TechSpot

C:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner)

By hanz99
Jan 15, 2012
  1. I have a PUP.BitMiner. I try to remove it use mbam, but it come back. Below are mbam . Can you help??

    Hanz

    Malwarebytes Anti-Malware 1.60.0.1600
    www.malwarebytes.org

    Database version: v2012.01.15.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    TEST :: BOAT [limited]

    1/15/2012 8:30:20 AM
    mbam-log-2012-01-15 (08-30-20).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 669008
    Time elapsed: 30 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.

    (end)
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. hanz99

    hanz99 TS Rookie Topic Starter

    Step 1 completed: (avast)
    Step 2 complete: log follows:

    What next??

    Hanz

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.16.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    TEST :: BOAT [limited]

    1/16/2012 6:04:14 AM
    mbam-log-2012-01-16 (06-04-14).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 181334
    Time elapsed: 1 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  4. hanz99

    hanz99 TS Rookie Topic Starter

    Step 3 complete: no log
    Step 4 compete: logs follow:

    Hanz

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by TEST at 6:21:27 on 2012-01-16
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8099.6517 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\vVX1000.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\OO Software\Defrag\oodtray.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
    C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
    C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe
    C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files\OO Software\Defrag\oodag.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\ShopSafe\ShopSafe.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Windows\SysWOW64\obroker.exe
    C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Intel\Intel Desktop Utilities\iptray.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = Preserve
    mWinlogon: Userinit=userinit.exe,
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: ShopSafeBrowserHelper Class: {333f6b96-3992-4d58-a499-145a10fe48c3} - C:\Program Files (x86)\ShopSafe\BhoSSafe.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun: [ShopSafe] C:\PROGRA~2\ShopSafe\ShopSafe.exe /dontopenmycards
    mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    mRun: [RemoteControl11] "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [ipTray.exe] "C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe"
    mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    dRun: [DVDFab Passkey] "C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe"
    StartupFolder: C:\Users\TEST\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CHECKF~1.LNK - C:\Jts\WiseUpdt.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 172.16.105.1
    TCP: Interfaces\{797E6F32-F9AA-462F-97A4-4B2CD5BB8152} : DhcpNameServer = 172.16.105.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    AppInit_DLLs: acaptuser32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: ShopSafeBrowserHelper Class: {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\Program Files (x86)\ShopSafe\BhoSSafe.dll
    BHO-X64: ShopSafe Shared Browser Helper Object - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun-x64: [ShopSafe] C:\PROGRA~2\ShopSafe\ShopSafe.exe /dontopenmycards
    mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    mRun-x64: [RemoteControl11] "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [ipTray.exe] "C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe"
    mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    AppInit_DLLs-X64: acaptuser32.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\alxzbf1v.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
    FF - prefs.js: browser.search.selectedEngine - eBay
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\ShopSafe\components\SlimOrbAddonShopSafe.dll
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 Sahdad64;HDD Filter Driver;C:\Windows\system32\Drivers\Sahdad64.sys --> C:\Windows\system32\Drivers\Sahdad64.sys [?]
    R0 Saibad64;Volume Filter Driver;C:\Windows\system32\Drivers\Saibad64.sys --> C:\Windows\system32\Drivers\Saibad64.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\system32\Drivers\SaibVdAd64.sys --> C:\Windows\system32\Drivers\SaibVdAd64.sys [?]
    R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/08/23 17:03:24];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-8-23 148976]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-16 44768]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
    R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-8-23 83240]
    R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
    R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-8-23 70952]
    R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-8-23 312616]
    R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
    R2 IduService;Intel(R) Desktop Utilities Service;C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe [2011-8-19 132808]
    R2 Intel(R) Desktop Boards FSC Application Service;Intel(R) Desktop Boards FSC Application Service;C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe [2011-8-19 61440]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
    R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-8-23 75248]
    R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2011-9-18 3271496]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-7-18 632792]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-25 2656536]
    R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
    R3 cpuio;CPUIO Service;C:\Windows\SysWOW64\drivers\cpuiox64.sys [2011-11-30 15384]
    R3 dvdfab;dvdfab;C:\Windows\system32\drivers\dvdfab.sys --> C:\Windows\system32\drivers\dvdfab.sys [?]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 USA49WG;USA49WG;C:\Windows\system32\DRIVERS\USA49WGx64.sys --> C:\Windows\system32\DRIVERS\USA49WGx64.sys [?]
    R3 USA49WGP;USA49WGP;C:\Windows\system32\DRIVERS\USA49WGx64p.SYS --> C:\Windows\system32\DRIVERS\USA49WGx64p.SYS [?]
    S1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;C:\Windows\System32\regw2.exe [2012-1-13 833342]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 ICDUSB3;ICDUSB3;C:\Windows\system32\Drivers\ICDUSB3.sys --> C:\Windows\system32\Drivers\ICDUSB3.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011c\RpcAgentSrv.exe [2011-7-4 93848]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-01-16 11:03:30 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-01-16 11:03:29 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-01-16 11:03:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-01-16 10:20:31 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-01-16 10:20:30 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-01-16 10:20:25 41184 ----a-w- C:\Windows\avastSS.scr
    2012-01-16 02:43:18 -------- d-----w- C:\Users\TEST\AppData\Roaming\FixTDSS
    2012-01-13 20:59:37 -------- d-----w- C:\Users\TEST\AppData\Roaming\Nuance
    2012-01-13 20:59:37 -------- d-----w- C:\Users\TEST\AppData\Roaming\FLEXnet
    2012-01-13 20:58:33 -------- d-----w- C:\Program Files (x86)\Common Files\IVA
    2012-01-13 20:58:29 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance
    2012-01-13 20:58:13 -------- d-----w- C:\ProgramData\Nuance
    2012-01-13 20:58:13 -------- d-----w- C:\Program Files (x86)\Nuance
    2012-01-13 20:55:36 833342 ----a-w- C:\Windows\SysWow64\regw2.exe
    2012-01-11 00:25:05 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-11 00:25:05 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
    2012-01-11 00:25:05 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
    2012-01-11 00:25:04 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-07 17:39:09 -------- d-----w- C:\ProgramData\AVAST Software
    2012-01-07 17:39:09 -------- d-----w- C:\Program Files\AVAST Software
    2012-01-06 02:39:35 -------- d-----w- C:\Program Files (x86)\Ask.com
    2012-01-04 19:44:46 -------- d-----w- C:\Windows\System32\MpEngineStore
    2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-12-23 20:59:57 -------- d-----w- C:\ProgramData\PC Tools
    2011-12-23 20:43:59 -------- d-----w- C:\Program Files (x86)\PC Tools Security
    2011-12-19 03:18:26 -------- d-----we C:\Windows\system64
    2011-12-19 02:43:21 580096 ----a-w- C:\Windows\System32\ac3filter64.acm
    2011-12-19 02:43:21 -------- d-----w- C:\Program Files (x86)\AC3Filter
    2011-12-19 02:36:15 -------- d-----w- C:\Windows\SysWow64\custom matrices
    2011-12-19 02:36:14 -------- d-----w- C:\Windows\SysWow64\QuickTime
    2011-12-19 02:36:14 -------- d-----w- C:\Windows\SysWow64\C2MP
    .
    ==================== Find3M ====================
    .
    2011-11-30 19:55:36 557056 ----a-w- C:\Windows\System32\LAVVideo.ax
    2011-11-30 19:55:36 550912 ----a-w- C:\Windows\System32\LAVSplitter.ax
    2011-11-30 19:55:32 241664 ----a-w- C:\Windows\System32\LAVAudio.ax
    2011-11-30 19:55:30 200192 ----a-w- C:\Windows\System32\libbluray.dll
    2011-11-30 19:55:24 951794 ----a-w- C:\Windows\System32\avformat-lav-53.dll
    2011-11-30 19:55:24 362454 ----a-w- C:\Windows\System32\swscale-lav-2.dll
    2011-11-30 19:55:24 200604 ----a-w- C:\Windows\System32\avutil-lav-51.dll
    2011-11-30 19:55:24 115305 ----a-w- C:\Windows\System32\avfilter-lav-2.dll
    2011-11-30 19:55:22 6433576 ----a-w- C:\Windows\System32\avcodec-lav-53.dll
    2011-11-30 19:53:40 458752 ----a-w- C:\Windows\SysWow64\LAVSplitter.ax
    2011-11-30 19:53:40 437248 ----a-w- C:\Windows\SysWow64\LAVVideo.ax
    2011-11-30 19:53:36 211968 ----a-w- C:\Windows\SysWow64\LAVAudio.ax
    2011-11-30 19:53:34 171008 ----a-w- C:\Windows\SysWow64\libbluray.dll
    2011-11-30 19:53:26 957031 ----a-w- C:\Windows\SysWow64\avformat-lav-53.dll
    2011-11-30 19:53:26 6244574 ----a-w- C:\Windows\SysWow64\avcodec-lav-53.dll
    2011-11-30 19:53:26 337369 ----a-w- C:\Windows\SysWow64\swscale-lav-2.dll
    2011-11-30 19:53:26 197696 ----a-w- C:\Windows\SysWow64\avutil-lav-51.dll
    2011-11-30 19:53:26 127340 ----a-w- C:\Windows\SysWow64\avfilter-lav-2.dll
    2011-11-30 09:54:05 76288 ----a-w- C:\Windows\SysWow64\EfiVar64.dll
    2011-11-30 09:54:05 18200 ----a-w- C:\Windows\SysWow64\drivers\variable64.sys
    2011-11-30 09:54:05 18200 ----a-w- C:\Windows\System32\drivers\variable64.sys
    2011-11-30 09:54:05 15384 ----a-w- C:\Windows\SysWow64\drivers\cpuiox64.sys
    2011-11-30 09:54:05 15384 ----a-w- C:\Windows\System32\drivers\cpuiox64.sys
    2011-11-20 11:46:26 4480512 ----a-w- C:\Windows\System32\ffdshow.ax
    2011-11-20 11:43:36 3563520 ----a-w- C:\Windows\SysWow64\ffdshow.ax
    2011-11-20 11:36:10 4031488 ----a-w- C:\Windows\System32\ffmpeg.dll
    2011-11-20 11:34:48 3900928 ----a-w- C:\Windows\SysWow64\ffmpeg.dll
    2011-11-20 11:19:08 473600 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
    2011-11-20 11:18:18 630272 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
    2011-11-20 11:17:48 159232 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll
    2011-11-20 11:17:46 358400 ----a-w- C:\Windows\System32\ff_libfaad2.dll
    2011-11-20 11:17:46 183808 ----a-w- C:\Windows\System32\ff_unrar.dll
    2011-11-20 11:17:46 155648 ----a-w- C:\Windows\System32\ff_libmad.dll
    2011-11-20 11:17:46 112128 ----a-w- C:\Windows\System32\ff_wmv9.dll
    2011-11-20 11:17:44 221696 ----a-w- C:\Windows\System32\ff_libdts.dll
    2011-11-20 11:17:44 1531904 ----a-w- C:\Windows\System32\ff_samplerate.dll
    2011-11-20 11:17:42 114688 ----a-w- C:\Windows\System32\ff_liba52.dll
    2011-11-20 11:17:40 189440 ----a-w- C:\Windows\System32\libmpeg2_ff.dll
    2011-11-20 11:09:44 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2011-11-20 11:07:24 259584 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll
    2011-11-20 11:07:06 133632 ----a-w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
    2011-11-20 11:07:04 97280 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll
    2011-11-20 11:07:04 158720 ----a-w- C:\Windows\SysWow64\ff_unrar.dll
    2011-11-20 11:07:02 211456 ----a-w- C:\Windows\SysWow64\ff_libdts.dll
    2011-11-20 11:07:02 1524224 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll
    2011-11-20 11:07:02 145920 ----a-w- C:\Windows\SysWow64\ff_libmad.dll
    2011-11-20 11:07:02 113664 ----a-w- C:\Windows\SysWow64\ff_liba52.dll
    2011-11-20 11:07:00 327680 ----a-w- C:\Windows\SysWow64\ff_libfaad2.dll
    2011-11-20 11:06:58 136704 ----a-w- C:\Windows\SysWow64\libmpeg2_ff.dll
    2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-10-22 20:42:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 6:23:21.31 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/25/2011 10:05:49 AM
    System Uptime: 1/16/2012 5:56:30 AM (1 hours ago)
    .
    Motherboard: Intel Corporation | | DH67CF
    Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 195 GiB total, 115.668 GiB free.
    D: is FIXED (NTFS) - 736 GiB total, 116.922 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 931 GiB total, 98.96 GiB free.
    G: is FIXED (NTFS) - 0 GiB total, 0.068 GiB free.
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP110: 1/14/2012 5:14:36 PM - Scheduled Checkpoint
    RP111: 1/14/2012 11:10:34 PM - Windows Backup
    RP112: 1/14/2012 11:19:22 PM - Windows Backup
    RP113: 1/14/2012 11:40:47 PM - Windows Backup
    RP114: 1/16/2012 5:20:16 AM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    .
    AC3Filter 1.63b
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.2)
    Adobe Shockwave Player 11.5
    Aimersoft DVD Creator(Build 2.5.2.15)
    Apple Application Support
    Apple Software Update
    Ashampoo Burning Studio 6 FREE v.6.80
    Ask Toolbar
    avast! Free Antivirus
    AXIS Media Control SDK 6.0.2
    Canon MP Navigator EX 1.0
    CinemaNow Media Manager
    Coastal Explorer
    CyberLink PowerDVD 11
    Data Lifeguard Diagnostic for Windows 1.22
    Digital Voice Editor 3
    Directory Toolkit
    Dragon NaturallySpeaking 11
    dupeGuru
    DVD Shrink 3.2
    DVDFab Passkey 8.0.2.6 (17/03/2011)
    EZ Viewer 3.0
    Franson SerialTools RunTime
    High-Definition Video Playback 10
    HiJackThis
    Intel(R) Control Center
    Intel(R) Desktop Utilities
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 6 Update 29
    K-Lite Mega Codec Pack 7.1.0
    Keyspan USB 2.0 4-Port Serial Adapter
    Lan Lights
    Malwarebytes Anti-Malware version 1.60.0.1800
    Media Player Codec Pack 4.1.2
    Microsoft Corporation
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Reader
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MozBackup 1.5.1
    Mozilla Firefox 9.0.1 (x86 en-US)
    Mozilla Thunderbird (8.0)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NavMonPc 1.10
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero BackItUp 10
    Nero BackItUp 10 Help (CHM)
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero CoverDesigner 10
    Nero CoverDesigner 10 Help (CHM)
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Dolby Files 10
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero MediaHub 10
    Nero MediaHub 10 Help (CHM)
    Nero Multimedia Suite 10
    Nero Recode 10
    Nero Recode 10 Help (CHM)
    Nero RescueAgent 10
    Nero RescueAgent 10 Help (CHM)
    Nero SoundTrax 10
    Nero SoundTrax 10 Help (CHM)
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    Nero Vision 10
    Nero Vision 10 Help (CHM)
    Nero WaveEditor 10
    Nero WaveEditor 10 Help (CHM)
    PL-2303 USB-to-Serial
    PokerStars.net
    QuickTime
    Reader Studio 1.5a
    Realtek High Definition Audio Driver
    RegCure
    Registry Mechanic 10.0
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    ShopSafe
    Skype™ 3.6
    SmartSound Quicktracks Plugin
    Snagit 10
    Spybot - Search & Destroy
    STG FolderPrint Plus 3.83
    System Requirements Lab for Intel
    Trader Workstation
    Trader Workstation 4.0
    Ugrib RC1
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    VLC media player 1.1.11
    Winamp
    WinRAR archiver
    WinZip 12.0
    WXTide32
    Xilisoft Video Converter Ultimate
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/9/2012 2:28:48 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.
    1/9/2012 2:28:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
    1/9/2012 10:54:28 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
    1/16/2012 5:57:06 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    1/16/2012 5:57:00 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    1/16/2012 5:56:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bizVSerial SBRE
    1/16/2012 5:56:58 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    1/16/2012 5:56:58 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    1/16/2012 5:56:57 AM, Error: Service Control Manager [7000] - The FLEXnet Licensing Manager for Adobe Products service failed to start due to the following error: The system cannot find the file specified.
    1/16/2012 5:56:52 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    1/16/2012 5:56:41 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\bizVSerialNT.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    1/16/2012 5:56:41 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\drivers\SBREdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    1/16/2012 5:37:27 AM, Error: Service Control Manager [7022] - The Intel(R) Management and Security Application User Notification Service service hung on starting.
    1/16/2012 5:37:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    1/16/2012 5:35:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    1/16/2012 5:35:22 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/16/2012 5:32:46 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
    1/14/2012 3:20:09 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user BOAT\TEST SID (S-1-5-21-346988686-1374381299-2349832999-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/14/2012 3:20:09 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user BOAT\TEST SID (S-1-5-21-346988686-1374381299-2349832999-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/14/2012 12:09:03 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    1/14/2012 10:50:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    1/14/2012 10:50:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/14/2012 10:50:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/14/2012 10:50:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/14/2012 10:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/14/2012 10:50:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bizVSerial discache SaibVdAd64 SBRE spldr Wanarpv6
    1/14/2012 10:50:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/14/2012 10:37:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    1/14/2012 10:37:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    1/13/2012 3:58:48 PM, Error: Service Control Manager [7030] - The Dragon Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  6. hanz99

    hanz99 TS Rookie Topic Starter

    Here is copy of aswmbr and bootkit.

    Hanz

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-16 12:50:16
    -----------------------------
    12:50:16.648 OS Version: Windows x64 6.1.7601 Service Pack 1
    12:50:16.648 Number of processors: 8 586 0x2A07
    12:50:16.648 ComputerName: BOAT UserName: TEST
    12:50:17.319 Initialize success
    12:50:17.615 AVAST engine defs: 12011600
    12:50:30.610 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    12:50:30.626 Disk 0 Vendor: Size: 0MB BusType: 0
    12:50:30.626 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
    12:50:30.626 Disk 1 Vendor: Size: 0MB BusType: 0
    12:50:30.626 Disk 0 MBR read successfully
    12:50:30.626 Disk 0 MBR scan
    12:50:30.641 Disk 0 Windows 7 default MBR code
    12:50:30.641 Disk 0 MBR hidden
    12:50:30.641 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    12:50:30.641 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199900 MB offset 206848
    12:50:30.657 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 753866 MB offset 409602048
    12:50:30.657 Service scanning
    12:50:31.936 Modules scanning
    12:50:32.435 Disk 0 trace - called modules:
    12:50:32.435 ntoskrnl.exe CLASSPNP.SYS disk.sys Sahdad64.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    12:50:32.435 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007786790]
    12:50:32.451 3 CLASSPNP.SYS[fffff880019c143f] -> nt!IofCallDriver -> [0xfffffa800768ba20]
    12:50:32.451 5 Sahdad64.sys[fffff8800194ce25] -> nt!IofCallDriver -> [0xfffffa80071a93a0]
    12:50:32.451 7 ACPI.sys[fffff88000f527a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007423060]
    12:50:32.966 AVAST engine scan C:\Windows
    12:50:33.949 AVAST engine scan C:\Windows\system32
    12:50:37.209 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
    12:51:05.929 AVAST engine scan C:\Windows\system32\drivers
    12:51:08.503 AVAST engine scan C:\Users\TEST
    12:51:35.553 AVAST engine scan C:\ProgramData
    12:52:02.479 Scan finished successfully
    12:52:52.430 Disk 0 MBR has been saved successfully to "C:\Users\TEST\Desktop\MBR.dat"
    12:52:52.430 The log file has been saved successfully to "C:\Users\TEST\Desktop\aswMBR.txt"


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64
    -bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  7. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. hanz99

    hanz99 TS Rookie Topic Starter

    ComboFix log..


    Hanz

    ComboFix 12-01-16.02 - TEST 01/16/2012 13:42:26.1.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8099.6205 [GMT -5:00]
    Running from: c:\users\TEST\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\xml5394.tmp
    c:\programdata\xml60BF.tmp
    c:\programdata\xml62E2.tmp
    c:\programdata\xmlDFC3.tmp
    c:\programdata\xmlE215.tmp
    c:\programdata\xmlE31F.tmp
    c:\users\TEST\AppData\Local\assembly\tmp
    c:\windows\assembly\temp\@
    c:\windows\assembly\temp\bckfg.tmp
    c:\windows\assembly\temp\cfg.ini
    c:\windows\assembly\temp\keywords
    c:\windows\assembly\temp\kwrd.dll
    c:\windows\system32\consrv.dll
    c:\windows\system32\drivers\etc\hosts.txt
    c:\windows\system32\java.exe
    c:\windows\System64
    c:\windows\SysWow64\regw2.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-16 18:45 . 2012-01-16 18:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-16 16:35 . 2012-01-16 16:36 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
    2012-01-16 16:35 . 2012-01-16 16:35 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-01-16 16:29 . 2012-01-16 16:30 -------- d-----w- C:\00HOUSE
    2012-01-16 15:56 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-01-16 15:56 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-01-16 15:56 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-01-16 15:56 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-01-16 15:56 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-01-16 15:56 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-01-16 15:56 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
    2012-01-16 15:56 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-01-16 15:56 . 2012-01-16 15:56 -------- d-----w- c:\programdata\AVAST Software
    2012-01-16 15:56 . 2012-01-16 15:56 -------- d-----w- c:\program files\AVAST Software
    2012-01-16 02:43 . 2012-01-16 02:43 -------- d-----w- c:\users\TEST\AppData\Roaming\FixTDSS
    2012-01-13 20:59 . 2012-01-13 20:59 -------- d-----w- c:\users\TEST\AppData\Roaming\Nuance
    2012-01-13 20:59 . 2012-01-13 20:59 -------- d-----w- c:\users\TEST\AppData\Roaming\FLEXnet
    2012-01-13 20:58 . 2012-01-13 20:58 -------- d-----w- c:\program files (x86)\Common Files\IVA
    2012-01-13 20:58 . 2012-01-16 05:53 -------- d-----w- c:\program files (x86)\Common Files\Nuance
    2012-01-13 20:58 . 2012-01-13 20:58 -------- d-----w- c:\programdata\Nuance
    2012-01-13 20:58 . 2012-01-13 20:58 -------- d-----w- c:\program files (x86)\Nuance
    2012-01-11 00:25 . 2012-01-11 00:25 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-11 00:25 . 2012-01-11 00:25 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
    2012-01-11 00:25 . 2012-01-11 00:25 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
    2012-01-11 00:25 . 2012-01-11 00:25 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-08 07:09 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
    2012-01-06 02:39 . 2012-01-06 02:39 -------- d-----w- c:\program files (x86)\Ask.com
    2012-01-06 01:19 . 2012-01-16 17:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-01-06 01:19 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-04 19:44 . 2012-01-04 19:45 -------- d-----w- c:\windows\system32\MpEngineStore
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-12-23 20:59 . 2011-12-23 21:04 -------- d-----w- c:\programdata\PC Tools
    2011-12-23 20:43 . 2011-12-24 04:06 -------- d-----w- c:\program files (x86)\PC Tools Security
    2011-12-19 02:43 . 2011-12-19 02:43 -------- d-----w- c:\program files (x86)\AC3Filter
    2011-12-19 02:43 . 2009-08-12 02:22 580096 ----a-w- c:\windows\system32\ac3filter64.acm
    2011-12-19 02:36 . 2011-12-19 02:36 -------- d-----w- c:\windows\SysWow64\custom matrices
    2011-12-19 02:36 . 2011-12-19 02:37 -------- d-----w- c:\windows\SysWow64\C2MP
    2011-12-19 02:36 . 2011-12-19 02:36 -------- d-----w- c:\windows\SysWow64\QuickTime
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-30 19:55 . 2011-11-30 19:55 557056 ----a-w- c:\windows\system32\LAVVideo.ax
    2011-11-30 19:55 . 2011-11-30 19:55 550912 ----a-w- c:\windows\system32\LAVSplitter.ax
    2011-11-30 19:55 . 2011-11-30 19:55 241664 ----a-w- c:\windows\system32\LAVAudio.ax
    2011-11-30 19:55 . 2011-11-30 19:55 200192 ----a-w- c:\windows\system32\libbluray.dll
    2011-11-30 19:55 . 2011-11-30 19:55 951794 ----a-w- c:\windows\system32\avformat-lav-53.dll
    2011-11-30 19:55 . 2011-11-30 19:55 362454 ----a-w- c:\windows\system32\swscale-lav-2.dll
    2011-11-30 19:55 . 2011-11-30 19:55 200604 ----a-w- c:\windows\system32\avutil-lav-51.dll
    2011-11-30 19:55 . 2011-11-30 19:55 115305 ----a-w- c:\windows\system32\avfilter-lav-2.dll
    2011-11-30 19:55 . 2011-11-30 19:55 6433576 ----a-w- c:\windows\system32\avcodec-lav-53.dll
    2011-11-30 19:53 . 2011-11-30 19:53 458752 ----a-w- c:\windows\SysWow64\LAVSplitter.ax
    2011-11-30 19:53 . 2011-11-30 19:53 437248 ----a-w- c:\windows\SysWow64\LAVVideo.ax
    2011-11-30 19:53 . 2011-11-30 19:53 211968 ----a-w- c:\windows\SysWow64\LAVAudio.ax
    2011-11-30 19:53 . 2011-11-30 19:53 171008 ----a-w- c:\windows\SysWow64\libbluray.dll
    2011-11-30 19:53 . 2011-11-30 19:53 957031 ----a-w- c:\windows\SysWow64\avformat-lav-53.dll
    2011-11-30 19:53 . 2011-11-30 19:53 6244574 ----a-w- c:\windows\SysWow64\avcodec-lav-53.dll
    2011-11-30 19:53 . 2011-11-30 19:53 337369 ----a-w- c:\windows\SysWow64\swscale-lav-2.dll
    2011-11-30 19:53 . 2011-11-30 19:53 197696 ----a-w- c:\windows\SysWow64\avutil-lav-51.dll
    2011-11-30 19:53 . 2011-11-30 19:53 127340 ----a-w- c:\windows\SysWow64\avfilter-lav-2.dll
    2011-11-30 09:54 . 2011-11-30 09:55 76288 ----a-w- c:\windows\SysWow64\EfiVar64.dll
    2011-11-30 09:54 . 2011-11-30 09:55 18200 ----a-w- c:\windows\SysWow64\drivers\variable64.sys
    2011-11-30 09:54 . 2011-11-30 09:55 18200 ----a-w- c:\windows\system32\drivers\variable64.sys
    2011-11-30 09:54 . 2011-11-30 09:55 15384 ----a-w- c:\windows\SysWow64\drivers\cpuiox64.sys
    2011-11-30 09:54 . 2011-11-30 09:55 15384 ----a-w- c:\windows\system32\drivers\cpuiox64.sys
    2011-11-21 11:40 . 2011-12-14 17:25 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{357A26C0-2BBE-4E15-8991-48E81904AA7E}\mpengine.dll
    2011-11-20 11:46 . 2011-11-20 11:46 4480512 ----a-w- c:\windows\system32\ffdshow.ax
    2011-11-20 11:43 . 2011-11-20 11:43 3563520 ----a-w- c:\windows\SysWow64\ffdshow.ax
    2011-11-20 11:36 . 2011-11-20 11:36 4031488 ----a-w- c:\windows\system32\ffmpeg.dll
    2011-11-20 11:34 . 2011-11-20 11:34 3900928 ----a-w- c:\windows\SysWow64\ffmpeg.dll
    2011-11-20 11:19 . 2011-11-20 11:19 473600 ----a-w- c:\windows\system32\ff_kernelDeint.dll
    2011-11-20 11:18 . 2011-11-20 11:18 630272 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
    2011-11-20 11:17 . 2011-11-20 11:17 159232 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll
    2011-11-20 11:17 . 2011-11-20 11:17 358400 ----a-w- c:\windows\system32\ff_libfaad2.dll
    2011-11-20 11:17 . 2011-11-20 11:17 183808 ----a-w- c:\windows\system32\ff_unrar.dll
    2011-11-20 11:17 . 2011-11-20 11:17 155648 ----a-w- c:\windows\system32\ff_libmad.dll
    2011-11-20 11:17 . 2011-11-20 11:17 112128 ----a-w- c:\windows\system32\ff_wmv9.dll
    2011-11-20 11:17 . 2011-11-20 11:17 221696 ----a-w- c:\windows\system32\ff_libdts.dll
    2011-11-20 11:17 . 2011-11-20 11:17 1531904 ----a-w- c:\windows\system32\ff_samplerate.dll
    2011-11-20 11:17 . 2011-11-20 11:17 114688 ----a-w- c:\windows\system32\ff_liba52.dll
    2011-11-20 11:17 . 2011-11-20 11:17 189440 ----a-w- c:\windows\system32\libmpeg2_ff.dll
    2011-11-20 11:09 . 2011-11-20 11:09 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
    2011-11-20 11:07 . 2011-11-20 11:07 259584 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll
    2011-11-20 11:07 . 2011-11-20 11:07 133632 ----a-w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll
    2011-11-20 11:07 . 2011-11-20 11:07 97280 ----a-w- c:\windows\SysWow64\ff_wmv9.dll
    2011-11-20 11:07 . 2011-11-20 11:07 158720 ----a-w- c:\windows\SysWow64\ff_unrar.dll
    2011-11-20 11:07 . 2011-11-20 11:07 211456 ----a-w- c:\windows\SysWow64\ff_libdts.dll
    2011-11-20 11:07 . 2011-11-20 11:07 1524224 ----a-w- c:\windows\SysWow64\ff_samplerate.dll
    2011-11-20 11:07 . 2011-11-20 11:07 145920 ----a-w- c:\windows\SysWow64\ff_libmad.dll
    2011-11-20 11:07 . 2011-11-20 11:07 113664 ----a-w- c:\windows\SysWow64\ff_liba52.dll
    2011-11-20 11:07 . 2011-11-20 11:07 327680 ----a-w- c:\windows\SysWow64\ff_libfaad2.dll
    2011-11-20 11:06 . 2011-11-20 11:06 136704 ----a-w- c:\windows\SysWow64\libmpeg2_ff.dll
    2011-11-15 19:29 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2011-10-22 20:42 . 2011-06-27 10:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-29 03:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "ShopSafe"="c:\progra~2\ShopSafe\ShopSafe.exe" [2010-10-13 371712]
    "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
    "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
    "RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-04-20 234792]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "ipTray.exe"="c:\program files (x86)\Intel\Intel Desktop Utilities\ipTray.exe" [2011-08-19 1631944]
    "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DVDFab Passkey"="c:\program files (x86)\DVDFab Passkey\DVDFabPasskey.exe" [2011-03-17 1007608]
    .
    c:\users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2012-1-15 194775]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system32\regw2.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2011c\RpcAgentSrv.exe [2009-08-11 93848]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x]
    S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x]
    S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/08/23 17:03];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 148976]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-23 127352]
    S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]
    S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]
    S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
    S2 IduService;Intel(R) Desktop Utilities Service;c:\program files (x86)\Intel\Intel Desktop Utilities\iduServ.exe [2011-08-19 132808]
    S2 Intel(R) Desktop Boards FSC Application Service;Intel(R) Desktop Boards FSC Application Service;c:\program files (x86)\Intel\FSC\FSCAppServ.exe [2011-08-19 61440]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
    S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-04-20 75248]
    S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-09-18 3271496]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-04 2656536]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
    S3 cpuio;CPUIO Service;c:\windows\SysWOW64\Drivers\cpuiox64.sys [2011-11-30 15384]
    S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [x]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 USA49WG;USA49WG;c:\windows\system32\DRIVERS\USA49WGx64.sys [x]
    S3 USA49WGP;USA49WGP;c:\windows\system32\DRIVERS\USA49WGx64p.SYS [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-14 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 16:45]
    .
    2011-12-29 c:\windows\Tasks\RegCure.job
    - c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
    "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-09-18 3993416]
    "combofix"="c:\combofix\CF20179.3XE" [2010-11-21 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 172.16.105.1
    FF - ProfilePath - c:\users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\alxzbf1v.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
    FF - prefs.js: browser.search.selectedEngine - eBay
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG14.00.00.01PROFESSIONAL"="49F5DA201B91F53EDADB74B21820D696746A58DBF00605DEBCC3EF0E5D71632501A0A1C5C59E80F164CBFAA46F2D8B929D61DFD84DD3C31C46E4C955D1D50C59BB28205C55D50272077C19558CEB26EFE236A8F5901A1B0C4507883DF4816A52FD9CC538ECF0E7116A98641D02C38F97AD539533DD0E0B4A00EF76899A1439019243E282B09E4434F785D82A6611D10627D8E961DBD7BA89839B41501D26546B06132F37CB82CFD8DE5554FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6675D575E7D6A3B9808A6A0AC4980AC7933E7FC7C3EFE97C0AC2381A04A49F08312262163BAF296F2C88267ECB6A52F2E3B9CB4F48AA8597EA572684C05D157CCB9B8113ADD46D1E1CF403BA93487A282A62F4027955A374D3A89B0A91CEFF9712408CCB195ED54B30D4582B64136BCC233B18FDF1512D65C785B9F131F961D3F068D05D36BF0247100AF80E8FEEE65574A0517E0E3E02291D1327758414DCCB8FB96719A0A6E0DDB0F727D89B282C7DA37634F60FE6FC4051EA903BBD92FD5928544CC76C1939D640053C356C5D5D41D2E57B50A08F5300497B390F5E1EA4BB5078D56CB86A7A9B0006EA4FEC3E340A243C04BF946C31B8DDB94F12F794583C1C5BCCFF2F080C79C21337229DDB78220EF53134322BA7B57EDE37B88641497866FEC80B7BA8AD3B65561066EE9F35805119616EB2A5192C8B39087158743668911133259C5C7ECBF77923B5BDFCDC0ED696862EC9111DE00F7D9F35AEFD09185A073B40D15CAF43042B1EF705D0E00AF1E7587B42C9A254CE8D422D44BD27FE6F3275AF9D1BD15B2D5FA082423121FD0B6C31A26751DEF331A6977F2EBED5ACEC61DF8BCC5DA36A33803ED5E154BE98D22AAB39609E08C6B7FD65E18C95F909437176B6563738917D0B0897BBD3FEFD5B2D470CF2C3F0BE3F4ABC41B00F4D4BF4BAA1277BB6A81D36CBECDCE4907864C9B436F1141A6413C3A4D9A464D919B1068404C6B893B5454BABA2B1A08CFC5C8F649580B551A4847EEF4575A932EA074DA98842D27EEFD4650889C1AEF5A08D7448ED1E3942FFC8F1C2F73875AD4E01451C2229C9427BD0C265F1BF819FD6E37628F09B5D0108052AADB6DF8CCA69F48E0A5968D7598963D1849285940A1DD5B171B2E8F00FB38FC68324545B954E11EFEFA52C8910BCF24E7A3464F47437E6C0D557672BC43CDB6093803FE93A5725887D04C0956DA74BEB7A4FCE333F43BC4D0B51AD5C4CEADD623CB2E27F2F760EABA878180527753BF11CF59152B5A4574D38956A17A96886B309E56B41039FB01BA56ECD0BA66808E6182E8537D2F103E6BEEEA35622A55338E340C944BEBDBF58FC61493653F52447769C1049BBE549B51D99D6127AB"
    "OODEFRAG15.00.00.01PROFESSIONAL"="0C921734BD2F6920645499DC1D3C92BAA1F793DA1C1A894CB289E091AA3646081B9AE02CE6460D939CE01836E661F8DE21E0A4BBCFC3D692FC330679C28CD30B804C2EA00D95775CD55E662A3CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5C1564E4A5C29E3D1D881D4046F814541E33A5E2BCB91C3A72B01EFBCBD20B27C8EE4F93B7D9726F0BFC2517A88905576673FA715AB1C8F29E703A3720329B9D3C92475F2E0E0CF7051DB892C105797BC015EBFC8C460B20517959C2F52E6F87A10C47722F117949D62743938D1EFEBC5DA26F41C14C8C62C04B9FD2D2D8EDCF51EAC117F1557FB71FDB22A099C75578C330F11CFE56ABC2F66AA33F4F88B048FAC21CBFC594947D52FD28E2093D7071C9D051105A40792D515AF38317590623A12B2D828B4964B7B8579AA991F9F8CD1F1F60467F293B7002298E416A2BF17B9CC0C317B7354EE7ECB433667D40CC1942BA6708AC71EABE8D6268B99D9F2A4C94A1A1D8D45CE673DFE69FAD2A947BBF88C220C3B7C0B4B1501A6956981F18F48A7279CB7E067423D44204BB0B414A151ADDB98D0580FC4375E66D24D9D35C3C505AF592E73F72A6E29F74EBA6D2AF4FF5B5D81C91DE565300E3C450EDAD47490D85B3F554D6120C76DBFA4216995A0A6AF612C9EC4D0CA3C5AE3331FBDEE128BB2344E49E62B5CB50D51762082CAA419D56F19439031B5E6F6B70BD3CDF64C9AAE6AB6EB239743C0375391940E1B35A0805F6A1AE7AB50EFCBEA890F86BBE82FB88634893F71B1E75A0485292D93F98F6BF943697704022BDD4FCEB937F138A2744D74BD47E288F66459DA0EA734AA98A44B13FD468546CD85B01320161387E7759EBF3A0F0CE196253883847550399B653A949D727BFA5C7063BEBC895B65E0B0BF2643437F722CF404AF5B968D0DAC532CA87A7380569D78B29C486E9CF1055A1375F61FE3E78E40419D5E759C9C4D3AA58D1E1E95837AC25BA8CEC6BF5D91CE7734F8CB5F0CCAD9B9E7A0D99BC12528A0923B4CC23F0B913D3B73D6ECCE87AAE5BC0AE9215368987F8AA775DA86085A409996237845FC996CBDCD18AB1CE5F481365D58B5F2DAD4CB9CD091F423205CCF5F7C2C5CC2EFAF76F39961933FE0E8DB39023DCBE0F20F368F2B81BF1EDBFDDE3A64253816C3F7F7F2D8A3A11D01DD848BCCB87CF1E3E09FDCC10D255DDF4B459AF5F84DC0C5A7EAEBA44D2C482768CD4069950E7FDB69DE7312D8BBBB13A34D1C02CBDCBE66946258A6986F7345A884CACE8BD0E390EC58918424EAA797840BB2F52AA6FB6572D7EE938C30868D93719172B1DFC3D9A1A38A296E8D82D6BC3FAEF0BB89E9BE68DCC4680B70989DC83984D"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-16 13:50:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-16 18:50
    .
    Pre-Run: 121,625,313,280 bytes free
    Post-Run: 120,699,518,976 bytes free
    .
    - - End Of File - - 50A7E56FEAA9DA05271A525A34F08AAB
     
  9. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Looks good.

    How is computer doing?

    Uninstall Ask Toolbar, typical foistware.

    Uninstall:
    RegCure
    Registry Mechanic 10.0

    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =============================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. hanz99

    hanz99 TS Rookie Topic Starter

    ask toolbar: gone
    regcure:gone
    registry mechanic 10.0: gone


    otl.txt and extras (too big - more to follow)
    Hanz

    OTL logfile created on: 1/16/2012 2:32:11 PM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\00CDROM\OTL-Virus
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.91 Gb Total Physical Memory | 6.45 Gb Available Physical Memory | 81.59% Memory free
    15.82 Gb Paging File | 14.39 Gb Available in Paging File | 90.96% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 195.21 Gb Total Space | 112.55 Gb Free Space | 57.65% Space Free | Partition Type: NTFS
    Drive D: | 736.20 Gb Total Space | 112.65 Gb Free Space | 15.30% Space Free | Partition Type: NTFS
    Drive F: | 931.39 Gb Total Space | 98.96 Gb Free Space | 10.63% Space Free | Partition Type: NTFS
    Drive G: | 100.00 Mb Total Space | 69.94 Mb Free Space | 69.94% Space Free | Partition Type: NTFS

    Computer Name: BOAT | User Name: TEST | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/01/11 06:18:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\00CDROM\OTL-Virus\OTL.exe
    PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/08/19 14:52:06 | 000,132,808 | ---- | M] (Intel(R) Corporation) -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe
    PRC - [2011/08/19 14:52:04 | 001,631,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iptray.exe
    PRC - [2011/08/19 14:47:50 | 000,061,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe
    PRC - [2011/05/04 11:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/05/04 11:46:04 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2011/04/19 22:56:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
    PRC - [2011/04/19 22:56:47 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
    PRC - [2011/04/14 17:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2011/03/31 08:37:11 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
    PRC - [2011/03/31 08:37:06 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
    PRC - [2010/11/14 17:30:49 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2010/10/13 15:41:30 | 000,371,712 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\ShopSafe\ShopSafe.exe
    PRC - [2010/10/13 15:40:04 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\obroker.exe
    PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    PRC - [2010/05/20 14:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
    PRC - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2009/06/23 16:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/10/13 15:37:30 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\ShopSafe\ShopSafe.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2011/09/18 18:18:54 | 003,271,496 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
    SRV:64bit: - [2011/04/11 13:44:46 | 000,171,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service)
    SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2009/08/10 20:34:50 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011c\RpcAgentSrv.exe -- (SandraAgentSrv)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/19 14:52:06 | 000,132,808 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe -- (IduService) Intel(R)
    SRV - [2011/08/19 14:47:50 | 000,061,440 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe -- (Intel(R) Desktop Boards FSC Application Service) Intel(R)
    SRV - [2011/06/25 19:44:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/05/04 11:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2011/05/04 11:46:04 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2011/04/19 22:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
    SRV - [2011/03/31 08:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
    SRV - [2011/03/31 08:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
    SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
    SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/23 16:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/05/31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2011/07/18 13:53:45 | 000,017,176 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\osaio.sys -- (osaio)
    DRV:64bit: - [2011/06/29 05:18:49 | 000,093,360 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
    DRV:64bit: - [2011/05/10 23:32:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/05/10 23:32:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/05/04 16:19:06 | 000,340,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
    DRV:64bit: - [2011/04/29 13:34:32 | 000,100,864 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
    DRV:64bit: - [2011/04/18 22:18:13 | 000,028,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel(R)
    DRV:64bit: - [2011/04/13 17:30:54 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011/04/13 17:30:50 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2011/04/10 10:51:08 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/16 17:49:42 | 000,107,904 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvdfab.sys -- (dvdfab)
    DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/10/15 00:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/06/24 12:46:14 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
    DRV:64bit: - [2010/05/20 14:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
    DRV:64bit: - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011c\WNt500x64\sandra.sys -- (SANDRA)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/02 00:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
    DRV:64bit: - [2009/06/02 00:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
    DRV:64bit: - [2009/06/02 00:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
    DRV:64bit: - [2008/08/18 10:11:52 | 000,013,312 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ICDUSB3.sys -- (ICDUSB3)
    DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2007/02/08 23:28:04 | 000,762,496 | ---- | M] (Keyspan) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USA49WGx64.sys -- (USA49WG)
    DRV:64bit: - [2007/02/08 23:27:08 | 000,035,840 | ---- | M] (Keyspan) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USA49WGx64p.sys -- (USA49WGP)
    DRV - [2011/11/30 04:54:05 | 000,015,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\cpuiox64.sys -- (cpuio)
    DRV - [2011/04/19 22:56:48 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
    DRV - [2011/04/12 04:16:53 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/08/23 17:03:24] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2006/04/03 20:40:00 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\bizVSerialNT.sys -- (bizVSerial)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="
    FF - prefs.js..browser.search.selectedEngine: "eBay"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: shopsafe@orbiscom:3.4.13.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="
    FF - prefs.js..network.proxy.type: 0

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\shopsafe@orbiscom: C:\Program Files (x86)\ShopSafe [2011/06/29 11:38:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/16 10:56:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/10 19:25:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/11 04:44:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/09 09:33:42 | 000,000,000 | ---D | M]

    [2011/06/25 15:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEST\AppData\Roaming\Mozilla\Extensions
    [2011/06/25 15:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEST\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2012/01/16 14:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\alxzbf1v.default\extensions
    [2011/11/07 15:25:30 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\alxzbf1v.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2011/11/07 15:25:30 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\alxzbf1v.default\extensions\firebug@software.joehewitt.com
    [2011/07/25 18:36:40 | 000,001,832 | ---- | M] () -- C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\alxzbf1v.default\searchplugins\bing.xml
    [2012/01/10 19:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    () (No name found) -- C:\USERS\TEST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ALXZBF1V.DEFAULT\EXTENSIONS\{FE0258AB-4F74-43A1-8781-BCDF340F9EE9}.XPI
    [2012/01/10 19:25:04 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/01/16 13:47:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (ShopSafeBrowserHelper Class) - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\Program Files (x86)\ShopSafe\BhoSSafe.dll (Orbiscom Ltd. All rights reserved.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
    O3 - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\..\Toolbar\ShellBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O3 - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [ipTray.exe] C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [ShopSafe] C:\Program Files (x86)\ShopSafe\ShopSafe.exe (Orbiscom Ltd. All rights reserved.)
    O4 - HKU\.DEFAULT..\Run: [DVDFab Passkey] C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe (Fengtao Software Inc.)
    O4 - HKU\S-1-5-18..\Run: [DVDFab Passkey] C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe (Fengtao Software Inc.)
    O4 - HKU\S-1-5-21-346988686-1374381299-2349832999-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - Startup: C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.105.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{797E6F32-F9AA-462F-97A4-4B2CD5BB8152}: DhcpNameServer = 172.16.105.1
    O18:64bit: - Protocol\Handler\belarc - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (OODBS)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
    Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
    Drivers32: msacm.divxa32 - C:\Windows\SysWow64\DivXa32.acm (Packed With Joy !)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.pspgru - C:\Windows\SysWow64\PSPGRU.acm (Philips Austria GmbH - Speech Processing)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/16 13:47:08 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/01/16 13:41:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/16 13:41:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/16 13:41:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/16 13:41:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/16 13:41:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/16 13:10:43 | 004,385,658 | R--- | C] (Swearware) -- C:\Users\TEST\Desktop\ComboFix.exe
    [2012/01/16 11:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/01/16 11:29:36 | 000,000,000 | ---D | C] -- C:\00HOUSE
    [2012/01/16 10:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/01/16 10:56:38 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/01/16 10:56:38 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/01/16 10:56:37 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/01/16 10:56:37 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/01/16 10:56:37 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2012/01/16 10:56:36 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/01/16 10:56:30 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/01/16 10:56:30 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/01/16 10:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/01/16 10:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/01/15 21:43:18 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\FixTDSS
    [2012/01/13 15:59:37 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Nuance
    [2012/01/13 15:59:37 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\FLEXnet
    [2012/01/13 15:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 11.0
    [2012/01/13 15:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IVA
    [2012/01/13 15:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
    [2012/01/13 15:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
    [2012/01/13 15:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
    [2012/01/08 02:09:41 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/01/05 21:04:47 | 000,000,000 | R--D | C] -- C:\Users\TEST\Documents\Scanned Documents
    [2012/01/05 21:04:47 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\Fax
    [2012/01/05 20:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/05 20:19:47 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/01/05 20:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/01/04 14:44:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
    [2011/12/26 04:53:58 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WXTide32
    [2011/12/23 16:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
    [2011/12/23 15:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2011/12/23 15:43:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
    [2011/12/18 21:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
    [2011/12/18 21:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
    [2011/12/18 21:36:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\custom matrices
    [2011/12/18 21:36:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
    [2011/12/18 21:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
    [2011/12/18 21:36:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/16 13:59:27 | 000,029,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/16 13:59:27 | 000,029,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/16 13:52:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/16 13:52:08 | 000,983,328 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
    [2012/01/16 13:47:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/01/16 13:10:54 | 004,385,658 | R--- | M] (Swearware) -- C:\Users\TEST\Desktop\ComboFix.exe
    [2012/01/16 12:52:52 | 000,000,512 | ---- | M] () -- C:\Users\TEST\Desktop\MBR.dat
    [2012/01/16 11:24:08 | 000,000,684 | ---- | M] () -- C:\Users\TEST\Desktop\00CDROM - Shortcut.lnk
    [2012/01/16 11:03:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/01/16 10:56:39 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/01/14 11:32:18 | 000,001,167 | ---- | M] () -- C:\Users\TEST\Desktop\SpaceSniffer.exe - Shortcut.lnk
    [2012/01/13 16:32:28 | 000,001,834 | ---- | M] () -- C:\Users\TEST\AppData\Roaming\SAS7_000.DAT
    [2012/01/13 15:58:36 | 000,002,799 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
    [2012/01/13 05:58:50 | 000,001,200 | ---- | M] () -- C:\Users\Public\Desktop\Digital Voice Editor 3.lnk
    [2012/01/11 09:48:37 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/01/11 09:48:37 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/01/11 09:48:37 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/01/10 19:25:08 | 000,002,059 | ---- | M] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/01/07 20:18:33 | 000,007,605 | ---- | M] () -- C:\Users\TEST\AppData\Local\Resmon.ResmonCfg
    [2011/12/26 04:55:47 | 000,001,074 | ---- | M] () -- C:\Users\TEST\Desktop\wxtide32.exe - Shortcut.lnk
    [2011/12/24 08:11:42 | 000,000,000 | ---- | M] () -- C:\ProgramData\v0Q7I02Hg.dat
    [2011/12/19 07:01:37 | 000,000,550 | ---- | M] () -- C:\Windows\WININIT.INI
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
  11. hanz99

    hanz99 TS Rookie Topic Starter

    ========== Files Created - No Company Name ==========

    [2012/01/16 13:41:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/16 13:41:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/16 13:41:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/16 13:41:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/16 13:41:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/16 12:52:52 | 000,000,512 | ---- | C] () -- C:\Users\TEST\Desktop\MBR.dat
    [2012/01/16 11:24:08 | 000,000,684 | ---- | C] () -- C:\Users\TEST\Desktop\00CDROM - Shortcut.lnk
    [2012/01/16 10:56:39 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/01/14 11:32:18 | 000,001,167 | ---- | C] () -- C:\Users\TEST\Desktop\SpaceSniffer.exe - Shortcut.lnk
    [2012/01/13 16:32:28 | 000,001,834 | ---- | C] () -- C:\Users\TEST\AppData\Roaming\SAS7_000.DAT
    [2012/01/13 15:58:36 | 000,002,799 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
    [2012/01/13 05:58:50 | 000,001,200 | ---- | C] () -- C:\Users\Public\Desktop\Digital Voice Editor 3.lnk
    [2012/01/08 02:09:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2011/12/26 04:55:47 | 000,001,074 | ---- | C] () -- C:\Users\TEST\Desktop\wxtide32.exe - Shortcut.lnk
    [2011/12/24 08:11:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\v0Q7I02Hg.dat
    [2011/12/18 21:43:21 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
    [2011/11/30 14:53:34 | 000,171,008 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
    [2011/11/30 14:53:26 | 006,244,574 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
    [2011/11/30 14:53:26 | 000,957,031 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
    [2011/11/30 14:53:26 | 000,337,369 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
    [2011/11/30 14:53:26 | 000,197,696 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
    [2011/11/30 14:53:26 | 000,127,340 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
    [2011/11/20 06:34:48 | 003,900,928 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
    [2011/11/20 06:09:44 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/11/20 06:07:24 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
    [2011/11/20 06:07:06 | 000,133,632 | ---- | C] () -- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
    [2011/11/20 06:07:04 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
    [2011/11/20 06:07:04 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
    [2011/11/20 06:07:02 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
    [2011/11/20 06:07:02 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
    [2011/11/20 06:07:02 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
    [2011/11/20 06:07:02 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
    [2011/11/20 06:07:00 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
    [2011/11/20 06:06:58 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
    [2011/07/18 13:47:16 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
    [2011/07/15 13:26:54 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
    [2011/07/07 22:45:13 | 000,000,039 | ---- | C] () -- C:\Windows\iltwain.ini
    [2011/07/04 13:05:41 | 010,932,224 | ---- | C] () -- C:\ProgramData\sandra.mda
    [2011/07/01 03:25:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
    [2011/06/30 20:01:38 | 000,000,550 | ---- | C] () -- C:\Windows\WININIT.INI
    [2011/06/29 14:20:58 | 000,000,043 | ---- | C] () -- C:\Windows\ib.ini
    [2011/06/29 14:20:57 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
    [2011/06/29 05:09:41 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2011/06/29 05:09:41 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\statistics.dat
    [2011/06/29 05:09:41 | 000,000,039 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011/06/27 15:47:21 | 000,124,264 | R--- | C] () -- C:\Windows\SysWow64\mp3dec.dll
    [2011/06/27 15:47:21 | 000,081,920 | R--- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
    [2011/06/27 15:47:21 | 000,010,600 | R--- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
    [2011/06/26 14:35:12 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
    [2011/06/26 09:41:16 | 000,007,605 | ---- | C] () -- C:\Users\TEST\AppData\Local\Resmon.ResmonCfg
    [2011/06/25 09:03:03 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/06/25 09:00:01 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011/06/25 09:00:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2011/06/25 08:53:27 | 000,921,665 | ---- | C] () -- C:\Windows\SysWow64\msvcrt-ruby18.dll
    [2011/06/25 08:53:27 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll
    [2011/06/25 08:53:27 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
    [2011/06/25 08:53:27 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\pythonw.exe
    [2011/06/25 08:53:27 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\python.exe
    [2011/06/25 08:53:27 | 000,020,537 | ---- | C] () -- C:\Windows\SysWow64\rubyw.exe
    [2011/06/25 08:53:27 | 000,020,536 | ---- | C] () -- C:\Windows\SysWow64\ruby.exe
    [2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/04/10 10:49:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/04/10 10:49:10 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/04/10 10:49:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/04/10 10:42:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/04/10 10:18:24 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/03/03 06:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
    [2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
    [2011/03/03 06:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
    [2011/03/03 06:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
    [2011/03/03 06:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
    [2011/03/03 06:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
    [2011/03/03 06:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
    [2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
    [2011/03/03 06:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
    [2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
    [2011/03/03 06:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
    [2011/03/03 06:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
    [2011/03/03 06:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
    [2010/08/18 14:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
    [2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
    [2009/08/11 16:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/26 16:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/03/03 23:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll
    [2005/02/16 23:43:00 | 000,024,576 | ---- | C] () -- C:\Windows\FransonRegistryRestoration.exe
    [2004/01/30 14:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\SysWow64\unicows.dll

    ========== LOP Check ==========

    [2011/06/26 21:19:52 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Ashampoo
    [2011/11/08 09:25:17 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Canon
    [2012/01/15 21:43:18 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\FixTDSS
    [2011/07/04 06:13:40 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\FolderPrint
    [2011/10/28 03:11:12 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Hardcoded Software
    [2011/07/04 10:34:54 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\ImgBurn
    [2011/10/24 06:01:47 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\NavMonPc
    [2012/01/13 15:59:37 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Nuance
    [2011/09/09 03:37:51 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Registry Mechanic
    [2011/06/27 13:29:34 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Replay Media Catcher 4
    [2011/06/27 15:18:28 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Simple Star
    [2011/06/25 15:31:58 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Thunderbird
    [2012/01/16 11:33:22 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\uTorrent
    [2011/12/13 05:57:18 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Xilisoft Corporation
    [2012/01/14 22:31:10 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2012/01/16 13:50:09 | 000,029,996 | ---- | M] () -- C:\ComboFix.txt
    [2011/11/09 08:14:57 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
    [2012/01/16 13:52:09 | 4197,867,519 | -HS- | M] () -- C:\pagefile.sys
    [2012/01/11 05:14:44 | 000,083,426 | ---- | M] () -- C:\TDSSKiller.2.7.0.0_11.01.2012_05.14.28_log.txt
    [2012/01/15 21:41:22 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.0.0_15.01.2012_21.41.12_log.txt
    [2012/01/15 21:42:21 | 000,083,426 | ---- | M] () -- C:\TDSSKiller.2.7.1.0_15.01.2012_21.42.01_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/06/25 13:38:10 | 000,000,221 | -HS- | M] () -- C:\Users\TEST\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/16 13:10:54 | 004,385,658 | R--- | M] (Swearware) -- C:\Users\TEST\Desktop\ComboFix.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2009/06/26 16:24:18 | 000,013,023 | ---- | M] () -- C:\Windows\VX1000.src
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    [2010/10/20 22:23:26 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/01/08 13:49:24 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/01/08 13:49:14 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2012/01/08 13:49:14 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb00001.log
    [2011/11/09 21:35:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/11/09 21:35:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2012/01/08 13:49:14 | 000,000,000 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2012/01/08 13:49:13 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/06/29 14:27:17 | 000,000,402 | -HS- | M] () -- C:\Users\TEST\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/07/18 13:47:21 | 000,000,064 | ---- | M] () -- C:\ProgramData\sandra.ldb
    [2011/07/06 23:05:18 | 010,932,224 | ---- | M] () -- C:\ProgramData\sandra.mda

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2011/08/24 21:15:57 | 000,000,000 | ---D | M](C:\Users\TEST\Favorites\??sorted Bookmarks) -- C:\Users\TEST\Favorites\遈dzsorted Bookmarks

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 368 bytes -> C:\Users\TEST\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
    @Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:0D6E9A34
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D1B5B4F1
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8

    < End of report >
     
  12. hanz99

    hanz99 TS Rookie Topic Starter

    last of logs


    Hanz

    OTL Extras logfile created on: 1/11/2012 6:22:12 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\00CDROM\OTL-Virus
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.91 Gb Total Physical Memory | 5.47 Gb Available Physical Memory | 69.17% Memory free
    15.82 Gb Paging File | 13.48 Gb Available in Paging File | 85.25% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 195.21 Gb Total Space | 114.97 Gb Free Space | 58.90% Space Free | Partition Type: NTFS
    Drive D: | 736.20 Gb Total Space | 113.86 Gb Free Space | 15.47% Space Free | Partition Type: NTFS
    Drive F: | 931.39 Gb Total Space | 256.79 Gb Free Space | 27.57% Space Free | Partition Type: NTFS
    Drive G: | 100.00 Mb Total Space | 69.94 Mb Free Space | 69.94% Space Free | Partition Type: NTFS

    Computer Name: BOAT | User Name: TEST | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00CE7326-01AA-44C5-A323-45E52C5D4D0D}" = O&O Defrag Professional
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
    "{44663264-E108-4938-BF9E-A767315072C9}" = Intel(R) Network Connections 16.3.48.0
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
    "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7105B74C-1124-40BC-919D-1B9A8F4517C5}" = Replay Media Catcher 4
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
    "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Professional Business 2011c
    "{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "3318836AD61238EBF9D3CA1B0500E56C2DF9465B" = Windows Driver Package - KSPN (USA49WG) USB (01/01/2007 3.7.0.0)
    "422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
    "54F242A9C8F5B27621DF232A7F75FA257F822819" = Windows Driver Package - KSPN (USA49WGP) PORTS (01/01/2007 3.7.0.0)
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "PROSetDX" = Intel(R) Network Connections 16.3.48.0
    "SMBus" = Intel(R) SMBus

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216024F0}" = Java(TM) 6 Update 24
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 29
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{31F10994-391D-4F39-A541-E4D30338BB42}" = Franson SerialTools RunTime
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{50A53344-212F-4CB9-B520-98ACA3D62342}" = dupeGuru
    "{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73868DD9-CC9A-4F7F-B708-99F096DEAB6D}" = Adobe Shockwave Player 11.5
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87358FDB-7A27-4F53-9BFB-1566FA03A9C5}" = ShopSafe
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{9437FF64-45F1-47C5-866A-04B432E6C306}" = Keyspan USB 2.0 4-Port Serial Adapter
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{A31F749C-8ADF-44E4-AD33-E39286A96A1B}" = Intel(R) Desktop Utilities
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{EEDE759C-14CC-4487-8A45-F0E8447E1227}" = ShopSafe
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "AC3Filter_is1" = AC3Filter 1.63b
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Aimersoft DVD Creator_is1" = Aimersoft DVD Creator(Build 2.5.2.15)
    "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
    "AXIS Media Control SDK_is1" = AXIS Media Control SDK 6.0.2
    "Coastal Explorer" = Coastal Explorer
    "Directory Toolkit (Shareware)_is1" = Directory Toolkit
    "Directory Toolkit_is1" = Directory Toolkit
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.2.6 (17/03/2011)
    "EZ Viewer 3.0_is1" = EZ Viewer 3.0
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{A31F749C-8ADF-44E4-AD33-E39286A96A1B}" = Intel(R) Desktop Utilities
    "InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
    "Lan Lights" = Lan Lights
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1600
    "Media Player - Codec Pack" = Media Player Codec Pack 4.1.2
    "MozBackup" = MozBackup 1.5.1
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
    "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
    "NavMonPc_is1" = NavMonPc 1.10
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "PokerStars.net" = PokerStars.net
    "Reader Studio_is1" = Reader Studio 1.5a
    "RegCure" = RegCure
    "Registry Mechanic_is1" = Registry Mechanic 10.0
    "STG FolderPrint Plus_is1" = STG FolderPrint Plus 3.83
    "Trader Workstation 4.0" = Trader Workstation 4.0
    "Ugrib_is1" = Ugrib RC1
    "VLC media player" = VLC media player 1.1.11
    "Winamp" = Winamp
    "WinRAR archiver" = WinRAR archiver
    "WXTide32" = WXTide32
    "Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Trader Workstation" = Trader Workstation

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/23/2011 12:26:58 AM | Computer Name = BOAT | Source = Application Error | ID = 1000
    Description = Faulting application name: ExterminateIt.exe, version: 0.0.0.0, time
    stamp: 0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x02b3d835 Faulting process id: 0x430 Faulting application
    start time: 0x01ccc12b0cdd1923 Faulting application path: C:\Program Files (x86)\Exterminate
    It!\ExterminateIt.exe Faulting module path: unknown Report Id: 59fdd30a-2d1e-11e1-b821-e069957328a1

    Error - 12/23/2011 12:27:45 AM | Computer Name = BOAT | Source = Application Error | ID = 1000
    Description = Faulting application name: ExterminateIt.exe, version: 0.0.0.0, time
    stamp: 0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x008ed835 Faulting process id: 0x7a8 Faulting application
    start time: 0x01ccc12b28c95d7a Faulting application path: C:\Program Files (x86)\Exterminate
    It!\ExterminateIt.exe Faulting module path: unknown Report Id: 75c662bd-2d1e-11e1-b821-e069957328a1

    Error - 12/23/2011 12:28:31 AM | Computer Name = BOAT | Source = Application Error | ID = 1000
    Description = Faulting application name: ExterminateIt.exe, version: 0.0.0.0, time
    stamp: 0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x02ccd835 Faulting process id: 0x60c Faulting application
    start time: 0x01ccc12b3aefdb90 Faulting application path: C:\Program Files (x86)\Exterminate
    It!\ExterminateIt.exe Faulting module path: unknown Report Id: 90d7a87b-2d1e-11e1-b821-e069957328a1

    Error - 12/23/2011 12:50:34 AM | Computer Name = BOAT | Source = WinMgmt | ID = 10
    Description =

    Error - 12/23/2011 1:01:36 AM | Computer Name = BOAT | Source = Application Error | ID = 1000
    Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc964 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x5256ff18 Faulting process id: 0x13c0 Faulting application
    start time: 0x01ccc12f8cd114ad Faulting application path: C:\Windows\SysWOW64\ping.exe
    Faulting
    module path: unknown Report Id: 302ccb73-2d23-11e1-9692-e069957328a1

    Error - 12/23/2011 6:18:04 AM | Computer Name = BOAT | Source = WinMgmt | ID = 10
    Description =

    Error - 12/23/2011 6:37:32 AM | Computer Name = BOAT | Source = Application Error | ID = 1000
    Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc964 Faulting module name: Flash10x.ocx, version: 10.3.183.10, time
    stamp: 0x4e764622 Exception code: 0xc0000005 Fault offset: 0x001938de Faulting process
    id: 0x10b0 Faulting application start time: 0x01ccc15e79094fde Faulting application
    path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash10x.ocx
    Report
    Id: 1e0d4fb5-2d52-11e1-9f23-e069957328a1

    Error - 12/23/2011 7:05:32 AM | Computer Name = BOAT | Source = WinMgmt | ID = 10
    Description =

    Error - 12/23/2011 7:46:10 AM | Computer Name = BOAT | Source = WinMgmt | ID = 10
    Description =

    Error - 12/23/2011 10:40:25 AM | Computer Name = BOAT | Source = WinMgmt | ID = 10
    Description =


    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    I can't proceed as you didn't answer my question:
     
  14. hanz99

    hanz99 TS Rookie Topic Starter

    sorry:
    the IE redirect seems to be gone.

    cpu seems to be ok..


    What cause the virus to enter the CPU?? (browers or download?)

    How can I prevent it from happening again??( I will try Avast.)


    Hanz
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    There is no way to trace any infections source.
    I'll post some security hints later.
    I'll check your OTL logs now....

    Good news though :)
     
  16. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\..\Toolbar\ShellBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      @Alternate Data Stream - 368 bytes -> C:\Users\TEST\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
      @Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:DFC5A2B2
      @Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:0D6E9A34
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D1B5B4F1
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. hanz99

    hanz99 TS Rookie Topic Starter

    following are:eek:lt.log checkup.txt,fss.txt,eset.log

    Hanz

    OLT

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-346988686-1374381299-2349832999-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ADS C:\Users\TEST\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 deleted successfully.
    ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
    ADS C:\ProgramData\Temp:0D6E9A34 deleted successfully.
    ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
    ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
    ADS C:\ProgramData\Temp:0FF263E8 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: TEST
    ->Temp folder emptied: 1901053 bytes
    ->Temporary Internet Files folder emptied: 13929768 bytes
    ->Java cache emptied: 838315 bytes
    ->FireFox cache emptied: 75447120 bytes
    ->Flash cache emptied: 1414 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 131039 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1902 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 88.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: TEST
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: TEST
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01162012_155902

    Files\Folders moved on Reboot...
    C:\Users\TEST\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    Java(TM) 6 Update 24
    Java(TM) 6 Update 30
    Out of date Java installed!
    Adobe Flash Player 11.0.1.152
    Adobe Reader X (10.1.2)
    Mozilla Firefox (x86 en-US..)
    Mozilla Thunderbird (8.0.)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````


    Farbar Service Scanner
    Ran by TEST (administrator) on 16-01-2012 at 16:19:14
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    eset log

    C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Windows\SysWOW64\regw2.exe.vir Win32/Agent.QTP trojan cleaned by deleting - quarantined
    C:\Windows\assembly\temp\U\80000032.$ probably a variant of Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Uninstall: Java(TM) 6 Update 24

    Your Windows firewall seems to be not working because of missing registry key.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip the file.
    You'll find several files inside.
    Double click on mpssvc.reg file and confirm the prompt.
    Restart computer, check on Windows firewall and post new FSS log.
     
  19. hanz99

    hanz99 TS Rookie Topic Starter

    create new restore: done
    mpssvc:done
    fss log: follow

    hanz


    Farbar Service Scanner
    Ran by TEST (administrator) on 16-01-2012 at 18:30:15
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  20. hanz99

    hanz99 TS Rookie Topic Starter

    I cannot Uninstall: Java(TM) 6 Update 24. ERROR 1723 (missing(?) DLL)

    hanz
     
  21. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Leave it alone.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  22. hanz99

    hanz99 TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: TEST
    ->Temp folder emptied: 55506 bytes
    ->Temporary Internet Files folder emptied: 1077579 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 53799432 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2514 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 52.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: TEST
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: TEST
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.31.0 log created on 01162012_185058

    Files\Folders moved on Reboot...
    C:\Users\TEST\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  23. hanz99

    hanz99 TS Rookie Topic Starter

    can i delete MBR.dat ??

    Thanx for your help.


    Hanz (Bill)
     
  24. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Yes.

    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...