Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus (rootkit?) causing Google Redirects


  • This topic is locked This topic is locked
41 replies to this topic

#1 ShoopDahWhoop

ShoopDahWhoop

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 01 February 2012 - 02:14 AM

Hello Guys,
I have had this problem for a few days now.
I'm using Windows 7 32-bit with Google Chrome.
I had the System Check virus about a week ago, which I removed with Norton Internet Security.
I'm not sure if it is that or another virus that is causing the current problem.
In the last few days, whenever I went to a Google search result, it redirected me to a malicious website.
I also had this problem a few months ago but it went away by itself.

Also when I was playing MW3, it had an error which is attached about a debugger being found.

TDSSKiller won't run after I open it.

Norton IS doesn't show anything.
I have run quick scans on MBAM which have shown some things at times but nothing at other times.
MSE has also revealed nothing.

Thanks in advance

PS: Sorry i don't know how to attach stuff.
http://imgur.com/F02YC (debugger problem)

Edit:
Attached DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.0.0
Run by DAVID at 18:22:39 on 2012-02-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1425 [GMT 11:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\a77613ed-1bf6-4516-ac52-86d6ed439041.com
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DAVID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bigseekpro.com/splitcam/{5A6C0966-BBBC-4251-9154-C3CADB15E37E}
uDefault_Page_URL = www.google.com/ig/redirectdomain?brand=LGEL&bmod=LGEL
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.bigseekpro.com/splitcam/{5A6C0966-BBBC-4251-9154-C3CADB15E37E}
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\19.5.0.145\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\19.5.0.145\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\splitcam db toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Splitcam DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\splitcam db toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\19.5.0.145\coIEPlg.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [fsm]
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [<NO NAME>]
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
mExplorerRun: [<NO NAME>] 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: commbank.com.au\www1.my
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{2E7E3B0B-A851-4280-9BC6-7E91EEC20FC8} : NameServer = 192.168.2.1
TCP: Interfaces\{32EDA3C6-783B-4542-9500-3B1AEF52C47F} : NameServer = 192.168.2.1
TCP: Interfaces\{71BC49AE-9BD0-4E8D-92A3-CBFAA510A265} : DhcpNameServer = 8.8.8.8 4.2.2.1
TCP: Interfaces\{D4C808B1-54E7-4484-984A-F11F8BC5BF66} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D4C808B1-54E7-4484-984A-F11F8BC5BF66}\26F6970226F697D27657563747 : DhcpNameServer = 210.0.128.242 210.0.255.216
TCP: Interfaces\{D4C808B1-54E7-4484-984A-F11F8BC5BF66}\4656661657C647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D4C808B1-54E7-4484-984A-F11F8BC5BF66}\9514D4D27657563747 : DhcpNameServer = 192.168.8.1 203.198.23.208 218.102.32.208
TCP: Interfaces\{D4C808B1-54E7-4484-984A-F11F8BC5BF66}\A4F696B6573507F647F5030323533464435373544483 : DhcpNameServer = 10.188.66.103 10.176.66.71
TCP: Interfaces\{DC270730-1768-48B4-A57C-0A91FD28BEBF} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-7-1 16024]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-7-13 51144]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1305000.091\symds.sys [2012-2-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1305000.091\symefa.sys [2012-2-1 905336]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-30 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-30 314456]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.0.0.128\definitions\bashdefs\20120121.002\BHDrvx86.sys [2012-1-21 820344]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys [2012-2-1 132744]
R1 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;c:\windows\system32\FreeOTFECypherAES_ltc.sys [2010-8-25 47216]
R1 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish;c:\windows\system32\FreeOTFECypherBlowfish.sys [2010-8-25 25200]
R1 FreeOTFECypherCAST5;FreeOTFECypherCAST5;c:\windows\system32\FreeOTFECypherCAST5.sys [2010-8-25 31088]
R1 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman;c:\windows\system32\FreeOTFECypherCAST6_Gladman.sys [2010-8-25 29808]
R1 FreeOTFECypherDES;FreeOTFECypherDES;c:\windows\system32\FreeOTFECypherDES.sys [2010-8-25 56816]
R1 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman;c:\windows\system32\FreeOTFECypherMARS_Gladman.sys [2010-8-25 26480]
R1 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc;c:\windows\system32\FreeOTFECypherRC6_ltc.sys [2010-8-25 26096]
R1 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman;c:\windows\system32\FreeOTFECypherSerpent_Gladman.sys [2010-8-25 29168]
R1 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc;c:\windows\system32\FreeOTFECypherTwofish_ltc.sys [2010-8-25 31856]
R1 FreeOTFEHashMD;FreeOTFEHashMD;c:\windows\system32\FreeOTFEHashMD.sys [2010-8-25 16880]
R1 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;c:\windows\system32\FreeOTFEHashRIPEMD.sys [2010-8-25 32624]
R1 FreeOTFEHashSHA;FreeOTFEHashSHA;c:\windows\system32\FreeOTFEHashSHA.sys [2010-8-25 26224]
R1 FreeOTFEHashTiger;FreeOTFEHashTiger;c:\windows\system32\FreeOTFEHashTiger.sys [2010-8-25 22128]
R1 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool;c:\windows\system32\FreeOTFEHashWhirlpool.sys [2010-8-25 30704]
R1 GizmoDrv;Gizmo Device Driver;c:\windows\system32\drivers\gizmodrv.sys [2011-8-15 25488]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.0.0.128\definitions\ipsdefs\20120131.002\IDSvix86.sys [2012-2-1 368248]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 myWIFIzone;myWIFIzone Driver;c:\windows\system32\drivers\myWIFIzone.sys [2005-12-22 19712]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1305000.091\ironx86.sys [2012-2-1 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1305000.091\symnets.sys [2012-2-1 318584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/10/28 22:27:50];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-4-2 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-30 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-30 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-30 44768]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-7-5 84992]
R2 NetProbe;NetProbe Packet Driver;c:\windows\system32\drivers\NetProbe.sys [2009-3-24 5365]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\19.5.0.145\ccsvchst.exe [2012-2-1 138248]
R2 PEEK5;PEEK Driver v4.5;c:\windows\system32\drivers\PEEK5.SYS [2009-10-31 13184]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-26 29472]
R3 connctfyMP;connctfyMP;c:\windows\system32\drivers\connctfy.sys [2010-8-12 29248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-1-31 106104]
R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2010-6-4 13112]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-10-7 62576]
R3 libusb0;LibUsb-Win32 - Kernel Driver 1.1.14.0, 05/19/2010;c:\windows\system32\drivers\libusb0.sys [2011-3-30 21504]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [2010-12-9 28776]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-10-6 139880]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2002-8-8 11330]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2003-6-8 21922]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-12-21 27632]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-7-11 27136]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 Abel;Abel;f:\cain\abel.exe --> f:\cain\Abel.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 connctfy;Connectify Service;c:\windows\system32\drivers\connctfy.sys [2010-8-12 29248]
S3 DUMeterSvc;DU Meter Service;f:\program files\du meter\dumetersvc.exe /startedbyscm:e1f6d4be-40e33354-dumeterservice --> f:\program files\du meter\DUMeterSvc.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-7-10 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-7-10 8456]
S3 FreeOTFE;FreeOTFE;c:\program files\freeotfe\x86\FreeOTFE.sys [2010-2-8 31856]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-24 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-12-21 13224]
S3 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\drivers\imdisk.sys [2010-11-1 19968]
S3 LcAgent;LC Remote Agent;c:\windows\temp\lcagent.exe --> c:\windows\temp\lcagent.exe [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\netbalancer\SeriousBit.NetBalancer.Service.exe [2010-12-9 10240]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-7-10 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-7-10 11104]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-9 15872]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-12-24 171520]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-5-29 108032]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
S3 USBTINSP;TI-Nspire™ Handheld Device Driver;c:\windows\system32\drivers\tinspusb.sys [2011-4-5 123392]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-28 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-6-5 81704]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
S4 AirPrint;AirPrint;c:\program files\airprint\airprint.exe -r _ipp._tcp,_universal -s --> c:\program files\airprint\airprint.exe -R _ipp._tcp,_universal -s [?]
S4 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2010-10-18 20549]
S4 Connectify;Connectify;c:\program files\connectify\Connectifyd.exe [2010-9-28 892992]
S4 DokanMounter;DokanMounter;c:\program files\dokan\dokanlibrary\mounter.exe [2010-7-5 11776]
S4 ExpressAccountsService;Express Accounts;c:\program files\nch software\expressaccounts\expressaccounts.exe [2010-8-5 2179076]
S4 ExpressInvoiceService;Express Invoice;c:\program files\nch software\expressinvoice\expressinvoice.exe [2010-8-5 3153924]
S4 FingerPrint;FingerPrint Service;c:\program files\fingerprint\fingerprintservice.exe -start --> c:\program files\fingerprint\FingerPrintService.exe -start [?]
S4 Gizmo Central;Gizmo Central;c:\program files\gizmo\gservice.exe [2011-8-15 34728]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-28 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-28 135664]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S4 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [2010-11-1 10240]
S4 InventoriaService;Inventoria Stock Manager;c:\program files\nch software\inventoria\inventoria.exe [2010-8-5 1671172]
S4 KMService;KMService;c:\windows\system32\srvany.exe [2011-9-19 8192]
S4 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
S4 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
S4 PredatorACE;Predator ACE;c:\program files\predator2\PredatorACE.exe [2011-3-26 108544]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-7-1 220824]
S4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2011-7-16 24992]
S4 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2011-7-16 27584]
S4 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2011-10-18 456736]
S4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-8-17 518472]
S4 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-11-10 370504]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-9-22 381248]
S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-7-11 737016]
S4 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2011-5-27 826896]
.
=============== Created Last 30 ================
.
2012-02-01 06:18:56 -------- d-----w- c:\users\david\appdata\local\NPE
2012-02-01 05:53:14 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-02-01 05:52:45 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e0e43462-920f-452a-acca-b575f583b240}\mpengine.dll
2012-02-01 01:54:29 318584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symnets.sys
2012-02-01 01:54:28 905336 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symefa.sys
2012-02-01 01:54:28 340088 ----a-r- c:\windows\system32\drivers\nis\1305000.091\symds.sys
2012-02-01 01:54:28 32888 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtspx.sys
2012-02-01 01:54:27 574584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtsp.sys
2012-02-01 01:54:27 149624 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ironx86.sys
2012-02-01 01:54:27 132744 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys
2012-02-01 01:52:59 4782 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symvtcer.dat
2012-02-01 01:52:59 -------- d-----w- c:\windows\system32\drivers\nis\1305000.091
2012-01-31 06:43:00 -------- d-----w- C:\NBRT
2012-01-31 03:24:26 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5c71f5e7-ea92-49cf-8c71-5b054ff31886}\gapaengine.dll
2012-01-31 03:06:44 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-31 03:06:44 -------- d-----w- c:\program files\Symantec
2012-01-31 03:06:44 -------- d-----w- c:\program files\common files\Symantec Shared
2012-01-31 03:05:20 -------- d-----w- c:\windows\system32\drivers\NIS
2012-01-31 03:05:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-30 23:18:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-30 11:04:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-30 11:04:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-30 11:04:44 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-30 11:03:45 41184 ----a-w- c:\windows\avastSS.scr
2012-01-30 11:03:28 -------- d-----w- c:\programdata\AVAST Software
2012-01-30 11:03:28 -------- d-----w- c:\program files\AVAST Software
2012-01-30 10:25:12 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-30 10:24:26 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0401000.00F
2012-01-30 10:24:26 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2012-01-30 10:24:22 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2012-01-30 10:19:18 -------- d-----w- c:\program files\NortonInstaller
2012-01-30 05:14:44 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-30 05:14:31 -------- d-----w- c:\programdata\HitmanPro
2012-01-30 05:03:37 2058032 ----a-w- c:\users\david\TDSSKiller.exe
2012-01-30 02:55:17 -------- d-----w- c:\windows\pss
2012-01-29 11:37:31 -------- d-----w- C:\Sun
2012-01-29 10:05:16 -------- d-----w- C:\New folder
2012-01-29 09:53:17 -------- d-----w- c:\users\david\appdata\roaming\TestApp
2012-01-26 07:50:29 -------- d-----w- c:\users\david\appdata\local\mpress
2012-01-23 21:29:35 -------- d-----w- c:\users\david\appdata\roaming\Folding@home-gpu
2012-01-21 05:35:00 -------- d-----w- c:\users\david\appdata\roaming\ts3overlay
2012-01-21 05:33:27 -------- d-----w- c:\users\david\appdata\roaming\TS3Client
2012-01-20 23:11:43 86016 ----a-w- c:\windows\unvise32.exe
2012-01-20 23:11:03 -------- d-----w- c:\program files\Parallel Port Joystick
2012-01-20 11:56:59 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-01-18 07:26:22 0 ----a-w- c:\windows\system32\proE522.tmp
2012-01-18 07:25:25 0 ----a-w- c:\windows\system32\pro609.tmp
2012-01-18 07:24:28 0 ----a-w- c:\windows\system32\pro2644.tmp
2012-01-18 07:23:26 0 ----a-w- c:\windows\system32\pro3409.tmp
2012-01-18 06:30:21 -------- d-----w- c:\users\david\appdata\local\MTA San Andreas
2012-01-18 06:29:39 -------- d-----w- c:\program files\MTA San Andreas
2012-01-18 03:38:16 -------- d-----w- c:\programdata\MTA San Andreas All
2012-01-15 06:04:08 0 ----a-w- c:\windows\system32\proD445.tmp
2012-01-15 06:03:58 0 ----a-w- c:\windows\system32\proB07F.tmp
2012-01-15 06:03:49 0 ----a-w- c:\windows\system32\pro8C7A.tmp
2012-01-15 06:03:40 0 ----a-w- c:\windows\system32\pro6837.tmp
2012-01-15 06:03:31 0 ----a-w- c:\windows\system32\pro44A0.tmp
2012-01-15 06:03:22 0 ----a-w- c:\windows\system32\pro20E9.tmp
2012-01-15 06:03:08 0 ----a-w- c:\windows\system32\proEC80.tmp
2012-01-15 05:01:49 0 ----a-w- c:\windows\system32\proC7DD.tmp
2012-01-15 05:01:07 0 ----a-w- c:\windows\system32\pro2316.tmp
2012-01-15 05:00:10 0 ----a-w- c:\windows\system32\pro45B2.tmp
2012-01-15 03:57:09 -------- d-----w- c:\program files\Bonjour Print Services
2012-01-15 03:51:38 -------- d-----w- c:\users\david\appdata\local\FingerPrint
2012-01-15 03:51:02 -------- d-----w- c:\program files\FingerPrint
2012-01-15 02:46:46 -------- d-----r- c:\users\david\appdata\roaming\Brother
2012-01-15 02:39:40 -------- d-----w- C:\Brother
2012-01-15 02:39:38 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2012-01-15 02:39:36 103736 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2012-01-15 02:39:33 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL
2012-01-15 02:39:33 25299 ----a-w- c:\windows\system32\BRLM03A.DLL
2012-01-15 02:39:29 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-01-15 02:39:29 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-01-15 02:39:29 2560 ------w- c:\windows\system32\BrDctF2S.dll
2012-01-15 02:39:29 217088 ------w- c:\windows\system32\NSSearch.dll
2012-01-15 02:39:29 -------- d-----w- c:\program files\Brother
2012-01-15 02:39:25 180224 ------w- c:\windows\system32\BroSNMP.dll
2012-01-15 02:37:46 -------- d-----w- c:\programdata\Brother
2012-01-14 10:12:11 -------- d-----w- c:\program files\Folding@home
2012-01-13 08:46:48 0 ----a-w- c:\windows\system32\proB145.tmp
2012-01-13 08:46:39 0 ----a-w- c:\windows\system32\pro8DBD.tmp
2012-01-13 08:46:30 0 ----a-w- c:\windows\system32\pro6A73.tmp
2012-01-13 08:46:21 0 ----a-w- c:\windows\system32\pro471A.tmp
2012-01-13 08:46:12 0 ----a-w- c:\windows\system32\pro23B2.tmp
2012-01-13 08:46:03 0 ----a-w- c:\windows\system32\pro68.tmp
2012-01-13 08:45:54 0 ----a-w- c:\windows\system32\proDC16.tmp
2012-01-13 08:45:45 0 ----a-w- c:\windows\system32\proB8BD.tmp
2012-01-13 08:45:36 0 ----a-w- c:\windows\system32\pro9564.tmp
2012-01-13 08:45:27 0 ----a-w- c:\windows\system32\pro71FB.tmp
2012-01-13 08:45:18 0 ----a-w- c:\windows\system32\pro4EB1.tmp
2012-01-13 08:45:08 0 ----a-w- c:\windows\system32\pro2AAD.tmp
2012-01-13 08:44:59 0 ----a-w- c:\windows\system32\pro5BE.tmp
2012-01-13 08:44:50 0 ----a-w- c:\windows\system32\proE1C9.tmp
2012-01-13 08:44:40 0 ----a-w- c:\windows\system32\proBCCB.tmp
2012-01-13 08:44:31 0 ----a-w- c:\windows\system32\pro98C6.tmp
2012-01-13 08:44:21 0 ----a-w- c:\windows\system32\pro73B8.tmp
2012-01-13 08:44:12 0 ----a-w- c:\windows\system32\pro4F18.tmp
2012-01-13 08:44:03 0 ----a-w- c:\windows\system32\pro2A48.tmp
2012-01-13 08:43:53 0 ----a-w- c:\windows\system32\pro4DD.tmp
2012-01-13 08:43:44 0 ----a-w- c:\windows\system32\proE00D.tmp
2012-01-13 08:43:34 0 ----a-w- c:\windows\system32\proBAFF.tmp
2012-01-13 08:43:25 0 ----a-w- c:\windows\system32\pro96FB.tmp
2012-01-13 08:43:15 0 ----a-w- c:\windows\system32\pro7028.tmp
2012-01-13 08:43:06 0 ----a-w- c:\windows\system32\pro4BF5.tmp
2012-01-13 08:42:57 0 ----a-w- c:\windows\system32\pro27F0.tmp
2012-01-13 08:42:47 0 ----a-w- c:\windows\system32\pro330.tmp
2012-01-13 08:42:38 0 ----a-w- c:\windows\system32\proDF1C.tmp
2012-01-13 08:42:29 0 ----a-w- c:\windows\system32\proBAF8.tmp
2012-01-13 08:42:19 0 ----a-w- c:\windows\system32\pro9703.tmp
2012-01-13 08:42:10 0 ----a-w- c:\windows\system32\pro72B1.tmp
2012-01-13 08:42:01 0 ----a-w- c:\windows\system32\pro4E9C.tmp
2012-01-13 08:41:52 0 ----a-w- c:\windows\system32\pro2A69.tmp
2012-01-13 08:41:42 0 ----a-w- c:\windows\system32\pro626.tmp
2012-01-13 08:41:33 0 ----a-w- c:\windows\system32\proE240.tmp
2012-01-13 08:41:24 0 ----a-w- c:\windows\system32\proBE4B.tmp
2012-01-13 08:41:15 0 ----a-w- c:\windows\system32\pro9A47.tmp
2012-01-13 08:41:05 0 ----a-w- c:\windows\system32\pro7613.tmp
2012-01-13 08:40:56 0 ----a-w- c:\windows\system32\pro520F.tmp
2012-01-13 08:40:47 0 ----a-w- c:\windows\system32\pro2D7D.tmp
2012-01-13 08:40:37 0 ----a-w- c:\windows\system32\pro860.tmp
2012-01-13 08:40:28 0 ----a-w- c:\windows\system32\proE42D.tmp
2012-01-13 08:40:19 0 ----a-w- c:\windows\system32\proBF8C.tmp
2012-01-13 08:40:09 0 ----a-w- c:\windows\system32\pro97DF.tmp
2012-01-13 08:39:59 0 ----a-w- c:\windows\system32\pro7199.tmp
2012-01-13 08:39:50 0 ----a-w- c:\windows\system32\pro4D56.tmp
2012-01-13 08:39:40 0 ----a-w- c:\windows\system32\pro2952.tmp
2012-01-13 08:39:31 0 ----a-w- c:\windows\system32\pro50F.tmp
2012-01-13 08:39:22 0 ----a-w- c:\windows\system32\proE0BC.tmp
2012-01-13 08:39:12 0 ----a-w- c:\windows\system32\proBC79.tmp
2012-01-13 08:39:03 0 ----a-w- c:\windows\system32\pro97C9.tmp
2012-01-13 08:38:53 0 ----a-w- c:\windows\system32\pro722E.tmp
2012-01-13 08:38:43 0 ----a-w- c:\windows\system32\pro4B6C.tmp
2012-01-13 08:38:34 0 ----a-w- c:\windows\system32\pro2600.tmp
2012-01-13 08:38:24 0 ----a-w- c:\windows\system32\proFEF0.tmp
2012-01-13 08:38:14 0 ----a-w- c:\windows\system32\proD8C9.tmp
2012-01-13 08:38:03 0 ----a-w- c:\windows\system32\proADD2.tmp
2012-01-13 08:37:53 0 ----a-w- c:\windows\system32\pro855A.tmp
2012-01-13 08:37:43 0 ----a-w- c:\windows\system32\pro606C.tmp
2012-01-13 08:37:34 0 ----a-w- c:\windows\system32\pro3AE1.tmp
2012-01-13 08:36:52 0 ----a-w- c:\windows\system32\pro9993.tmp
2012-01-09 02:14:49 -------- d-----w- c:\program files\jmonkeyplatform
2012-01-09 00:52:37 -------- d--h--w- c:\users\david\.jmonkeyplatform-installer
.
==================== Find3M ====================
.
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-30 02:41:47 15 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2011-12-22 08:14:45 0 ----a-w- c:\windows\system32\pro8301.tmp
2011-12-22 08:14:36 0 ----a-w- c:\windows\system32\pro5F4B.tmp
2011-12-22 08:14:27 0 ----a-w- c:\windows\system32\pro3AF8.tmp
2011-12-22 08:13:52 0 ----a-w- c:\windows\system32\proB554.tmp
2011-12-18 23:21:36 0 ----a-w- c:\windows\system32\pro6348.tmp
2011-12-18 23:20:39 0 ----a-w- c:\windows\system32\pro843F.tmp
2011-12-18 23:19:42 0 ----a-w- c:\windows\system32\proA545.tmp
2011-12-18 23:18:45 0 ----a-w- c:\windows\system32\proC60D.tmp
2011-12-18 23:17:48 0 ----a-w- c:\windows\system32\proE6D4.tmp
2011-12-18 23:16:51 0 ----a-w- c:\windows\system32\pro7DB.tmp
2011-12-18 23:15:54 0 ----a-w- c:\windows\system32\pro28A3.tmp
2011-12-18 23:14:57 0 ----a-w- c:\windows\system32\pro497A.tmp
2011-12-18 23:14:00 0 ----a-w- c:\windows\system32\pro6A71.tmp
2011-12-18 23:13:07 0 ----a-w- c:\windows\system32\pro9B6E.tmp
2011-12-18 23:11:38 0 ----a-w- c:\windows\system32\pro416C.tmp
2011-12-18 09:54:26 0 ----a-w- c:\windows\system32\pro7C6E.tmp
2011-12-12 01:31:59 0 ----a-w- c:\windows\system32\proECF8.tmp
2011-11-08 10:27:16 6 ----a-w- c:\windows\core32.dll
2011-11-06 10:56:20 0 ----a-w- c:\windows\system32\pro3DE6.tmp
2011-11-06 10:55:54 0 ----a-w- c:\windows\system32\proD978.tmp
.
============= FINISH: 18:32:35.85 ===============

*mod edit:moved from Am I Infected to MRL~Queen-Evie*

Edited by Queen-Evie, 01 February 2012 - 12:41 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:06 AM

Posted 02 February 2012 - 03:34 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:


Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


NEXT:


Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. aswMBR log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 ShoopDahWhoop

ShoopDahWhoop
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 03 February 2012 - 02:07 AM

Thanks for your reply Agent ST.
I was unable to run aswMBR.
I clicked the program, the UAC dialog came up but nothing happened afterwards
the Farbar Service Scanner log is as follows:
Farbar Service Scanner Version: 01-02-2012 03
Ran by DAVID (administrator) on 02-02-2012 at 21:33:39
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-09-14 18:46] - [2011-06-21 16:34] - 1290624 ____A (Microsoft Corporation) 04E4A7D53A7ACE02E8C55B17A498F631

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

The OTL and extras log are as follows

OTL logfile created on: 2/3/2012 5:19:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DAVID\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.34% Memory free
5.98 Gb Paging File | 4.17 Gb Available in Paging File | 69.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.00 Gb Total Space | 1.52 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
Drive D: | 222.26 Gb Total Space | 1.04 Gb Free Space | 0.47% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 1677.42 Gb Free Space | 90.04% Space Free | Partition Type: NTFS

Computer Name: JOSEPH-PC | User Name: DAVID | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 21:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DAVID\Desktop\OTL.exe
PRC - [2011/11/30 13:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/11/29 05:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/29 05:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/18 22:02:24 | 001,708,080 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/20 23:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 23:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/01 08:43:00 | 000,441,328 | ---- | M] () -- C:\Users\DAVID\AppData\Local\Google\Chrome\Application\18.0.1025.1\ppgooglenaclpluginchrome.dll
MOD - [2012/02/01 08:42:58 | 003,889,648 | ---- | M] () -- C:\Users\DAVID\AppData\Local\Google\Chrome\Application\18.0.1025.1\pdf.dll
MOD - [2012/02/01 08:41:33 | 000,122,880 | ---- | M] () -- C:\Users\DAVID\AppData\Local\Google\Chrome\Application\18.0.1025.1\avutil-51.dll
MOD - [2012/02/01 08:41:31 | 000,222,208 | ---- | M] () -- C:\Users\DAVID\AppData\Local\Google\Chrome\Application\18.0.1025.1\avformat-53.dll
MOD - [2012/02/01 08:41:30 | 001,746,944 | ---- | M] () -- C:\Users\DAVID\AppData\Local\Google\Chrome\Application\18.0.1025.1\avcodec-53.dll
MOD - [2012/01/29 22:14:01 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2012/01/29 22:13:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
MOD - [2012/01/29 22:12:46 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/10/18 22:02:20 | 000,061,984 | ---- | M] () -- C:\Program Files\Soluto\PCGPrestoSerializer.dll
MOD - [2011/10/18 21:50:32 | 000,071,216 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2011/08/15 21:09:28 | 000,059,304 | ---- | M] () -- C:\Program Files\Gizmo\gshell.dll
MOD - [2011/03/30 09:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/05 12:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/05 12:58:10 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2010/11/05 12:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/11/05 12:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/05 12:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/05 12:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/11/05 12:53:31 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
MOD - [2010/11/05 12:53:30 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2010/07/05 08:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/11/04 11:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2006/06/29 14:54:00 | 000,020,480 | ---- | M] () -- C:\Program Files\EvidenceNuker\shellext0.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (LcAgent)
SRV - File not found [On_Demand | Stopped] -- -- (DUMeterSvc)
SRV - File not found [Auto | Stopped] -- -- (Abel)
SRV - [2012/01/14 17:44:44 | 001,300,992 | ---- | M] (Collobos Software) [Disabled | Stopped] -- C:\Program Files\FingerPrint\FingerPrintService.exe -- (FingerPrint)
SRV - [2012/01/09 00:01:44 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/30 13:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/11/29 05:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/10 17:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/10/18 22:02:24 | 000,456,736 | ---- | M] (Soluto) [Disabled | Stopped] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2011/09/22 12:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/09/19 22:29:19 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011/08/17 18:31:36 | 000,518,472 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/08/15 21:09:28 | 000,034,728 | ---- | M] (Arainia Solutions) [Disabled | Stopped] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2011/08/15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/12 10:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/25 22:29:30 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/16 11:56:22 | 000,024,992 | ---- | M] (Samsung Electronics Co., Ltd.) [Disabled | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2011/07/16 11:56:18 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [Disabled | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011/07/01 13:55:20 | 000,220,824 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2011/06/15 15:59:50 | 000,737,016 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/05/27 08:47:16 | 000,826,896 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/26 01:11:28 | 000,108,544 | ---- | M] (Montpellier-Informatique) [Disabled | Stopped] -- C:\Program Files\Predator2\PredatorACE.exe -- (PredatorACE)
SRV - [2011/02/12 08:43:02 | 000,660,576 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/10/07 13:39:52 | 000,234,784 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\AirPrint\airprint.exe -- (AirPrint)
SRV - [2010/09/28 11:49:08 | 000,892,992 | ---- | M] (Connectify) [Disabled | Stopped] -- C:\Program Files\Connectify\Connectifyd.exe -- (Connectify)
SRV - [2010/08/21 07:08:46 | 000,036,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/08/05 23:01:38 | 001,671,172 | ---- | M] (NCH Software) [Disabled | Stopped] -- C:\Program Files\NCH Software\Inventoria\inventoria.exe -- (InventoriaService)
SRV - [2010/08/05 23:01:22 | 002,179,076 | ---- | M] (NCH Software) [Disabled | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2010/08/05 23:01:04 | 003,153,924 | ---- | M] (NCH Software) [Disabled | Stopped] -- C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe -- (ExpressInvoiceService)
SRV - [2010/07/23 12:12:50 | 000,010,240 | ---- | M] (Microsoft) [On_Demand | Stopped] -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe -- (NetBalancer Windows Service)
SRV - [2010/07/05 23:37:08 | 000,011,776 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/28 08:24:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/21 05:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/03 08:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 12:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/02 13:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/05/29 00:32:26 | 000,053,760 | ---- | M] (tzuk) [Disabled | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/05/19 12:42:42 | 000,385,024 | R--- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\System32\AstSrv.exe -- (astcc)
SRV - [2009/03/28 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2009/01/12 23:15:52 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - [2008/12/15 04:38:01 | 000,010,240 | ---- | M] (Olof Lagerkvist) [Disabled | Stopped] -- C:\Windows\System32\imdsksvc.exe -- (ImDskSvc)
SRV - [2008/11/10 07:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2012/02/01 12:54:56 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/01/31 14:46:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120201.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/31 14:45:59 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/01/31 14:45:59 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/31 14:45:59 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120201.003\NAVENG.SYS -- (NAVENG)
DRV - [2012/01/28 23:21:34 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120201.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012/01/21 02:27:16 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120121.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/29 04:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/29 04:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/29 04:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/29 04:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/29 04:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/29 04:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/24 13:23:47 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\SYMEFA.SYS -- (SymEFA)
DRV - [2011/11/24 12:50:26 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1305000.091\SRTSP.SYS -- (SRTSP)
DRV - [2011/11/24 12:50:26 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/17 14:37:59 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1305000.091\SYMNETS.SYS -- (SymNetS)
DRV - [2011/11/17 14:17:48 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\Ironx86.SYS -- (SymIRON)
DRV - [2011/11/05 10:59:35 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/10/18 21:50:18 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Soluto.sys -- (Soluto)
DRV - [2011/09/23 09:40:00 | 010,318,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/15 21:09:30 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2011/07/23 03:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 08:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/08 10:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/07/01 13:55:38 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2011/05/17 15:03:26 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\SYMDS.SYS -- (SymDS)
DRV - [2011/05/06 15:30:00 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011/05/06 15:29:50 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/30 06:09:32 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/03/24 11:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 11:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/03/03 20:41:06 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/12/21 14:09:25 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/12/21 14:07:41 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/12/21 14:07:41 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/11/20 23:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 23:18:07 | 000,743,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\blackbox.dll -- (BlackBox)
DRV - [2010/11/20 21:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 21:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 21:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 20:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/10 00:08:04 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/09/28 01:25:10 | 000,062,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l1c51x86.sys -- (L1C)
DRV - [2010/08/12 00:39:24 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfyMP)
DRV - [2010/08/12 00:39:24 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfy)
DRV - [2010/07/13 19:19:41 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2010/07/05 23:37:10 | 000,084,992 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\System32\drivers\dokan.sys -- (Dokan)
DRV - [2010/06/16 18:07:43 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2010/06/04 02:07:18 | 000,013,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jumi.sys -- (jumi)
DRV - [2010/05/15 00:04:00 | 000,028,776 | ---- | M] (SeriousBit) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nbdrv.sys -- (Nbdrv)
DRV - [2010/04/26 17:22:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/04/19 21:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/02 09:11:16 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/10/28 22:27:50] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/02/08 10:41:42 | 000,032,624 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFEHashRIPEMD.sys -- (FreeOTFEHashRIPEMD)
DRV - [2010/02/08 10:41:42 | 000,030,704 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFEHashWhirlpool.sys -- (FreeOTFEHashWhirlpool)
DRV - [2010/02/08 10:41:42 | 000,026,224 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFEHashSHA.sys -- (FreeOTFEHashSHA)
DRV - [2010/02/08 10:41:42 | 000,022,128 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFEHashTiger.sys -- (FreeOTFEHashTiger)
DRV - [2010/02/08 10:41:42 | 000,016,880 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFEHashMD.sys -- (FreeOTFEHashMD)
DRV - [2010/02/08 10:41:40 | 000,031,856 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFECypherTwofish_ltc.sys -- (FreeOTFECypherTwofish_ltc)
DRV - [2010/02/08 10:41:40 | 000,029,168 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFECypherSerpent_Gladman.sys -- (FreeOTFECypherSerpent_Gladman)
DRV - [2010/02/08 10:41:40 | 000,026,096 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFECypherRC6_ltc.sys -- (FreeOTFECypherRC6_ltc)
DRV - [2010/02/08 10:41:38 | 000,056,816 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFECypherDES.sys -- (FreeOTFECypherDES)
DRV - [2010/02/08 10:41:38 | 000,047,216 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFECypherAES_ltc.sys -- (FreeOTFECypherAES_ltc)
DRV - [2010/02/08 10:41:38 | 000,031,856 | ---- | M] (Sarah Dean) [Kernel | On_Demand | Stopped] -- C:\Program Files\FreeOTFE\x86\FreeOTFE.sys -- (FreeOTFE)
DRV - [2010/02/08 10:41:38 | 000,031,088 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFECypherCAST5.sys -- (FreeOTFECypherCAST5)
DRV - [2010/02/08 10:41:38 | 000,029,808 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFECypherCAST6_Gladman.sys -- (FreeOTFECypherCAST6_Gladman)
DRV - [2010/02/08 10:41:38 | 000,026,480 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFECypherMARS_Gladman.sys -- (FreeOTFECypherMARS_Gladman)
DRV - [2010/02/08 10:41:38 | 000,025,200 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\Windows\System32\FreeOTFECypherBlowfish.sys -- (FreeOTFECypherBlowfish)
DRV - [2009/12/17 16:02:34 | 000,123,280 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2009/12/17 16:02:34 | 000,110,096 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2009/12/17 16:02:34 | 000,099,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009/12/17 16:02:34 | 000,041,616 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2009/10/21 05:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/16 09:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009/09/10 16:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/08/14 06:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/31 12:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 11:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 10:54:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/07/14 10:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/05 10:03:28 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/05/29 00:32:24 | 000,108,032 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/03/24 11:13:26 | 000,005,365 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NetProbe.sys -- (NetProbe)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/15 04:38:02 | 000,019,968 | ---- | M] (Olof Lagerkvist) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\imdisk.sys -- (ImDisk)
DRV - [2008/12/05 11:18:28 | 000,123,392 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire™
DRV - [2007/04/13 12:55:38 | 000,496,768 | ---- | M] (Tamosoft, Ltd.) [CommView] Atheros Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/11/11 00:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/07/20 19:49:30 | 000,038,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P2k.sys -- (P2k)
DRV - [2005/12/22 22:45:40 | 000,019,712 | ---- | M] (myWIFIzone.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\myWIFIzone.sys -- (myWIFIzone)
DRV - [2003/10/15 17:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519)
DRV - [2003/09/24 10:23:50 | 000,013,184 | ---- | M] (WildPackets, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEEK5.SYS -- (PEEK5)
DRV - [2003/08/10 10:10:18 | 000,021,922 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PPortJoy.sys -- (PPortJoystick)
DRV - [2003/08/10 10:10:17 | 000,011,330 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PPJoyBus.sys -- (PPJoyBus)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMDUSB.sys -- (NETMDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/splitcam/{5A6C0966-BBBC-4251-9154-C3CADB15E37E}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-3544938981-518352492-2941319083-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/redirectdomain?brand=LGEL&bmod=LGEL
IE - HKU\S-1-5-21-3544938981-518352492-2941319083-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/splitcam/{5A6C0966-BBBC-4251-9154-C3CADB15E37E}
IE - HKU\S-1-5-21-3544938981-518352492-2941319083-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3544938981-518352492-2941319083-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "google.com.au"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.7
FF - prefs.js..extensions.enabledItems: {95F66546-E901-43FB-84CB-DF85EC1BEAA0}:1.9.1
FF - prefs.js..keyword.URL: "http://www.bigseekpro.com/search/toolbar/splitcam/{5A6C0966-BBBC-4251-9154-C3CADB15E37E}?q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/10/09 20:34:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files\Skyhook Wireless\Loki Browser Plugin\versions\3.4.2.13\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\DAVID\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\DAVID\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DAVID\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DAVID\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.6.0: C:\Users\DAVID\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{95F66546-E901-43FB-84CB-DF85EC1BEAA0}: C:\Users\DAVID\AppData\Local\{95F66546-E901-43FB-84CB-DF85EC1BEAA0} [2010/10/27 17:48:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2012/02/01 12:30:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2012/02/03 17:13:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: F:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins

[2010/05/02 18:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DAVID\AppData\Roaming\Mozilla\Extensions
[2011/09/23 23:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DAVID\AppData\Roaming\Mozilla\Firefox\Profiles\1s1vuxbb.default\extensions
[2011/04/10 13:29:29 | 000,000,000 | ---D | M] (Splitcam DB Toolbar) -- C:\Users\DAVID\AppData\Roaming\Mozilla\Firefox\Profiles\1s1vuxbb.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010/05/02 20:19:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DAVID\AppData\Roaming\Mozilla\Firefox\Profiles\1s1vuxbb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/19 21:36:20 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\DAVID\AppData\Roaming\Mozilla\Firefox\Profiles\1s1vuxbb.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/05/02 19:52:26 | 000,000,000 | ---D | M] (FireFound) -- C:\Users\DAVID\AppData\Roaming\Mozilla\Firefox\Profiles\1s1vuxbb.default\extensions\firefound@efinke.com
[2011/04/10 13:29:54 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\DAVID\AppData\Roaming\Mozilla\Firefox\Profiles\1s1vuxbb.default\extensions\support@predictad.com
[2011/04/18 11:43:22 | 000,002,383 | ---- | M] () -- C:\Users\DAVID\AppData\Roaming\Mozilla\Firefox\Profiles\1s1vuxbb.default\searchplugins\search.xml
[2010/07/01 11:19:30 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2010/10/27 17:48:47 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\DAVID\APPDATA\LOCAL\{95F66546-E901-43FB-84CB-DF85EC1BEAA0}
File not found (No name found) -- F:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
File not found (No name found) -- F:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- F:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DAVID\AppData\Local\Google\Chrome\Application\18.0.1025.1\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DAVID\AppData\Local\Google\Chrome\Application\18.0.1025.1\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DAVID\AppData\Local\Google\Chrome\Application\18.0.1025.1\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\DAVID\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\DAVID\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files\Skyhook Wireless\Loki Browser Plugin\versions\3.4.2.13\nploki.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.6.0 (Enabled) = C:\Users\DAVID\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: Entanglement = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Resurrect Google Cache & Related links. = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\eepfhdmfkngfolhinjkiaapceocdmpeg\1.0_0\
CHR - Extension: Facebook Disconnect = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.2.1_0\
CHR - Extension: avast! WebRep = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: What's the font? = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipooogmmnpmfmhbhlahhjkjiiamjllal\0.1.4_0\
CHR - Extension: Skype Click to Call = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Poppit = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\
CHR - Extension: Plants vs Zombies = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: FreshStart - Cross Browser Session Manager = C:\Users\DAVID\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb\1.5.4_0\

Hosts file not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Splitcam DB Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Splitcam DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Splitcam DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3544938981-518352492-2941319083-1000\..\Toolbar\WebBrowser: (Splitcam DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Splitcam DB Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3544938981-518352492-2941319083-1000..\Run: [fsm] File not found
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3544938981-518352492-2941319083-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3544938981-518352492-2941319083-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3544938981-518352492-2941319083-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - res:///105 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000069 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000070 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000071 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000072 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000073 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000074 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000075 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3544938981-518352492-2941319083-1000\..Trusted Domains: commbank.com.au ([www1.my] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E7E3B0B-A851-4280-9BC6-7E91EEC20FC8}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32EDA3C6-783B-4542-9500-3B1AEF52C47F}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71BC49AE-9BD0-4E8D-92A3-CBFAA510A265}: DhcpNameServer = 8.8.8.8 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4C808B1-54E7-4484-984A-F11F8BC5BF66}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC270730-1768-48B4-A57C-0A91FD28BEBF}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) -C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/07 19:01:54 | 000,000,162 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0b4c1636-c7d5-11e0-b81c-ed3caefc2652}\Shell - "" = AutoRun
O33 - MountPoints2\{0b4c1636-c7d5-11e0-b81c-ed3caefc2652}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{0b4c1639-c7d5-11e0-b81c-ed3caefc2652}\Shell - "" = AutoRun
O33 - MountPoints2\{0b4c1639-c7d5-11e0-b81c-ed3caefc2652}\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\{10401148-75b6-11df-a444-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{10401148-75b6-11df-a444-00269edb3126}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{10401170-75b6-11df-a444-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{10401170-75b6-11df-a444-00269edb3126}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{195f14c3-790f-11df-a426-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{195f14c3-790f-11df-a426-00269edb3126}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{195f1525-790f-11df-a426-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{195f1525-790f-11df-a426-00269edb3126}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{42d49a69-8178-11df-8855-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{42d49a69-8178-11df-8855-00269edb3126}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{48c224b6-26bd-11e0-bdb8-f16f8a801646}\Shell - "" = AutoRun
O33 - MountPoints2\{48c224b6-26bd-11e0-bdb8-f16f8a801646}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4b82e07e-5bfa-11df-a48c-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{4b82e07e-5bfa-11df-a48c-00269edb3126}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6706def3-3e76-11e1-8898-abda11656a5d}\Shell - "" = AutoRun
O33 - MountPoints2\{6706def3-3e76-11e1-8898-abda11656a5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{791b53f1-49f7-11df-a8e7-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{791b53f1-49f7-11df-a8e7-00269edb3126}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{791b53f5-49f7-11df-a8e7-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{791b53f5-49f7-11df-a8e7-00269edb3126}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{84ecd193-50ed-11df-8bf7-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{84ecd193-50ed-11df-8bf7-00269edb3126}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{84ecd1bc-50ed-11df-8bf7-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{84ecd1bc-50ed-11df-8bf7-00269edb3126}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{91863552-0a52-11df-963b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{91863552-0a52-11df-963b-806e6f6e6963}\Shell\Install\Command - "" = E:\Start.exe
O33 - MountPoints2\{91a2e068-897d-11df-8496-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{91a2e068-897d-11df-8496-00269edb3126}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{db3bf95e-59a6-11df-84fd-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{db3bf95e-59a6-11df-84fd-00269edb3126}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{db3bf960-59a6-11df-84fd-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{db3bf960-59a6-11df-84fd-00269edb3126}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{f333a2f0-0ed1-11e0-8a88-beb74c24305b}\Shell - "" = AutoRun
O33 - MountPoints2\{f333a2f0-0ed1-11e0-8a88-beb74c24305b}\Shell\AutoRun\command - "" = Z:\AutoRun.exe
O33 - MountPoints2\{f472cfb5-49d9-11df-a1b9-00269edb3126}\Shell - "" = AutoRun
O33 - MountPoints2\{f472cfb5-49d9-11df-a1b9-00269edb3126}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 21:33:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\DAVID\Desktop\OTL.exe
[2012/02/02 21:08:05 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\DAVID\Desktop\aswMBR.exe
[2012/02/01 19:15:15 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Local\TeknoGods
[2012/02/01 17:18:56 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Local\NPE
[2012/02/01 12:54:29 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symnets.sys
[2012/02/01 12:54:28 | 000,905,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symefa.sys
[2012/02/01 12:54:28 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symds.sys
[2012/02/01 12:54:28 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\srtspx.sys
[2012/02/01 12:54:27 | 000,574,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\srtsp.sys
[2012/02/01 12:54:27 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\ironx86.sys
[2012/02/01 12:54:27 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\ccsetx86.sys
[2012/02/01 12:52:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1305000.091
[2012/01/31 17:43:00 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/01/31 14:06:44 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/01/31 14:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/01/31 14:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/01/31 14:05:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2012/01/31 14:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/31 14:05:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/01/31 10:18:02 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/01/30 22:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/30 22:05:15 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/30 22:05:14 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/30 22:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/30 22:05:01 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/30 22:04:57 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/30 22:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/30 22:04:53 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/30 22:04:44 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/30 22:03:45 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/30 22:03:45 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/30 22:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/30 22:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/30 21:24:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2012/01/30 21:24:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F
[2012/01/30 21:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/01/30 21:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2012/01/30 21:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/01/30 21:09:34 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/01/30 16:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/01/30 16:03:37 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\DAVID\TDSSKiller.exe
[2012/01/30 13:55:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/01/30 12:45:28 | 000,000,000 | ---D | C] -- C:\Users\DAVID\Documents\Symantec
[2012/01/30 10:25:48 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\DAVID\Desktop\asdf.exe
[2012/01/29 22:37:31 | 000,000,000 | ---D | C] -- C:\Sun
[2012/01/29 21:05:16 | 000,000,000 | ---D | C] -- C:\New folder
[2012/01/29 20:53:17 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Roaming\TestApp
[2012/01/29 10:06:52 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/28 21:35:01 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/01/28 21:35:01 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/01/28 21:35:01 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/01/26 18:50:29 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Local\mpress
[2012/01/26 18:49:25 | 000,889,416 | -H-- | C] (Microsoft Corporation) -- C:\Users\DAVID\Desktop\dotNetFx40_Full_setup.exe
[2012/01/24 08:29:35 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Roaming\Folding@home-gpu
[2012/01/21 16:35:00 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Roaming\ts3overlay
[2012/01/21 16:33:27 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Roaming\TS3Client
[2012/01/21 10:11:43 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2012/01/21 10:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parallel Port Joystick
[2012/01/21 10:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Parallel Port Joystick
[2012/01/21 10:08:37 | 000,000,000 | -H-D | C] -- C:\Users\DAVID\Desktop\PPJoy
[2012/01/20 22:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/01/20 22:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012/01/18 17:30:21 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Local\MTA San Andreas
[2012/01/18 17:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas
[2012/01/18 17:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\MTA San Andreas
[2012/01/18 14:39:13 | 000,000,000 | -H-D | C] -- C:\Users\DAVID\Documents\GTA San Andreas User Files
[2012/01/18 14:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
[2012/01/15 14:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
[2012/01/15 14:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2012/01/15 14:51:38 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Local\FingerPrint
[2012/01/15 14:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FingerPrint
[2012/01/15 14:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\FingerPrint
[2012/01/15 13:46:46 | 000,000,000 | R--D | C] -- C:\Users\DAVID\AppData\Roaming\Brother
[2012/01/15 13:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/01/15 13:39:40 | 000,000,000 | ---D | C] -- C:\Brother
[2012/01/15 13:39:36 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2012/01/15 13:39:33 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BRLMW03A.DLL
[2012/01/15 13:39:33 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRLM03A.DLL
[2012/01/15 13:39:29 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2012/01/15 13:39:29 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2012/01/15 13:39:29 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2012/01/15 13:39:29 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2012/01/15 13:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2012/01/15 13:39:25 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
[2012/01/15 13:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012/01/14 21:51:32 | 000,000,000 | ---D | C] -- C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home-gpu
[2012/01/14 21:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Folding@home
[2012/01/09 13:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\jmonkeyplatform
[2012/01/09 11:52:37 | 000,000,000 | -H-D | C] -- C:\Users\DAVID\.jmonkeyplatform-installer
[2012/01/09 01:17:53 | 000,000,000 | -H-D | C] -- C:\Users\DAVID\Desktop\GuruQuest for Windows
[94 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\DAVID\Documents\*.tmp files -> C:\Users\DAVID\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/03 17:53:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3544938981-518352492-2941319083-1000UA.job
[2012/02/03 17:49:24 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 17:21:12 | 000,022,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 17:21:12 | 000,022,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 17:15:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/03 17:13:13 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\Lpovvw.job
[2012/02/03 17:12:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/02 21:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DAVID\Desktop\OTL.exe
[2012/02/02 21:33:00 | 000,335,515 | ---- | M] () -- C:\Users\DAVID\Desktop\FSS.exe
[2012/02/02 21:10:28 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\DAVID\Desktop\aswMBR.exe
[2012/02/02 16:27:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3544938981-518352492-2941319083-1000Core.job
[2012/02/01 20:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/01 16:39:39 | 000,002,696 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/02/01 16:38:14 | 001,133,687 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\Cat.DB
[2012/02/01 16:37:37 | 000,004,782 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\VT20111023.022
[2012/02/01 12:54:56 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/02/01 12:54:56 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/02/01 12:54:56 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/01/31 23:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/31 20:26:10 | 000,663,288 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/31 20:26:10 | 000,121,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/31 19:40:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/31 10:18:02 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/01/30 22:05:17 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/30 22:05:06 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 22:04:44 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/30 21:25:08 | 000,001,491 | ---- | M] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/01/30 21:09:34 | 000,001,375 | ---- | M] () -- C:\Users\DAVID\Desktop\Norton Installation Files.lnk
[2012/01/30 17:04:15 | 004,052,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/30 16:25:07 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/01/30 16:00:39 | 000,000,000 | ---- | M] () -- C:\Users\DAVID\defogger_reenable
[2012/01/30 15:16:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012/01/30 14:54:42 | 000,007,912 | ---- | M] () -- C:\Windows\System32\.rsp
[2012/01/30 14:54:42 | 000,001,479 | ---- | M] () -- C:\Windows\System32\.lck
[2012/01/30 13:41:47 | 000,000,015 | ---- | M] () -- C:\Windows\System32\TempWmicBatchFile.bat
[2012/01/29 20:53:20 | 000,001,535 | ---- | M] () -- C:\Users\DAVID\Desktop\sdsetup.exe.lnk
[2012/01/29 10:06:52 | 000,000,677 | ---- | M] () -- C:\Users\DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/28 22:47:59 | 000,327,680 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/01/27 15:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\isolate.ini
[2012/01/26 20:09:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\bash.exe.stackdump
[2012/01/26 18:46:21 | 000,889,416 | -H-- | M] (Microsoft Corporation) -- C:\Users\DAVID\Desktop\dotNetFx40_Full_setup.exe
[2012/01/26 18:45:57 | 006,191,392 | -H-- | M] () -- C:\Users\DAVID\Desktop\TeknoMW3_1.3.rar
[2012/01/24 16:44:58 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\DAVID\TDSSKiller.exe
[2012/01/24 16:44:58 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\DAVID\Desktop\asdf.exe
[2012/01/23 17:27:44 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/01/23 17:27:44 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/01/20 22:57:11 | 000,001,120 | -H-- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/01/09 13:19:00 | 000,002,033 | -H-- | M] () -- C:\Users\Public\Desktop\jMonkeyEngine SDK.lnk
[94 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\DAVID\Documents\*.tmp files -> C:\Users\DAVID\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/02 21:32:52 | 000,335,515 | ---- | C] () -- C:\Users\DAVID\Desktop\FSS.exe
[2012/02/01 16:37:37 | 001,133,687 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\Cat.DB
[2012/02/01 16:37:37 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\VT20111023.022
[2012/02/01 12:54:29 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnet.cat
[2012/02/01 12:54:29 | 000,001,441 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnet.inf
[2012/02/01 12:54:28 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symds.cat
[2012/02/01 12:54:28 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symefa.cat
[2012/02/01 12:54:28 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtspx.cat
[2012/02/01 12:54:28 | 000,003,434 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symefa.inf
[2012/02/01 12:54:28 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symds.inf
[2012/02/01 12:54:28 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtspx.inf
[2012/02/01 12:54:27 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\ccsetx86.cat
[2012/02/01 12:54:27 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtsp.cat
[2012/02/01 12:54:27 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\iron.cat
[2012/02/01 12:54:27 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtsp.inf
[2012/02/01 12:54:27 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\ccsetx86.inf
[2012/02/01 12:54:27 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\iron.inf
[2012/02/01 12:52:59 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symvtcer.dat
[2012/02/01 12:52:59 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\isolate.ini
[2012/01/31 14:06:44 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/01/31 14:06:44 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/01/31 14:06:32 | 000,002,696 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/01/31 14:05:23 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/30 22:05:17 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/30 22:05:06 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 21:25:08 | 000,001,491 | ---- | C] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/01/30 21:24:26 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
[2012/01/30 21:09:34 | 000,001,375 | ---- | C] () -- C:\Users\DAVID\Desktop\Norton Installation Files.lnk
[2012/01/30 16:14:44 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/01/30 16:00:39 | 000,000,000 | ---- | C] () -- C:\Users\DAVID\defogger_reenable
[2012/01/29 20:53:20 | 000,001,535 | ---- | C] () -- C:\Users\DAVID\Desktop\sdsetup.exe.lnk
[2012/01/29 10:06:52 | 000,000,677 | ---- | C] () -- C:\Users\DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/26 18:45:03 | 006,191,392 | -H-- | C] () -- C:\Users\DAVID\Desktop\TeknoMW3_1.3.rar
[2012/01/23 17:27:44 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/01/23 17:27:44 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/01/20 22:57:11 | 000,001,120 | -H-- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/01/15 13:39:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/01/15 13:39:33 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/01/15 13:39:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012/01/09 13:19:00 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jMonkeyEngine SDK.lnk
[2012/01/09 13:19:00 | 000,002,033 | -H-- | C] () -- C:\Users\Public\Desktop\jMonkeyEngine SDK.lnk
[2011/11/08 21:27:16 | 000,000,006 | ---- | C] () -- C:\Windows\core32.dll
[2011/09/22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/19 22:29:45 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/08/19 21:35:32 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011/07/20 23:20:09 | 000,000,037 | ---- | C] () -- C:\Windows\SWFConverter.INI
[2011/07/12 12:09:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011/07/10 10:45:54 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/07/10 10:45:54 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/07/10 10:45:53 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/07/10 10:45:53 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/07/10 10:45:53 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/07/10 10:11:55 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/07/10 10:11:55 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/07/10 10:11:22 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/06/19 10:19:09 | 000,000,014 | ---- | C] () -- C:\Windows\System32\SysInfo_6_5_p.dll
[2011/06/09 08:50:19 | 000,012,526 | ---- | C] () -- C:\Windows\lg_up.ini
[2011/05/28 00:22:25 | 000,005,259 | ---- | C] () -- C:\Users\DAVID\AppData\Roaming\servetome-fonts.conf
[2011/05/22 19:38:13 | 000,000,604 | ---- | C] () -- C:\Program Files\STLL Notifier
[2011/05/22 19:31:46 | 000,000,452 | ---- | C] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2011/04/19 19:45:06 | 000,059,198 | ---- | C] () -- C:\Users\DAVID\AppData\Roaming\SQLite3.dll
[2011/04/09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/07 22:31:05 | 000,001,456 | ---- | C] () -- C:\Users\DAVID\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/03/27 09:51:36 | 000,007,168 | ---- | C] () -- C:\Windows\libDSPXUtils.dll
[2011/03/15 04:52:18 | 000,033,792 | ---- | C] () -- C:\Windows\System32\rgbacodec.dll
[2011/03/09 18:20:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/09 18:16:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/20 16:11:54 | 000,000,260 | ---- | C] () -- C:\Windows\System32\SBSDKEng.dat
[2011/01/30 21:45:39 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\iscsidscw.dll
[2011/01/20 12:48:23 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/15 15:50:41 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/01/15 15:49:09 | 000,000,349 | ---- | C] () -- C:\Windows\EReg213.dat
[2011/01/11 17:13:22 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/01/11 17:13:18 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/12/21 16:43:24 | 000,000,019 | ---- | C] () -- C:\Windows\D.ini
[2010/12/16 16:09:36 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/11/13 21:38:43 | 000,000,000 | ---- | C] () -- C:\Users\DAVID\AppData\Roaming\FileOut.cns
[2010/11/13 21:38:43 | 000,000,000 | ---- | C] () -- C:\Users\DAVID\AppData\Roaming\FileIn.cns
[2010/11/07 19:54:32 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe
[2010/11/07 19:54:32 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe
[2010/11/07 19:54:32 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe
[2010/11/01 16:23:01 | 000,000,391 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/11/01 15:23:49 | 000,001,528 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/10/31 11:20:53 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/10/29 18:47:35 | 000,066,524 | ---- | C] () -- C:\Users\DAVID\AppData\Roaming\DAVID3SQLite3.dll
[2010/10/28 07:07:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\bash.exe.stackdump
[2010/10/27 17:48:49 | 000,000,120 | ---- | C] () -- C:\Users\DAVID\AppData\Local\Esujuwes.dat
[2010/10/27 17:48:49 | 000,000,000 | ---- | C] () -- C:\Users\DAVID\AppData\Local\Vfiteyibewerecom.bin
[2010/09/26 20:15:26 | 000,140,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/09/26 20:15:17 | 000,138,056 | ---- | C] () -- C:\Users\DAVID\AppData\Roaming\PnkBstrK.sys
[2010/09/19 21:41:58 | 000,165,993 | ---- | C] () -- C:\Windows\hpoins35.dat.temp
[2010/08/21 21:38:35 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/08/17 19:19:47 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/08/17 18:14:51 | 000,000,053 | ---- | C] () -- C:\Windows\Eraser.INI
[2010/08/05 20:37:46 | 000,000,600 | ---- | C] () -- C:\Users\DAVID\AppData\Roaming\winscp.rnd
[2010/07/05 23:37:06 | 000,033,792 | ---- | C] () -- C:\Windows\System32\dokan.dll
[2010/07/04 15:25:35 | 000,000,482 | ---- | C] () -- C:\Windows\eReg.dat
[2010/06/27 18:37:29 | 000,220,556 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/06/27 09:11:41 | 000,000,022 | ---- | C] () -- C:\Windows\user_setting.ini
[2010/06/24 22:27:39 | 000,431,416 | ---- | C] () -- C:\Windows\System32\LuxandCredentialProvider.dll
[2010/06/24 22:27:38 | 000,628,536 | ---- | C] () -- C:\Windows\System32\LuxandBlink.dll
[2010/06/24 19:35:20 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2010/06/16 18:07:45 | 000,000,140 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2010/06/11 19:58:54 | 000,001,069 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp
[2010/06/11 19:29:10 | 000,165,993 | ---- | C] () -- C:\Windows\hpoins35.dat
[2010/06/11 19:29:10 | 000,001,069 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2010/05/22 21:35:17 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/22 21:35:16 | 000,135,168 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/05/09 16:56:47 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/05/07 21:09:53 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/03 18:24:14 | 000,007,611 | ---- | C] () -- C:\Users\DAVID\AppData\Local\resmon.resmoncfg
[2010/05/02 18:58:36 | 000,000,025 | ---- | C] () -- C:\Windows\System32\msbgph.dat
[2010/05/02 18:19:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/14 08:23:45 | 000,003,584 | ---- | C] () -- C:\Users\DAVID\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/26 19:23:48 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2009/12/27 05:45:30 | 000,000,485 | ---- | C] () -- C:\Windows\lgcare.ini
[2009/12/27 05:40:25 | 000,001,125 | ---- | C] () -- C:\Windows\lgcenter.ini
[2009/12/24 12:09:50 | 000,000,264 | ---- | C] () -- C:\Windows\lgps.ini
[2009/12/02 13:56:48 | 000,040,588 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2009/10/21 05:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 15:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 15:33:53 | 004,052,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 13:05:48 | 000,663,288 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 13:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 13:05:48 | 000,121,598 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 13:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 13:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 13:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 10:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/03/24 11:13:26 | 000,005,365 | ---- | C] () -- C:\Windows\System32\drivers\NetProbe.sys
[2008/10/04 10:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\System32\erdmpg-6.dll
[2008/09/29 04:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2008/08/28 22:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\comLyricGetter.dll
[2008/08/28 22:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\System32\Uncommon.dll
[2008/08/28 22:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\NormalizeDSP.dll
[2008/05/30 01:34:38 | 000,131,072 | ---- | C] () -- C:\Windows\winbg.exe
[2006/11/11 00:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006/11/07 06:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2006/03/29 11:09:11 | 000,240,438 | ---- | C] () -- C:\Users\DAVID\AppData\Roaming\DAVIDlog.dat
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/06 10:34:50 | 000,145,408 | ---- | C] () -- C:\Windows\System32\Lame.exe
[2005/05/23 15:15:14 | 000,002,851 | ---- | C] () -- C:\Windows\System32\helpwri.dat
[2005/05/18 07:37:10 | 000,076,800 | ---- | C] () -- C:\Windows\System32\Faac.exe
[2005/04/08 13:16:43 | 000,074,906 | ---- | C] () -- C:\Users\DAVID\AppData\Roaming\cglogs.dat
[2002/07/20 03:48:22 | 000,157,696 | ---- | C] () -- C:\Windows\System32\OggEnc.exe
[2000/07/15 01:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== Files - Unicode (All) ==========
[2012/01/05 03:13:28 | 000,021,504 | -H-- | C] ()(C:\Users\DAVID\Documents\? ?.doc) -- C:\Users\DAVID\Documents\合 约.doc
[2012/01/04 12:59:28 | 000,021,504 | -H-- | M] ()(C:\Users\DAVID\Documents\? ?.doc) -- C:\Users\DAVID\Documents\合 约.doc
[2011/10/14 21:47:01 | 000,031,710 | -H-- | M] ()(C:\Users\DAVID\Documents\??????????.docx) -- C:\Users\DAVID\Documents\中学生使用手机的情况.docx
[2011/10/14 21:47:00 | 000,031,710 | -H-- | C] ()(C:\Users\DAVID\Documents\??????????.docx) -- C:\Users\DAVID\Documents\中学生使用手机的情况.docx
[2011/09/06 23:12:39 | 000,011,213 | -H-- | M] ()(C:\Users\DAVID\Documents\??????.docx) -- C:\Users\DAVID\Documents\未来的战斗机.docx
[2011/09/03 10:05:33 | 000,011,213 | -H-- | C] ()(C:\Users\DAVID\Documents\??????.docx) -- C:\Users\DAVID\Documents\未来的战斗机.docx
[2011/05/14 10:13:48 | 000,015,636 | -H-- | M] ()(C:\Users\DAVID\Documents\????.docx) -- C:\Users\DAVID\Documents\口语考试.docx
[2011/05/13 23:47:44 | 000,015,636 | -H-- | C] ()(C:\Users\DAVID\Documents\????.docx) -- C:\Users\DAVID\Documents\口语考试.docx
[2011/04/30 01:01:56 | 000,067,536 | -H-- | M] ()(C:\Users\DAVID\Documents\?????????.docx) -- C:\Users\DAVID\Documents\参加课外活动的好处.docx
[2011/04/30 00:44:12 | 000,024,866 | -H-- | M] ()(C:\Users\DAVID\Documents\?????????.docx) -- C:\Users\DAVID\Documents\学生穿衣服的利与弊.docx
[2011/04/30 00:19:10 | 000,067,536 | -H-- | C] ()(C:\Users\DAVID\Documents\?????????.docx) -- C:\Users\DAVID\Documents\参加课外活动的好处.docx
[2011/04/26 22:57:31 | 000,024,866 | -H-- | C] ()(C:\Users\DAVID\Documents\?????????.docx) -- C:\Users\DAVID\Documents\学生穿衣服的利与弊.docx
[2010/09/16 11:21:38 | 000,220,160 | -H-- | M] ()(C:\Users\DAVID\Documents\?????????..[1].doc) -- C:\Users\DAVID\Documents\广州市荔湾区乐贤坊..[1].doc
[2010/09/16 11:21:35 | 000,220,160 | -H-- | C] ()(C:\Users\DAVID\Documents\?????????..[1].doc) -- C:\Users\DAVID\Documents\广州市荔湾区乐贤坊..[1].doc
[2010/08/28 23:12:45 | 000,015,584 | -H-- | M] ()(C:\Users\DAVID\Documents\??????????.docx) -- C:\Users\DAVID\Documents\有人说装备不是万能的.docx
[2010/08/28 23:12:44 | 000,015,584 | -H-- | C] ()(C:\Users\DAVID\Documents\??????????.docx) -- C:\Users\DAVID\Documents\有人说装备不是万能的.docx
[2010/08/20 22:44:20 | 000,021,797 | -H-- | M] ()(C:\Users\DAVID\Documents\????????.docx) -- C:\Users\DAVID\Documents\不健康食物的危害.docx
[2010/08/20 21:33:57 | 000,021,797 | -H-- | C] ()(C:\Users\DAVID\Documents\????????.docx) -- C:\Users\DAVID\Documents\不健康食物的危害.docx
[2010/06/12 09:41:21 | 000,003,365 | -H-- | M] ()(C:\Users\DAVID\Documents\????.rtf) -- C:\Users\DAVID\Documents\游墨尔本.rtf
[2010/06/12 09:37:13 | 000,003,365 | -H-- | C] ()(C:\Users\DAVID\Documents\????.rtf) -- C:\Users\DAVID\Documents\游墨尔本.rtf
[2010/06/05 09:58:52 | 000,015,434 | -H-- | M] ()(C:\Users\DAVID\Documents\????.docx) -- C:\Users\DAVID\Documents\游墨尔本.docx
[2010/06/05 09:08:46 | 000,015,434 | -H-- | C] ()(C:\Users\DAVID\Documents\????.docx) -- C:\Users\DAVID\Documents\游墨尔本.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\Users\DAVID\Application Data:NT
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:EB603FE4
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E0258CAE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:9B013599
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:1CA73D29
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:C8B8CEBD
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

OTL Extras logfile created on: 2/3/2012 5:19:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DAVID\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.34% Memory free
5.98 Gb Paging File | 4.17 Gb Available in Paging File | 69.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.00 Gb Total Space | 1.52 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
Drive D: | 222.26 Gb Total Space | 1.04 Gb Free Space | 0.47% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 1677.42 Gb Free Space | 90.04% Space Free | Partition Type: NTFS

Computer Name: JOSEPH-PC | User Name: DAVID | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3544938981-518352492-2941319083-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files\DDD\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files\DDD\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef Media Player -- (DDD Group Plc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01DAE036-0879-4915-ADC7-4692A34D7899}" = Folding@home-gpu
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{067B277E-F94B-4F04-B380-BA967C00377C}_is1" = MiniTool Partition Wizard Home Edition 6.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09E0C303-183A-461C-A1CC-C4647C13B76D}" = TI-Nspire™ Computer Link Software
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C72BE82-2BEB-4FAC-8024-CB0C31965153}" = iCamSource
"{0D3D543D-1D8E-42C1-856C-EE1C143FB38A}" = calibre
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A04B97A-C6A7-12F9-B24F-79EDAA96C0AE}" = Mielophone
"{1C63AA59-66B2-418C-BDF5-53A534DA5690}_is1" = Sothink SWF to Video Converter
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24933F5C-87D7-4BB8-ABA1-85FF59F74584}" = City Bus Simulator 2010 - New York
"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{38863258-6767-4D7E-ACBB-E720E1CCE7F9}" = WSRToolkit
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FE5C3-799E-4E41-AF4E-943F9BC4C4BD}_is1" = All My Books 1.9 FREE for PCUser
"{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = LG Smart Recovery
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46B3CC07-3B29-41B4-9B22-0988425E8E2C}_is1" = Auslogics Duplicate File Finder
"{46D61287-50D4-46B9-B10B-B6DBCD023873}" = EASEUS Data Recovery Wizard 4.3.6
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D3B92CA-7973-4D9E-BB93-52C705A473B6}" = OF Dragon Rising Demo
"{4EFD0178-748B-4AEF-BF64-51BEF3048F8B}" = Terragen 2 Free Edition
"{503728A0-6B5C-457F-A1DC-EAF716606DC2}}_is1" = GameBox Console
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53753510-7620-4D2B-9C0B-111F871615D9}" = LEGO MINDSTORMS NXT - English Language Pack
"{53FED732-39DF-4973-85CD-854115455007}" = Sun VirtualBox
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AB36A6C-27A8-4CB1-89A1-9D05F3F16625}" = Mobile Mouse Server
"{5B4BE556-7A8A-5770-C35A-613B8C7219D6}" = bandit.fm download manager
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{674DA379-28EE-4773-A2C1-8A856117803D}" = Call of Juarez - Bound in Blood SP Demo
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A914868-2703-4FB1-8129-CB1320BB09F0}" = MyVirtualHome
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BD1CEF5-9479-4540-804E-BD101756794D}" = Predator
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{706AE61D-40A4-4F50-8359-FE8F6F7FA461}" = Acronis Drive Monitor
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7346B4A0-1200-0100-0409-705C0D862004}" = Revit Architecture 2012
"{7346B4A0-1200-0101-0409-705C0D862004}" = Revit Architecture 2012 Language Pack - English
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{74B68E74-908B-48C4-8562-580CF2741BBA}" = Nuance OmniPage 17
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7E5FFD30-9EF9-4756-96C7-09F8FCFAD8D2}_is1" = TinCam 1.07
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 2.101
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113784233}" = Home Sweet Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{846447E6-F3CB-4DD9-B4AD-5CCBBB610982}" = LG Smart Care
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.17
"{85D5BFBB-8BC4-467B-BADA-D574A3CDC139}_is1" = FingerPrint 1.2.0.244
"{891570B1-75CB-4281-8A00-742274F44973}" = World of Subways Vol.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.6
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9672CAD2-F310-42D6-9147-E4A4B6ED8395}" = LG Magnifier
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout™ Paradise The Ultimate Box
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C542173-96F0-435D-A95C-468CAAC75EA0}" = Adobe Flash Player 10 Plugin
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour Print Services
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A088AF9D-0B94-4C33-B327-E5B494CE810B}" = PS_AIO_05_C309_Software_Min
"{A0D4FD39-AA05-483B-97C8-0565F2FECC97}" = myWIFIzone
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B54408-EF50-4821-B8A2-F597A657112A}" = HP Photosmart C309a All-In-One Driver 13.0 Rel .5
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.38
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB199400-0DF8-449F-A041-702986D76629}" = Soluto
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB912177-24CC-4AEE-8329-97D7ACD125D4}" = Macrium Reflect - Free Edition
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BFBF0452-83DE-4678-9F1D-E58AA41265F0}" = BVE
"{C1D2D7B6-DE54-4634-A7FF-FE386DCB43DB}_is1" = TPG LeechOmeter 3.0
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9A1FFBA-B590-453B-924E-11C97A5EDE74}" = Macallan Convert Srt To Ssa
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{C9F06F5D-D521-43D5-AEB7-79176DC6CCDE}_is1" = Phone Disk 1.006
"{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}" = LEGO MINDSTORMS NXT Software v2.0
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCCCCAB1-3AB3-49A8-BD4E-B0CFCCA77644}" = VSpeech Beta 4
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D30E4145-9120-4497-AD35-F78482C3CF88}" = LEGO MINDSTORMS NXT Driver
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DABD50F7-0001-0002-0003-ABCDEFABCDEF}" = LG Smart Indicator
"{DCCF734A-42DA-4951-8C8E-92CD33D2FA2E}" = PrinterShare 2.3.05
"{DDED6343-D85F-46F8-B87E-14004B5853EC}" = Call of Juarez - Bound in Blood SP Demo
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF372CE7-C89F-454C-9D6C-1BCAEFF45FB3}" = BVE Uchibo Line
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2130
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EC2F741D-308C-42B4-BD04-9A4853F2E402}" = GtkRadiant 1.5.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1585551-3CCD-48AA-BB4C-3E567107EDCF}" = LG OSD
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2558AA8-506F-4C58-AB64-C05C6F675756}" = RT 7 Lite x86
"{F5A0B0CA-6C5F-4029-AE7F-17B5A067E4E0}" = TI-Nspire™ CAS Computer Software
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBEA1DA0-5289-4B11-983C-3D9FA03E670F}" = RSDLite
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD71CE24-45B4-4368-9314-3B2F14933BF8}" = PC PhoneHome Pro
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3 Mobile Broadband" = 3 Mobile Broadband
"3 MobileBroadband" = 3 MobileBroadband
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Active WebCam" = Active WebCam
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5ac697db6c6103f6f8b5198d25f73f7" = Add or Remove Adobe Creative Suite 3 Master Collection
"Aerofoil" = Aerofoil 1.5.0_03
"Air Video Server" = Air Video Server 2.4.5-beta6
"AirSnare" = AirSnare
"Album Art Downloader XUI" = Album Art Downloader XUI 0.37.1
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"asterisk key" = Asterisk Key 10.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudioBurst" = AudioBurst FX Engine
"AuranTS2009_is1" = Trainz: Engineer's Edition
"AutocompletePro3_is1" = AutocompletePro
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Autodesk Revit Architecture 2012" = Autodesk Revit Architecture 2012
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BlazeDTV 6.5Pro_is1" = BlazeDTV 6.5Pro
"Blender" = Blender
"Borders" = Borders
"Cain & Abel v4.9.36" = Cain & Abel v4.9.36
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CamStudio" = CamStudio
"Capsule" = Capsule
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Code of Honor 2 DEMO_is1" = Code of Honor 2 DEMO (1.0)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combat Arms" = Combat Arms
"Comical_is1" = Comical 0.8
"Connectify" = Connectify
"Counter-Strike 1.6" = Counter-Strike 1.6
"CraftBukkit" = CraftBukkit
"Cross Fire_is1" = Cross Fire En
"Cyberduck" = Cyberduck 4.0.2 (8601)
"Disk Space Fan_is1" = Disk Space Fan 2.2.7.821
"D-Link VGA Webcam" = D-Link VGA Webcam
"DokanLibrary" = Dokan Library 0.5.3
"doPDF 6 printer_is1" = doPDF 6.2 printer
"Dorgem_is1" = Dorgem 2.1.0
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011)
"DVDStyler_is1" = DVDStyler v1.8.2
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"Eldy" = Eldy 2.3
"ESN Sonar-0.70.0" = ESN Sonar
"essentials-bundle" = TriDef 3-D Experience 4.0.2
"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.331
"Ethereal" = Ethereal 0.99.0
"EvidenceNuker" = EvidenceNuker (remove only)
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"ExpressAccounts" = Express Accounts
"ExpressInvoice" = Express Invoice
"Fallout New Vegas_is1" = Fallout New Vegas
"FE2F65FA-062A-4B2E-ADC7-954026AD5247" = QHiMDTransfer
"ffdshow_is1" = ffdshow [rev 2202] [2008-10-10]
"Finger" = Finger
"Flashants SWF2Video Trial 1.1_is1" = SWF2Video Trial 1.1
"fm.bandit.desktop" = bandit.fm download manager
"Fraps" = Fraps (remove only)
"Free DVD Creator (by minidvdsoft)_is1" = Free DVD Creator version 2.0
"FreeArc" = FreeArc 0.666
"FreeOTFE" = FreeOTFE
"FreeOTFE Explorer" = FreeOTFE Explorer
"GFWL_{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"Gizmo Central" = Gizmo Central
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"HyperCam 2" = HyperCam 2
"ignition-pkg" = TriDef Ignition 2.1
"ImDisk" = ImDisk Virtual Disk Driver
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"Install Creator" = Install Creator
"Install Creator Pro" = Install Creator Pro
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = LG Smart Recovery
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = SWAT 4 - The Stetchkov Syndicate
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Inventoria" = Inventoria Stock Manager
"iSkysoft DVD to iPhone Converter_is1" = iSkysoft DVD to iPhone Converter(Build 2.3.3.0)
"LEGO Racers" = LEGO Racers
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.1
"LinuxLive USB Creator" = LinuxLive USB Creator
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"Loki Browser Plugin" = Loki Browser Plugin
"LSI Soft Modem" = LSI HDA Modem
"LuxandBlink_is1" = Luxand Blink! v2.0
"Macaw_is1" = Macaw 301
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MagicScore_is1" = MagicScore
"MailStore Home_is1" = MailStore Home 4.2.0.5431
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"media-player-pkg" = TriDef Media Player 6.4.11
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mielophone" = Mielophone
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"mIRC" = mIRC
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"MTA:SA" = MTA:SA v1.0.5
"MultiMon TaskBar_is1" = MultiMon TaskBar 2.1
"nbi-jmonkeyplatform-0.8.0.0.0" = jMonkeyEngine SDK
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NetBalancer_is1" = NetBalancer
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Neverball" = Neverball 1.5.0
"New LEGO Digital Designer" = LEGO Digital Designer
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.1.3
"ophcrack" = ophcrack 3.3.1
"Orbit_is1" = Orbit Downloader
"Origin" = Origin
"OSForensics_is1" = OSForensics Beta
"Parallel Port Joystick" = Parallel Port Joystick
"PDFZilla_is1" = PDFZilla V1.2.9
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"Polipo" = Polipo 1.0.4.1
"proXPN" = proXPN 2.4.9
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"RailWorks 2_is1" = RailWorks 2
"Rainmeter" = Rainmeter
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.89
"S.W.A.T. 4_is1" = S.W.A.T. 4
"SABnzbd" = SABnzbd 0.6.9
"Sandboxie" = Sandboxie 3.38
"Scribe" = Express Scribe
"ServeToMe_is1" = ServeToMe 3.5.2.0
"Software Informer_is1" = Software Informer 1.0 BETA
"Sothink SWF to Video Converter_is1" = Sothink SWF to Video Converter
"Spider Solitaire_is1" = Spider Solitaire 1.1.0
"Splitcam DB Toolbar" = Splitcam DB Toolbar
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 440" = Team Fortress 2
"SumatraPDF" = SumatraPDF
"Synthesia" = Synthesia (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Telemarketing Blocker_is1" = Telemarketing Blocker 3.0.0
"TightVNC" = TightVNC 2.0.3
"TmNationsForever_is1" = TmNationsForever
"Tor" = Tor 0.2.1.26
"Torrent Episode Downloader 0.972" = Torrent Episode Downloader
"Train Simulator 1.0" = Microsoft Train Simulator
"TRS2006_is1" = TRS2006
"TrueCrypt" = TrueCrypt
"Tunngle beta_is1" = Tunngle beta
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.6
"Unlocker" = Unlocker 1.9.1
"Update Service" = Sony Ericsson Update Service
"uTorrent" = µTorrent
"VIC Western Main v1.3" = VIC Western Main v1.3
"Vidalia" = Vidalia 0.2.9
"Viper" = Viper 3.0.04
"Vitamin D Video_is1" = Vitamin D Video 1.4.2
"VLC media player" = VLC media player 1.1.11
"WallWatcher" = WallWatcher
"West Point Bridge Designer 2011 (2nd Edition)" = West Point Bridge Designer 2011 (2nd Edition) (remove only)
"Wi-Fi Sync" = Wi-Fi Sync
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"winscp3_is1" = WinSCP 4.2.8
"Wireshark" = Wireshark 1.2.6
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3544938981-518352492-2941319083-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"222b0185185e5fb6" = Minecraft Backup Assistant
"Audiogalaxy" = Audiogalaxy
"Blaze Media Pro" = Blaze Media Pro
"Call of Duty 4 Modern Warfare ™" = Call of Duty 4 Modern Warfare ™
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"RT 7 Lite x86" = RT 7 Lite (32-Bit)
"VIC Nth-Eastern Mainline v1.3" = VIC Nth-Eastern Mainline v1.3
"WinDirStat" = WinDirStat 1.1.2
"XBMC" = XBMC
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2012 2:18:13 AM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application name: steam.exe, version: 1.0.1065.11, time stamp:
0x4d9b89de Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00032239 Faulting process id:
0x17b8 Faulting application start time: 0x01cce0a90dc6b1a7 Faulting application path:
C:\Program Files\Steam\steam.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 84adf826-4c9c-11e1-8090-b96c3c60c73d

Error - 2/1/2012 3:33:00 AM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iw5mp.exe, version: 0.0.0.0, time stamp:
0x4f186c8f Faulting module name: iw5mp.exe, version: 0.0.0.0, time stamp: 0x4f186c8f
Exception
code: 0xc0000005 Fault offset: 0x0009b5ff Faulting process id: 0x1260 Faulting application
start time: 0x01cce0b3962338dc Faulting application path: G:\Call of Duty- Modern
Warfare 3\iw5mp.exe Faulting module path: G:\Call of Duty- Modern Warfare 3\iw5mp.exe
Report
Id: f7945aca-4ca6-11e1-8090-b96c3c60c73d

Error - 2/1/2012 3:42:16 AM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iw5mp.exe, version: 0.0.0.0, time stamp:
0x4f186c8f Faulting module name: iw5mp.exe, version: 0.0.0.0, time stamp: 0x4f186c8f
Exception
code: 0xc0000005 Fault offset: 0x0009b5ff Faulting process id: 0xda4 Faulting application
start time: 0x01cce0b49dcff731 Faulting application path: G:\Call of Duty- Modern
Warfare 3\iw5mp.exe Faulting module path: G:\Call of Duty- Modern Warfare 3\iw5mp.exe
Report
Id: 42eb2cb3-4ca8-11e1-8090-b96c3c60c73d

Error - 2/1/2012 3:46:36 AM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iw5mp.exe, version: 0.0.0.0, time stamp:
0x4f186c8f Faulting module name: iw5mp.exe, version: 0.0.0.0, time stamp: 0x4f186c8f
Exception
code: 0xc0000005 Fault offset: 0x0009b5ff Faulting process id: 0x470 Faulting application
start time: 0x01cce0b57b6a646e Faulting application path: G:\Call of Duty- Modern
Warfare 3\iw5mp.exe Faulting module path: G:\Call of Duty- Modern Warfare 3\iw5mp.exe
Report
Id: dde636c9-4ca8-11e1-8090-b96c3c60c73d

Error - 2/1/2012 4:06:14 AM | Computer Name = Joseph-PC | Source = Application Hang | ID = 1002
Description = The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c0 Start
Time: 01cce0b85491af75 Termination Time: 10 Application Path: C:\Windows\system32\NOTEPAD.EXE

Report
Id: 9a0ae3da-4cab-11e1-8090-b96c3c60c73d

Error - 2/1/2012 4:18:04 AM | Computer Name = Joseph-PC | Source = Application Hang | ID = 1002
Description = The program iw5sp.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: b28 Start Time:
01cce0b9d628d0da Termination Time: 7 Application Path: G:\Call of Duty- Modern Warfare
3\iw5sp.exe Report Id: 41725cec-4cad-11e1-8090-b96c3c60c73d

Error - 2/2/2012 1:16:24 AM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application name: proxpn_upgrader.exe, version: 0.0.0.0,
time stamp: 0x4e3940ed Faulting module name: proxpn_upgrader.exe, version: 0.0.0.0,
time stamp: 0x4e3940ed Exception code: 0x40000015 Fault offset: 0x00022b4b Faulting
process id: 0x11b0 Faulting application start time: 0x01cce1695380e4f1 Faulting application
path: C:\Program Files\proXPN\bin\proxpn_upgrader.exe Faulting module path: C:\Program
Files\proXPN\bin\proxpn_upgrader.exe Report Id: 0ca85c2a-4d5d-11e1-853c-95fd8b3a2632

Error - 2/2/2012 1:30:18 AM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.5.59.124, time stamp:
0x4e96c098 Faulting module name: Skype.exe, version: 5.5.59.124, time stamp: 0x4e96c098
Exception
code: 0xc0000005 Fault offset: 0x001dae87 Faulting process id: 0x151c Faulting application
start time: 0x01cce16a104f755f Faulting application path: C:\Program Files\Skype\Phone\Skype.exe
Faulting
module path: C:\Program Files\Skype\Phone\Skype.exe Report Id: fd9988fa-4d5e-11e1-853c-95fd8b3a2632

Error - 2/2/2012 2:00:54 AM | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.5.59.124, time stamp:
0x4e96c098 Faulting module name: Skype.exe, version: 5.5.59.124, time stamp: 0x4e96c098
Exception
code: 0xc0000005 Fault offset: 0x001dae87 Faulting process id: 0x724 Faulting application
start time: 0x01cce16fa68c7268 Faulting application path: C:\Program Files\Skype\Phone\Skype.exe
Faulting
module path: C:\Program Files\Skype\Phone\Skype.exe Report Id: 43e6af65-4d63-11e1-853c-95fd8b3a2632

Error - 2/2/2012 3:50:19 AM | Computer Name = Joseph-PC | Source = Application Hang | ID = 1002
Description = The program NTX_MW3_Trn_V1.0.exe version 1.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 130c Start
Time: 01cce17cd095d7e6 Termination Time: 10 Application Path: G:\COD FIX\Call of
Duty- Modern Warfare 3\Hacks\NTX_MW3_Trn_V1.0.exe Report Id: 71ad9b18-4d70-11e1-853c-95fd8b3a2632


[ Media Center Events ]
Error - 3/15/2011 5:08:13 AM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 8:08:05 PM - Error connecting to the internet. 8:08:08 PM - Unable
to contact server..

Error - 3/21/2011 1:14:20 AM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 4:14:19 PM - Error connecting to the internet. 4:14:19 PM - Unable
to contact server..

Error - 4/1/2011 1:20:05 AM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 4:20:05 PM - Error connecting to the internet. 4:20:05 PM - Unable
to contact server..

Error - 6/18/2011 7:33:48 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 9:33:48 AM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 6/18/2011 7:34:20 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 9:34:20 AM - Failed to retrieve dSM.cab (Error: HTTP status 404: The
requested URL does not exist on the server. )

Error - 6/18/2011 7:34:23 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 9:34:23 AM - Failed to retrieve Logos-2.cab (Error: HTTP status 404:
The requested URL does not exist on the server. )

Error - 6/18/2011 7:34:27 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 9:34:26 AM - Failed to retrieve SMTiles.cab (Error: HTTP status 404:
The requested URL does not exist on the server. )

Error - 7/10/2011 5:38:14 PM | Computer Name = DAVID-PC | Source = MCUpdate | ID = 0
Description = 7:38:12 AM - Error connecting to the internet. 7:38:12 AM - Unable
to contact server..

Error - 8/5/2011 6:34:34 PM | Computer Name = Joseph-PC | Source = MCUpdate | ID = 0
Description = 8:34:34 AM - Error connecting to the internet. 8:34:34 AM - Unable
to contact server..

Error - 8/16/2011 5:08:13 PM | Computer Name = Joseph-PC | Source = MCUpdate | ID = 0
Description = 7:08:11 AM - Error connecting to the internet. 7:08:11 AM - Unable
to contact server..

[ System Events ]
Error - 2/3/2012 2:42:36 AM | Computer Name = Joseph-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/3/2012 2:45:27 AM | Computer Name = Joseph-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/3/2012 2:46:47 AM | Computer Name = Joseph-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/3/2012 2:48:59 AM | Computer Name = Joseph-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/3/2012 2:51:10 AM | Computer Name = Joseph-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/3/2012 2:53:24 AM | Computer Name = Joseph-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/3/2012 2:56:20 AM | Computer Name = Joseph-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/3/2012 2:59:21 AM | Computer Name = Joseph-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/3/2012 2:59:24 AM | Computer Name = Joseph-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/3/2012 3:01:38 AM | Computer Name = Joseph-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >

The redirects are happening more often now I think.
Nothing else seems strange.
The debugger problem still is happening
Thanks for your help greatly.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:06 AM

Posted 03 February 2012 - 03:06 AM

Hi ShoopDahWhoop!

Okay, first things first, from the looks of things I see 3 different Anti-Virus programs running.

I can see Avast, Norton, and Microsoft Security Essentials running.

Multiple Anti-Virus Programs

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

You should decide on which one you wish to keep and then uninstall the other two.

-----------

What happened when you attempted to run aswMBR.exe?

Please run this tool:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

Edited by SweetTech, 03 February 2012 - 03:07 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 ShoopDahWhoop

ShoopDahWhoop
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 06 February 2012 - 01:14 AM

Hi Agent ST,
I have uninstalled two of the three AV programs.

When I tried to run aswMBR, nothing popped up after I clicked on the icon.
I did run another similar program called MBRCheck.
It said the MBR of my primary drive was faked.
Would you like me to attach the logs?

I started Combofix and ran it.
Everything seemed normal.
However, after about 3 hours, it still hadn't completed.
I have left it running for over 4 or 5 hours and it still didn't finish the scans etc.
Thanks greatly for your help.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:06 AM

Posted 06 February 2012 - 04:01 AM

Hi ShoopDahWhoop!

Can you please download a new copy of ComboFix and save it to your C:\ drive and name it as svchost.exe and see if you're able to run it then.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 ShoopDahWhoop

ShoopDahWhoop
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 09 February 2012 - 03:33 AM

Hi Agent ST
I am unable to run ComboFix at all when I rename it svchost.exe

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:06 AM

Posted 09 February 2012 - 08:56 AM

Hi!

Sorry to hear you're experiencing issues with running the tools.

Do you have access to a USB device?

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • You'll need to ensure that you select the xpud-0.9.2.iso as the source.
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 ShoopDahWhoop

ShoopDahWhoop
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 15 February 2012 - 06:20 AM

Sorry for the late reply.

I am unable to boot from the USB drive.

The BIOS shows no options to boot from USB drive, only CD/DVD and the primary partition.

Is there another tool I could use?

Thanks!

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:06 AM

Posted 15 February 2012 - 09:31 AM

Hi!

Okay. Do you have the ability to burn a DVD/CD?

If so, we can try the following:

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 ShoopDahWhoop

ShoopDahWhoop
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 19 February 2012 - 05:56 AM

Hi Agent ST
I did install the xPUD as a dual boot and have attached the MBRBackup.zip for you
Thanks
Attached File  MBRBackup.zip   512bytes   5 downloads

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:06 AM

Posted 19 February 2012 - 07:29 AM

Hi!

Thanks for posting that MBR dump.

I'd like to have you boot your computer up Normally and attempt to download a new copy of TDSSKiller and see if you're able to run that one. It's been updated recently, and I'm hoping you'll be able to get it to run a scan for you.

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 ShoopDahWhoop

ShoopDahWhoop
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 20 February 2012 - 05:40 AM

Hi Agent ST
I am unable to run TDSSKiller at all
Thanks

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:06 AM

Posted 20 February 2012 - 07:04 AM

Can you try renaming it to svchost and see if it will run for you then?

How about trying to run aswMBR.exe and see if that will run for you?

In the meantime, I need to look into a few things.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 ShoopDahWhoop

ShoopDahWhoop
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 25 February 2012 - 02:09 AM

Hello Agent
I try renaming the file to svchost and running it but it comes up with:
The remote procedure call failed.
When I run it without changing the name, nothing happens.
aswMBR still doesn't work
Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users