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2011/07/23 23:47:47 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2011/07/23 23:47:47 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2011/07/23 23:47:47 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2011/07/23 14:54:19 | 000,000,000 | RHS- | C] () -- C:\Windows\wininit.ini
[2011/07/23 12:51:48 | 000,064,512 | RHS- | C] () -- C:\Windows\SysWow64\findstrk.dll
[2011/07/23 12:51:48 | 000,000,302 | -HS- | C] () -- C:\Windows\tasks\Zuhtrrqft.job
[2011/07/22 15:10:59 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTabletUserDefaults.xml
[2011/07/22 00:09:50 | 183,654,400 | ---- | C] () -- C:\Users\Lucas\Desktop\aaf-1wtd.s05e09.avi
[2011/07/21 23:02:16 | 183,889,920 | ---- | C] () -- C:\Users\Lucas\Desktop\1000.Ways.To.Die.S05E10.HDTV.XviD-aAF.avi
[2011/06/26 02:47:01 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/26 21:45:15 | 000,002,120 | ---- | C] () -- C:\Users\Lucas\AppData\Local\rx_audio.Cache
[2011/05/26 21:45:15 | 000,000,072 | ---- | C] () -- C:\Users\Lucas\AppData\Local\rx_image32.Cache
[2011/05/13 20:22:30 | 000,757,150 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/08 23:01:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/15 17:05:48 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/05 00:43:02 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/03/03 15:12:56 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/02/07 13:06:51 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/01/25 20:06:01 | 000,280,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/01/25 20:05:59 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/01/25 20:05:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/01/15 00:39:42 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/01/15 00:39:42 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/01/15 00:38:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2010/01/15 00:32:30 | 000,026,046 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/08/09 10:28:49 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/08/09 10:28:58 | 4285,517,823 | -HS- | M] () -- C:\pagefile.sys
[2011/07/24 00:41:34 | 000,002,475 | ---- | M] () -- C:\rapport.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >
___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

EXTRAS.TXT LOG:

OTL Extras logfile created on: 09/08/2011 10:54:20 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Lucas\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.99 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.40% Memory free
15.98 Gb Paging File | 13.80 Gb Available in Paging File | 86.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.35 Gb Total Space | 571.71 Gb Free Space | 62.05% Space Free | Partition Type: NTFS
Drive D: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GIGGLES | User Name: Lucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8A70B027-4813-B42B-FF66-04E58417028A}" = ccc-utility64
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EEBAEA5A-07C3-22AD-1E2F-7482BE5C1582}" = ATI Catalyst Install Manager
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F61833FE-70D2-06F8-6A53-58BC8DCD0D6C}" = WMV9/VC-1 Video Playback
"{FA16AE79-DEFE-CEC4-9213-0CE361C8D627}" = ccc-utility64
"{FD53298A-4734-AFCB-B733-4C07776E589E}" = ccc-utility64
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"GCFScape_is1" = GCFScape 1.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pen Tablet Driver" = Bamboo
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{065FD621-FE29-F086-8B68-26C40F2568F6}" = CCC Help Spanish
"{07B0A8BD-DC56-9391-029D-901B537C0EE5}" = CCC Help Finnish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A4DBC25-3DD9-9503-24D9-268112B62076}" = CCC Help Hungarian
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1518157C-607B-2B60-B121-EAB7042C75AB}" = Skins
"{157AB353-60BB-E1A7-4E79-15C35655C694}" = CCC Help English
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{179C91E9-D9ED-D5CC-F0D8-9579DBDED8D6}" = CCC Help English
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B70920B-70FC-C906-623C-F366B0F7DB53}" = Catalyst Control Center InstallProxy
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E76329-0ED8-E755-2C14-07C80621DF7E}" = CCC Help Portuguese
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 25
"{27427D07-F798-0398-997C-525E982BF0BE}" = Catalyst Control Center Core Implementation
"{28A25B98-A2E9-89A5-FCF3-DF93B9564775}" = CCC Help Italian
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33B436A1-64C1-1726-2209-E69BF2DFE138}" = CCC Help Czech
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{38E45772-7CD6-8400-693C-1D268E6D1850}" = ccc-core-static
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44047051-85A6-83A1-0B76-0A4EF34F82B2}" = Catalyst Control Center Localization All
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{482A6D85-E279-9B0F-8D36-091F3B64B787}" = Catalyst Control Center Graphics Previews Common
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{4FB805E5-9716-C5D0-9114-65C78E3098DD}" = CCC Help Swedish
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A3B69A7-C63E-7F9B-55DD-CD65F7440FED}" = CCC Help Danish
"{5B1EF562-C533-9035-D6BB-7BD5C6D9DC3F}" = Catalyst Control Center Graphics Full Existing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63892687-346C-6868-029C-A1BCCCACC4C0}" = CCC Help Chinese Traditional
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6C3BF763-2CC5-2E20-4491-DF399C05C547}" = CCC Help Greek
"{6C8B53B9-41EE-AD83-007A-55EE64DE6932}" = Catalyst Control Center Graphics Previews Common
"{6F4ED9D9-0854-C415-7BD6-908380D81518}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8320F92E-6E12-FB6F-B7A7-2C37D86507C1}" = Catalyst Control Center InstallProxy
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{877335C1-A573-6B0B-9635-DFD043E4445A}" = CCC Help Norwegian
"{87788F6B-90DC-3702-E4E2-BAAC54F6DC06}" = Catalyst Control Center Graphics Previews Common
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EBA7A74-9CB9-1336-8F32-2E503E6D530F}" = CCC Help French
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90F1906E-C084-9499-DFC3-E8A191B1E259}" = Catalyst Control Center Graphics Light
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{934328D5-F05A-8749-2915-EDCBE9DBBC61}" = CCC Help Polish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{995C73F0-2853-45DF-030F-DFEEB000BC10}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2767DE2-385F-2A50-592F-FB7B041926DE}" = CCC Help Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4601B40-79E2-4E67-EB56-8A77B9D03839}" = CCC Help Dutch
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AACCF0A0-B426-9DA1-7900-7CDA55C674BE}" = CCC Help Korean
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B1AFAA4E-AE88-3B08-E40A-FB1D64F0F880}" = CCC Help Thai
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6C07454-A9BC-D101-1DA7-B41E95008200}" = CCC Help Turkish
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C2B9D3E1-B7FB-00FB-A14C-664B13174ED4}" = CCC Help Russian
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CF5DE1DD-F7E6-694D-1E82-84C7C9C9ABDB}" = Catalyst Control Center Graphics Previews Vista
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E41E6CB8-AD30-A818-EA5D-0C6A92E51D0C}" = CCC Help Japanese
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA8F8D1C-0565-BD71-BFC3-57A21E8AA6FD}" = Catalyst Control Center Graphics Previews Vista
"{EC409A8A-525C-3F44-5266-13FAE4E5BF7B}" = ccc-core-static
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7E64234-BF11-2AAF-D41F-BC78B050E663}" = CCC Help English
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9D65BA1-84C5-B4CB-91FE-D68F07ECBA24}" = ccc-core-static
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 5
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CamStudio" = CamStudio
"Celtx (2.9)" = Celtx (2.9)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Daniusoft DVD to iPod Suite_is1" = Daniusoft DVD to iPod Suite(Build 2.1.0.39)
"Daniusoft iPod Video Converter_is1" = Daniusoft iPod Video Converter(Build 2.3.3.1)
"Daniusoft Video to iPod Converter_is1" = Daniusoft Video to iPod Converter(Build 2.1.0.33)
"DivX Setup.divx.com" = DivX Setup
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Fraps" = Fraps
"GoToAssist" = GoToAssist 8.0.0.514
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"Magnifying Glass Pro_is1" = Magnifying Glass Pro 1.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"NewBlue Free Effects for Windows" = NewBlue Free Effects for Windows
"OpenAL" = OpenAL
"Pen Tablet Driver" = Bamboo
"PunkBusterSvc" = PunkBuster Services
"Steam App 10680" = Aliens vs. Predator
"Steam App 1250" = Killing Floor
"Steam App 17470" = Dead Space
"Steam App 18040" = DeathSpank
"Steam App 22380" = Fallout: New Vegas
"Steam App 22480" = GECK - New Vegas Edition
"Steam App 240" = Counter-Strike: Source
"Steam App 24980" = Mass Effect 2
"Steam App 300" = Day of Defeat: Source
"Steam App 33220" = Tom Clancy's Splinter Cell: Conviction
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 4000" = Garry's Mod
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"Steam App 8980" = Borderlands
"Steam App 9880" = Champions Online: Free For All
"VTFEdit_is1" = VTFEdit 1.2.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:28 AM

Posted 10 August 2011 - 06:23 AM

Hi again Teh Giggles!!.. :)

I see some entries in the logfiles indicating that you might be using pirated software:

Hosts: 127.0.0.1activate.adobe.com
[2011/07/23 13:11:19 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\Corel.Painter.v12.0.0.502.Incl.Keymaker-CORE

Please note that using cracks/keygens/pirated software is a very common way of getting your computer infected!!.. I can only recommend uninstalling all pirated software (if any) from your computer...

You do also have Spybot's TeaTimer running on Startup - this is not recommended, as your Avast! antivirus already protects your computer against spyware!.. Running two or more security programs of the same type in the resident mode can cause unwanted conflicts... Also, the protection TeaTimer offers is weak in comparison with Avast!...
I recommend you disable Spybot's TeaTimer - for help with that, see this thread: How to disable your security applications

Please do the following:

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Skytel] File not found
    [2011/07/23 12:51:48 | 000,064,512 | RHS- | C] () -- C:\Windows\SysWow64\findstrk.dll
    [2011/07/23 12:51:48 | 000,000,302 | -HS- | C] () -- C:\Windows\tasks\Zuhtrrqft.job
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly, after a reboot,
Right click this folder: c:\_OTL and choose: "Send to" --> "Compressed (zipped) Folder".
Upload that zipped folder for analysis: go to this site, click on Browse, and choose the zipped file, click Upload. Allow the file to be uploaded - wait till: The file has been uploaded! appears.

Thirdly,
Run a new scan with TDSSKiller:
  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 Teh Giggles

Teh Giggles
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 10 August 2011 - 09:38 PM

Hey Snemelk!

I deleted the folder with the pirated software. It was a keygen (shhhh, don't tell anyone :P), and I got the virus as I was searching for it...

That said, I uploaded the OTL folder like you asked. Also, when I performed a scan with TDSSKiller, nothing was found. Anyway, here are the logs!

___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

OTL LOG

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Skytel deleted successfully.
C:\Windows\SysWOW64\findstrk.dll moved successfully.
C:\Windows\Tasks\Zuhtrrqft.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lucas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1414725 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 48754358 bytes
->Flash cache emptied: 2615796 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 654616 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 579584 bytes

Total Files Cleaned = 52.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lucas
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08102011_221840

Files\Folders moved on Reboot...
C:\Users\Lucas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

TDSSKILLER LOG

2011/08/10 22:29:19.0031 3372 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/10 22:29:19.0265 3372 ================================================================================
2011/08/10 22:29:19.0265 3372 SystemInfo:
2011/08/10 22:29:19.0265 3372
2011/08/10 22:29:19.0265 3372 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/10 22:29:19.0265 3372 Product type: Workstation
2011/08/10 22:29:19.0265 3372 ComputerName: GIGGLES
2011/08/10 22:29:19.0265 3372 UserName: Lucas
2011/08/10 22:29:19.0265 3372 Windows directory: C:\Windows
2011/08/10 22:29:19.0265 3372 System windows directory: C:\Windows
2011/08/10 22:29:19.0265 3372 Running under WOW64
2011/08/10 22:29:19.0265 3372 Processor architecture: Intel x64
2011/08/10 22:29:19.0265 3372 Number of processors: 8
2011/08/10 22:29:19.0265 3372 Page size: 0x1000
2011/08/10 22:29:19.0265 3372 Boot type: Normal boot
2011/08/10 22:29:19.0265 3372 ================================================================================
2011/08/10 22:29:19.0546 3372 Initialize success
2011/08/10 22:29:29.0015 3432 ================================================================================
2011/08/10 22:29:29.0015 3432 Scan started
2011/08/10 22:29:29.0015 3432 Mode: Manual;
2011/08/10 22:29:29.0015 3432 ================================================================================
2011/08/10 22:29:29.0327 3432 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/10 22:29:29.0374 3432 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/10 22:29:29.0405 3432 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/10 22:29:29.0483 3432 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/10 22:29:29.0530 3432 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/10 22:29:29.0577 3432 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/10 22:29:29.0655 3432 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/10 22:29:29.0702 3432 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/10 22:29:29.0733 3432 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/10 22:29:29.0764 3432 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/10 22:29:29.0780 3432 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/10 22:29:29.0920 3432 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/10 22:29:30.0107 3432 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/10 22:29:30.0138 3432 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/10 22:29:30.0185 3432 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/08/10 22:29:30.0232 3432 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/10 22:29:30.0263 3432 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/08/10 22:29:30.0310 3432 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/10 22:29:30.0357 3432 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/10 22:29:30.0404 3432 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/10 22:29:30.0482 3432 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys
2011/08/10 22:29:30.0544 3432 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
2011/08/10 22:29:30.0606 3432 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys
2011/08/10 22:29:30.0731 3432 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
2011/08/10 22:29:30.0809 3432 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys
2011/08/10 22:29:30.0825 3432 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys
2011/08/10 22:29:30.0872 3432 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/10 22:29:30.0887 3432 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/10 22:29:30.0934 3432 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
2011/08/10 22:29:31.0012 3432 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
2011/08/10 22:29:31.0043 3432 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
2011/08/10 22:29:31.0199 3432 atikmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/10 22:29:31.0293 3432 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/10 22:29:31.0340 3432 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/10 22:29:31.0386 3432 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/10 22:29:31.0449 3432 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/10 22:29:31.0542 3432 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/10 22:29:31.0589 3432 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/10 22:29:31.0652 3432 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/10 22:29:31.0698 3432 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/10 22:29:31.0730 3432 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/10 22:29:31.0761 3432 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/10 22:29:31.0776 3432 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/10 22:29:31.0808 3432 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/10 22:29:31.0854 3432 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/10 22:29:31.0886 3432 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/10 22:29:31.0917 3432 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/10 22:29:31.0948 3432 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/10 22:29:31.0995 3432 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/10 22:29:32.0010 3432 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/10 22:29:32.0042 3432 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/10 22:29:32.0057 3432 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/10 22:29:32.0088 3432 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/10 22:29:32.0104 3432 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/10 22:29:32.0166 3432 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/10 22:29:32.0213 3432 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/10 22:29:32.0244 3432 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/10 22:29:32.0276 3432 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/10 22:29:32.0322 3432 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/10 22:29:32.0416 3432 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/10 22:29:32.0510 3432 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/10 22:29:32.0525 3432 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/10 22:29:32.0572 3432 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/10 22:29:32.0603 3432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/10 22:29:32.0634 3432 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/10 22:29:32.0666 3432 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/10 22:29:32.0697 3432 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/10 22:29:32.0728 3432 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/10 22:29:32.0759 3432 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/10 22:29:32.0775 3432 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/10 22:29:32.0806 3432 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/10 22:29:32.0837 3432 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/10 22:29:32.0853 3432 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/10 22:29:32.0900 3432 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/10 22:29:32.0978 3432 HCW85BDA (f4d716d26950f6e3cc5dd5ee025c4853) C:\Windows\system32\drivers\HCW85BDA.sys
2011/08/10 22:29:33.0024 3432 hcw85cir (9662aa017cf1c4548331681ab590ee91) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/10 22:29:33.0071 3432 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/10 22:29:33.0087 3432 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/10 22:29:33.0118 3432 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/10 22:29:33.0134 3432 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/10 22:29:33.0180 3432 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/10 22:29:33.0212 3432 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/10 22:29:33.0243 3432 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/10 22:29:33.0274 3432 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/10 22:29:33.0305 3432 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/10 22:29:33.0336 3432 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/10 22:29:33.0383 3432 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/08/10 22:29:33.0430 3432 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/10 22:29:33.0508 3432 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/10 22:29:33.0555 3432 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/10 22:29:33.0570 3432 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/10 22:29:33.0617 3432 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/10 22:29:33.0680 3432 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/10 22:29:33.0695 3432 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/10 22:29:33.0726 3432 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/10 22:29:33.0742 3432 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/10 22:29:33.0758 3432 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/10 22:29:33.0789 3432 JRAID (71235f7baa7e5e79d38157df7a0f806a) C:\Windows\system32\DRIVERS\jraid.sys
2011/08/10 22:29:33.0804 3432 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/10 22:29:33.0820 3432 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/10 22:29:33.0851 3432 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/10 22:29:33.0882 3432 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/10 22:29:33.0898 3432 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/10 22:29:33.0976 3432 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/08/10 22:29:34.0007 3432 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/10 22:29:34.0070 3432 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/08/10 22:29:34.0101 3432 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/10 22:29:34.0116 3432 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/10 22:29:34.0148 3432 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/10 22:29:34.0163 3432 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/10 22:29:34.0179 3432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/10 22:29:34.0210 3432 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/10 22:29:34.0226 3432 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/10 22:29:34.0257 3432 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/10 22:29:34.0272 3432 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/10 22:29:34.0288 3432 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/10 22:29:34.0335 3432 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/10 22:29:34.0366 3432 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/10 22:29:34.0397 3432 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/10 22:29:34.0413 3432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/10 22:29:34.0444 3432 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/10 22:29:34.0475 3432 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/10 22:29:34.0522 3432 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/10 22:29:34.0538 3432 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/10 22:29:34.0569 3432 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/10 22:29:34.0584 3432 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/10 22:29:34.0616 3432 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/10 22:29:34.0631 3432 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/10 22:29:34.0662 3432 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/10 22:29:34.0694 3432 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/10 22:29:34.0725 3432 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/10 22:29:34.0740 3432 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/10 22:29:34.0772 3432 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/10 22:29:34.0803 3432 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/10 22:29:34.0834 3432 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/10 22:29:34.0850 3432 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/10 22:29:34.0850 3432 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/10 22:29:34.0896 3432 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/10 22:29:34.0928 3432 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/10 22:29:34.0974 3432 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/10 22:29:35.0006 3432 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/10 22:29:35.0037 3432 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/10 22:29:35.0052 3432 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/10 22:29:35.0068 3432 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/10 22:29:35.0099 3432 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/10 22:29:35.0130 3432 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/10 22:29:35.0177 3432 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/10 22:29:35.0208 3432 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/10 22:29:35.0255 3432 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/10 22:29:35.0318 3432 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/08/10 22:29:35.0364 3432 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/10 22:29:35.0396 3432 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/08/10 22:29:35.0442 3432 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/08/10 22:29:35.0489 3432 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/10 22:29:35.0520 3432 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/10 22:29:35.0552 3432 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/10 22:29:35.0583 3432 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/10 22:29:35.0630 3432 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2011/08/10 22:29:35.0645 3432 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/10 22:29:35.0676 3432 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/10 22:29:35.0692 3432 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/10 22:29:35.0708 3432 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/10 22:29:35.0754 3432 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/10 22:29:35.0832 3432 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/10 22:29:35.0864 3432 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/10 22:29:35.0895 3432 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/10 22:29:35.0942 3432 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/08/10 22:29:35.0988 3432 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/10 22:29:36.0051 3432 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/10 22:29:36.0082 3432 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/10 22:29:36.0098 3432 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/10 22:29:36.0129 3432 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/10 22:29:36.0144 3432 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/10 22:29:36.0176 3432 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/10 22:29:36.0191 3432 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/10 22:29:36.0222 3432 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/10 22:29:36.0238 3432 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/10 22:29:36.0269 3432 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/10 22:29:36.0285 3432 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/10 22:29:36.0316 3432 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/10 22:29:36.0332 3432 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/10 22:29:36.0363 3432 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/08/10 22:29:36.0425 3432 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/10 22:29:36.0472 3432 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
2011/08/10 22:29:36.0503 3432 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/08/10 22:29:36.0597 3432 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files (x86)\Super Anti Spyware\SASDIFSV64.SYS
2011/08/10 22:29:36.0612 3432 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files (x86)\Super Anti Spyware\SASKUTIL64.SYS
2011/08/10 22:29:36.0628 3432 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/10 22:29:36.0690 3432 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/10 22:29:36.0722 3432 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/10 22:29:36.0768 3432 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/10 22:29:36.0784 3432 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/10 22:29:36.0815 3432 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/10 22:29:36.0862 3432 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/10 22:29:36.0878 3432 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/10 22:29:36.0893 3432 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/10 22:29:36.0909 3432 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/10 22:29:36.0924 3432 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/10 22:29:36.0940 3432 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/10 22:29:36.0987 3432 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/10 22:29:37.0002 3432 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/10 22:29:37.0065 3432 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/10 22:29:37.0096 3432 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/10 22:29:37.0143 3432 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/10 22:29:37.0190 3432 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/10 22:29:37.0221 3432 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/10 22:29:37.0314 3432 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/08/10 22:29:37.0361 3432 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/10 22:29:37.0392 3432 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/10 22:29:37.0408 3432 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/10 22:29:37.0424 3432 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/10 22:29:37.0439 3432 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/10 22:29:37.0455 3432 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/10 22:29:37.0502 3432 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/10 22:29:37.0533 3432 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/10 22:29:37.0564 3432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/10 22:29:37.0595 3432 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/10 22:29:37.0626 3432 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/10 22:29:37.0642 3432 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/10 22:29:37.0673 3432 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/10 22:29:37.0720 3432 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/10 22:29:37.0767 3432 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/10 22:29:37.0798 3432 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/10 22:29:37.0876 3432 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/10 22:29:37.0907 3432 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/10 22:29:38.0016 3432 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/08/10 22:29:38.0048 3432 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/10 22:29:38.0094 3432 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/10 22:29:38.0126 3432 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/10 22:29:38.0172 3432 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/10 22:29:38.0188 3432 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/10 22:29:38.0219 3432 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/10 22:29:38.0235 3432 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/10 22:29:38.0266 3432 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/10 22:29:38.0282 3432 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/10 22:29:38.0313 3432 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/10 22:29:38.0328 3432 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/10 22:29:38.0360 3432 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/10 22:29:38.0375 3432 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/10 22:29:38.0422 3432 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/10 22:29:38.0453 3432 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/08/10 22:29:38.0484 3432 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/08/10 22:29:38.0516 3432 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/10 22:29:38.0516 3432 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/08/10 22:29:38.0547 3432 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/10 22:29:38.0562 3432 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/10 22:29:38.0609 3432 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/10 22:29:38.0640 3432 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/10 22:29:38.0703 3432 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/10 22:29:38.0718 3432 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/08/10 22:29:38.0750 3432 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/10 22:29:38.0843 3432 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/10 22:29:38.0874 3432 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/10 22:29:38.0937 3432 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/10 22:29:38.0984 3432 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/10 22:29:38.0999 3432 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/10 22:29:39.0030 3432 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/08/10 22:29:39.0046 3432 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/08/10 22:29:39.0077 3432 Boot (0x1200) (1e9bdd4e29a74c2f3fb87fc0b308c509) \Device\Harddisk0\DR0\Partition0
2011/08/10 22:29:39.0093 3432 Boot (0x1200) (5762b76912455d39469f826fa179f85e) \Device\Harddisk0\DR0\Partition1
2011/08/10 22:29:39.0093 3432 Boot (0x1200) (e7984dbfb564bc8fd27e838773b2e701) \Device\Harddisk1\DR1\Partition0
2011/08/10 22:29:39.0108 3432 ================================================================================
2011/08/10 22:29:39.0108 3432 Scan finished
2011/08/10 22:29:39.0108 3432 ================================================================================
2011/08/10 22:29:39.0108 1128 Detected object count: 0
2011/08/10 22:29:39.0108 1128 Actual detected object count: 0
2011/08/10 22:29:50.0559 1616 Deinitialize success

___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:28 AM

Posted 11 August 2011 - 05:56 AM

Hi again Teh Giggles!!.. :)

Thank you for the upload!!.. The file is already detected by MBAM, Eset and Avira...

It looks good - please let me know what problem remains!..

...and I got the virus as I was searching for it...

Yep, with this particular infection, I suppose that around 80-90% of victims' computers got infected when searching for or using crack/keygens... Lesson learned!!..


Also, please do the following:

Firstly,
Run services.msc - refer to this tutorial: How to Start or Disable Services in Windows 7

Scroll down to the Security Center Service, right-click it and choose Properties, change the "Startup type" to: Automatic (Delayed Start); confirm by clicking Apply and OK...

Secondly,
We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 9.1.2 first):
Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

- Java

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java™ 6 Update 14 (64-bit)
Java™ 6 Update 25


Then,
  • Download the latest version of Java Runtime Environment (JRE) 7.
  • Scroll down to where it says Java Platform, Standard Edition / "Java SE 7".
  • Click the Download button under "JRE".
  • In the Window that opens, check the box that says: "Accept License Agreement".
  • Click on the link: jre-7-windows-i586.exe to download an offline installer for Windows x86. Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your Desktop double-click on the file that you've downloaded to install the newest version.

If you wish to use Java on a 64bit browser as well, you can also download and install a version for a Windows x64 system...

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

- Avast! - as far as I can see, you currently use version 5.0 of Avast! antivirus... There is a new version available for some time now - 6.0, with additional features, I recommend you upgrade the program: Download avast! Free Antivirus 6 ... The free version of Avast! is a very good security product, provides pretty good protection...

- after doing the updates above, please run Windows Update (Start --> All programs --> Windows Update) and install all important/critical updates!!.. This also includes Service Pack 1 (which may take a little time to install - at least half an hour)...
Keeping your system updated is very important!!.. Please also look at the recommended/optional updates list - I suggest you install those updates as well, this includes Internet Explorer 9.0 (even if you use Firefox on daily basis, it's a good idea to keep IE up-to-date as well)...

Finally, after the updates above,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 Teh Giggles

Teh Giggles
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 13 August 2011 - 05:45 PM

Hey Snemelk!

I followed every single step, and everything went smoothly! Also, the ESET scan found two threats. Once again, a keygen, but this one has been on my computer for a long time and hasn't caused me any problems. So is it actually a virus, or does the ESET scan program only see it as one?

Anyway, here's the log you requested!

___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

ESET LOG

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d9f270a7c1bbff4daa2dc8ef545a9692
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-13 10:25:12
# local_time=2011-08-13 06:25:12 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=9
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 64812920 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=379247
# found=2
# cleaned=2
# scan_time=4842
C:\Documents and Settings\Lucas\Documents\My Downloads\Sony Vegas 8 Keygen\SonyVegasKeygen.exe a variant of Win32/Keygen.AR application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08102011_221840\C_Windows\SysWOW64\findstrk.dll a variant of Win32/Kryptik.RLE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:28 AM

Posted 14 August 2011 - 05:01 AM

Hi Teh Giggles,

snemelk is currently on holiday so I'm covering his topics.

As you obviously know what a keygen is, I wouldn't be too worried. It looks like ESET doesn't like software piraters :P (tut tut).

How is your PC running, any odd symptoms left?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 Teh Giggles

Teh Giggles
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 14 August 2011 - 12:08 PM

Hi Casey_boy!

Yeah I guess ESET doesn't like them haha!

Anyway, my computer seems to be running well now. Websites aren't being redirected anymore, so I guess it's finally over!

It's a shame snemelk is on holiday. I wanted to thank him for all the help. I guess I'll PM him then.

That said, thank you very much for all the help. I really really really really really appreciate it, and couldn't stress that enough.

God bless you all, and have a great day! :)

Edited by Teh Giggles, 14 August 2011 - 12:09 PM.


#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:28 AM

Posted 14 August 2011 - 02:14 PM

Anyway, my computer seems to be running well now. Websites aren't being redirected anymore, so I guess it's finally over!


OK, great. I've given you some preventative tips and clean up steps below - please follow them.

It's a shame snemelk is on holiday. I wanted to thank him for all the help. I guess I'll PM him then


I'm sure he wont mind you PMing him, or he'll probably read this when he's back :)

:step1: We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

:step2: Below I have outlined a series of categories that outline how you can increase the security of your computer and help prevent reinfection. Please take the time to read through them and follow the advice given.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here).

Hiding Hidden Files
Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Purging System Restore Points
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
One of the most common questions found when cleaning Spyware or other Malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are going to sites that you are not practicing Safe Internet, you are not running the proper security software, and that your computer's security settings are set too low.

Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.

  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.

  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.

  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites

  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.

  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.

  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.

  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.

  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.

  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Make Internet Explorer more secure
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.


Regularly Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

Several good and free antispyware programs are available to download, I recommend that you install one in addition to your anti-virus program. Some examples are Malwarebytes AntiMalware and SuperAntiSpyware.

Install SpywareBlaster

SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 Teh Giggles

Teh Giggles
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 16 August 2011 - 09:21 PM

Hey Casey!

I did what you said and everything went smoothly. Also, I think my main problem was the fact that I ignored to update my anti-virus programs, as well as my operating system. From now on though, I'll make sure to update them regularly, or to do so when it tells me it needs to be updated. Lesson learnt indeed!

Thank you so much once again! I really appreciate it! :)

P.S. I ended up PMing Snemelk just in case!

Edited by Teh Giggles, 16 August 2011 - 09:22 PM.


#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:28 AM

Posted 17 August 2011 - 02:34 AM

No problem, glad we could help :thumbup2:

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Edited by Casey_boy, 17 August 2011 - 02:34 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users