TechSpot

Google Redirect + More?

By brianleonard
Aug 26, 2011
  1. Hello. I have been experiencing trouble with my laptop recently. With school starting I'd like to make sure I have my computer clean and free of problems. I have had my google links being redirected to some third party unwanted sites.

    I have tried antimalware programs but to no avail and I'd like help with this problem as well as any other problems you can detect.

    Thank you so much for your help in advance and I appreciate it.


    The requested logs are as follow:


    ---------------------------------------------------
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7573

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    8/25/2011 11:08:11 PM
    mbam-log-2011-08-25 (23-08-11).txt

    Scan type: Quick scan
    Objects scanned: 177911
    Time elapsed: 8 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Vishal\AppData\Local\Temp\thpm8817987130720960027.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

    -------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-25 23:54:16
    Windows 6.1.7600
    Running: 01lcj7qe.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f1a167774e
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f1a167774e (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----

    -----------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Run by Vishal at 0:01:06 on 2011-08-26
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4020.2257 [GMT -4:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
    C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai7
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\dleacoms.exe
    C:\Program Files (x86)\OSD\OSD_Service.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
    C:\Program Files (x86)\AlienRespawn\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\AlienRespawn\Toaster.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
    C:\Program Files (x86)\ooVoo\ooVoo.exe
    C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    C:\Program Files (x86)\OSD\OSD_Main.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe
    C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
    C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uStart Page = hxxp://www.alienware.com/
    uDefault_Page_URL = hxxp://www.alienware.com/
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:53657
    mWinlogon: Userinit=userinit.exe,
    BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
    uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
    uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    uRun: [conhost] C:\Users\Vishal\AppData\Roaming\Microsoft\conhost.exe
    mRun: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe
    mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    mRun: [FAStartup]
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
    mRun: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
    mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
    mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\AlienRespawn\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe"
    mRunOnce: [STToasterLauncher] C:\Program Files (x86)\AlienRespawn\toasterLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{1D3C5D2E-3321-42E1-88F5-74FD6EA9BC27} : DhcpNameServer = 68.87.72.134 68.87.77.134
    TCP: Interfaces\{6E82540B-0CA1-4C44-A34D-0EEABA287ED1} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{6E82540B-0CA1-4C44-A34D-0EEABA287ED1}\2656C6B696E6E2369383 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{6E82540B-0CA1-4C44-A34D-0EEABA287ED1}\7443F4F423 : DhcpNameServer = 192.168.1.1 71.252.0.12
    TCP: Interfaces\{6E82540B-0CA1-4C44-A34D-0EEABA287ED1}\E444D2375636572756 : DhcpNameServer = 66.205.160.99 129.74.250.99
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
    LSA: Notification Packages = scecli FAPassSync
    BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO-X64: Conduit Engine - No File
    BHO-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    BHO-X64: DVDVideoSoftTB - No File
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
    BHO-X64: SSOIEAddonBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
    mRun-x64: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe
    mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    mRun-x64: [FAStartup]
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun-x64: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun-x64: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun-x64: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
    mRun-x64: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
    mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
    mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\AlienRespawn\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe"
    mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\AlienRespawn\toasterLauncher.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ioatdma;Intel(R) QuickData Technology device;C:\Windows\system32\Drivers\ioatdma.sys --> C:\Windows\system32\Drivers\ioatdma.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/08/10 12:48:50];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-16 146928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2010-6-24 89600]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
    R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
    R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2010-1-4 16384]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-25 366640]
    R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-1-11 82944]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2010-8-10 689472]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-4-23 1831024]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-12-20 602872]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-14 136824]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\OSD\WinRing0x64.sys [2008-7-26 14544]
    S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2010-9-1 33448]
    S3 bcm;WiMAX Network Adapter;C:\Windows\system32\DRIVERS\drxvi314_64.sys --> C:\Windows\system32\DRIVERS\drxvi314_64.sys [?]
    S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys --> C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-12-15 124224]
    S3 cm_net;C-motech USB Network Adapter Drivers;C:\Windows\system32\DRIVERS\cm_net.sys --> C:\Windows\system32\DRIVERS\cm_net.sys [?]
    S3 cm_ser;C-motech USB Serial Port Driver;C:\Windows\system32\DRIVERS\cm_ser.sys --> C:\Windows\system32\DRIVERS\cm_ser.sys [?]
    S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
    S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTVE.sys --> C:\Windows\system32\DRIVERS\IAMTVE.sys [?]
    S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTXPE.sys --> C:\Windows\system32\DRIVERS\IAMTXPE.sys [?]
    S3 ioatdma1;ioatdma1;C:\Windows\system32\Drivers\qd162x64.sys --> C:\Windows\system32\Drivers\qd162x64.sys [?]
    S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\system32\Drivers\qd262x64.sys --> C:\Windows\system32\Drivers\qd262x64.sys [?]
    S3 iSSetup;iSSetup;C:\Windows\system32\DRIVERS\iSSetup.sys --> C:\Windows\system32\DRIVERS\iSSetup.sys [?]
    S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-08-26 02:52:30 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-26 02:52:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-08-25 03:47:12 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
    2011-08-24 18:57:57 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-08-24 18:57:56 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-08-23 00:42:18 -------- d-----w- C:\Users\Vishal\AppData\Local\Cisco
    2011-08-23 00:40:11 -------- d-----w- C:\Program Files (x86)\Cisco
    2011-08-23 00:40:09 -------- d-----w- C:\ProgramData\Cisco
    2011-08-22 13:37:12 -------- d-----w- C:\Users\Vishal\AppData\Roaming\Xerox
    2011-08-22 13:26:31 -------- d-----w- C:\ProgramData\Xerox
    2011-08-22 13:25:32 40448 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\x5pp.dll
    2011-08-22 13:25:31 11776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\x5print.dll
    2011-08-18 20:13:22 -------- d-----w- C:\ProgramData\Affinegy
    2011-08-18 18:24:49 -------- d-----w- C:\Program Files (x86)\Belkin
    2011-08-18 18:06:22 -------- d-----w- C:\Users\Vishal\AppData\Local\SupportSoft
    2011-08-18 18:04:45 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft
    2011-08-18 18:04:45 -------- d-----w- C:\Program Files (x86)\ComcastUI
    2011-08-17 17:27:37 -------- d-----w- C:\Users\Vishal\AppData\Local\Sprint
    2011-08-17 16:56:01 133120 ----a-w- C:\Windows\System32\drivers\cm_netamd.sys
    2011-08-17 16:56:01 133120 ----a-w- C:\Windows\System32\drivers\cm_net.sys
    2011-08-17 16:55:57 118272 ----a-w- C:\Windows\System32\drivers\cm_seramd.sys
    2011-08-17 16:55:57 118272 ----a-w- C:\Windows\System32\drivers\cm_ser.sys
    2011-08-17 16:51:41 47104 ----a-w- C:\Windows\System32\drivers\swmsflt.sys
    2011-08-17 16:51:41 -------- d-----w- C:\Users\Vishal\AppData\Roaming\Sierra Wireless
    2011-08-17 16:49:53 41280 ----a-w- C:\Windows\System32\drivers\PCASp50a64.sys
    2011-08-17 16:46:12 -------- d-----w- C:\Program Files (x86)\Sierra Wireless
    2011-08-17 16:45:52 -------- d-----w- C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
    2011-08-17 16:45:39 -------- d-----w- C:\Program Files\Novatel Wireless
    2011-08-17 16:45:14 -------- d-----w- C:\ProgramData\Sprint
    2011-08-17 16:45:14 -------- d-----w- C:\Program Files (x86)\Sprint
    2011-08-17 16:45:14 -------- d-----w- C:\Program Files (x86)\Novatel Wireless
    2011-08-15 06:38:55 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2011-08-15 06:28:52 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
    2011-08-15 06:28:49 -------- d-----w- C:\Program Files\Hitman Pro 3.5
    2011-08-15 06:28:15 -------- d-----w- C:\ProgramData\Hitman Pro
    2011-08-10 22:02:59 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2011-08-10 22:01:59 673040 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    2011-08-07 08:28:56 380928 ----a-w- C:\Windows\System32\ac3filter.acm
    2011-08-07 08:28:55 -------- d-----w- C:\Program Files (x86)\AC3Filter
    2011-08-07 08:09:14 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
    2011-08-06 07:03:18 -------- d-----w- C:\Users\Vishal\AppData\Roaming\Malwarebytes
    2011-08-06 07:03:08 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-08-06 07:03:04 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ==================== Find3M ====================
    .
    2011-08-22 02:55:10 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-19 16:08:59 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
    2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
    2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-06-23 20:25:10 225328 ----a-w- C:\Windows\System32\drivers\wpshelper.sys
    2011-06-23 05:29:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-06-23 04:38:05 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-06-23 04:38:04 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
    2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 0:01:28.90 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/19/2010 11:23:38 AM
    System Uptime: 8/25/2011 11:10:14 PM (1 hours ago)
    .
    Motherboard: Alienware | |
    Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz | CPU 1 | 2502/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 42.685 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: facap, FastAccess Video Capture
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Sensible Vision
    Name: facap, FastAccess Video Capture
    PNP Device ID: ROOT\IMAGE\0000
    Service: FACAP
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    RP112: 8/23/2011 9:44:59 PM - Removed Microsoft Silverlight
    RP113: 8/25/2011 3:00:12 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    AC3Filter (remove only)
    Accidental Damage Services Agreement
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.2
    Adobe Shockwave Player 11.5
    Advertising Center
    Akamai NetSession Interface
    AlienRespawn
    AlienRespawn - Support Software
    Apple Application Support
    Apple Software Update
    ATI Catalyst Control Center
    Banctec Service Agreement
    Belkin Setup and Router Monitor
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    Cisco AnyConnect VPN Client
    Comcast Desktop Software (v1.2.0.9)
    Command Center
    Compatibility Pack for the 2007 Office system
    CyberLink PowerDVD 8
    CyberLink YouCam
    Dell Toolbar
    DivX Web Player
    DVDVideoSoftTB Toolbar
    Free Audio CD Burner version 1.4.7
    Free YouTube to MP3 Converter version 3.10.8.815
    ImagXpress
    InstallVC90Support
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 21
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft Age of Empires II
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox (3.6.20)
    Mozilla Firefox 7.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero Rescue Agent
    Nero RescueAgent Help
    Nero StartSmart
    Nero StartSmart Help
    NeroExpress
    neroxml
    ooVoo
    OSD Setup
    Pando Media Booster
    Pharos
    QuickTime
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
    RMVB Player 1.0
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Skins
    Skype Toolbars
    Skype™ 5.3
    Spelling Dictionaries Support For Adobe Reader 9
    Star Wars Republic Commando
    Stardock MyColors
    System Requirements Lab CYRI
    Uninstall 1.0.0.1
    VC80CRTRedist - 8.0.50727.762
    Veetle TV 0.9.18
    VLC media player 1.1.10
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/25/2011 11:13:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.
    8/25/2011 11:13:08 PM, Error: Service Control Manager [7000] - The dleaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/25/2011 11:13:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect.
    8/25/2011 11:13:04 PM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/24/2011 6:14:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    8/24/2011 6:13:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    8/24/2011 6:13:54 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/24/2011 6:13:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    8/24/2011 6:12:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
    8/24/2011 6:11:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    8/19/2011 6:56:44 PM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. brianleonard

    brianleonard TS Rookie Topic Starter

    Thank You for your help

    Here are the two logs:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-08-26 00:40:41
    -----------------------------
    00:40:41.858 OS Version: Windows x64 6.1.7600
    00:40:41.858 Number of processors: 4 586 0x2502
    00:40:41.858 ComputerName: VISHAL-PC UserName: Vishal
    00:40:50.828 Initialize success
    00:41:06.569 AVAST engine defs: 11082501
    00:41:12.075 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    00:41:12.091 Disk 0 Vendor: ST932042 D005 Size: 305245MB BusType: 3
    00:41:12.107 Disk 0 MBR read successfully
    00:41:12.122 Disk 0 MBR scan
    00:41:12.200 Disk 0 Windows VISTA default MBR code
    00:41:12.200 Service scanning
    00:41:15.008 Modules scanning
    00:41:15.008 Disk 0 trace - called modules:
    00:41:15.055 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    00:41:15.117 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c4b060]
    00:41:15.133 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049d1050]
    00:41:17.832 AVAST engine scan C:\Windows
    00:41:22.387 AVAST engine scan C:\Windows\system32
    00:43:22.398 AVAST engine scan C:\Windows\system32\drivers
    00:43:35.861 AVAST engine scan C:\Users\Vishal
    00:58:15.858 Disk 0 MBR has been saved successfully to "C:\Users\Vishal\Desktop\MBR.dat"
    00:58:15.936 The log file has been saved successfully to "C:\Users\Vishal\Desktop\aswMBR.txt"
    -----------------------------------------------------

    ComboFix 11-08-25.05 - Vishal 08/26/2011 1:14.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4020.2529 [GMT -4:00]
    Running from: c:\users\Vishal\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\Vishal\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
    c:\users\Vishal\AppData\Local\Temp\48E2.tmp
    c:\users\Vishal\AppData\Local\Temp\69E9.tmp
    c:\users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\extensions\{cbe3d970-9bff-4ccd-a4bd-ec30ced5b6ed}
    c:\users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\extensions\{cbe3d970-9bff-4ccd-a4bd-ec30ced5b6ed}\chrome.manifest
    c:\users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\extensions\{cbe3d970-9bff-4ccd-a4bd-ec30ced5b6ed}\chrome\xulcache.jar
    c:\users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\extensions\{cbe3d970-9bff-4ccd-a4bd-ec30ced5b6ed}\defaults\preferences\xulcache.js
    c:\users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\extensions\{cbe3d970-9bff-4ccd-a4bd-ec30ced5b6ed}\install.rdf
    c:\users\Vishal\AppData\Roaming\PriceGong
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\1.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\7031.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\a.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\b.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\c.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\d.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\e.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\f.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\g.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\h.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\i.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\j.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\k.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\l.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\m.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\mru.xml
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\n.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\o.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\p.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\q.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\r.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\s.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\t.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\u.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\v.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\w.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\wlu.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\x.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\y.txt
    c:\users\Vishal\AppData\Roaming\PriceGong\Data\z.txt
    c:\users\Vishal\Documents\~WRL1996.tmp
    c:\windows\system32\drivers\etc\lmhosts
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-26 05:20 . 2011-08-26 05:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-26 02:52 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-26 02:52 . 2011-08-26 02:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-08-25 03:47 . 2011-08-25 03:47 -------- d-----w- c:\program files (x86)\DVDVideoSoft
    2011-08-24 18:57 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-24 18:57 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-08-24 02:29 . 2011-08-24 02:29 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2011-08-23 00:42 . 2011-08-23 00:42 -------- d-----w- c:\users\Vishal\AppData\Local\Cisco
    2011-08-23 00:40 . 2011-08-23 00:40 -------- d-----w- c:\program files (x86)\Cisco
    2011-08-23 00:40 . 2011-08-23 00:40 -------- d-----w- c:\programdata\Cisco
    2011-08-22 13:37 . 2011-08-22 13:37 -------- d-----w- c:\users\Vishal\AppData\Roaming\Xerox
    2011-08-22 13:26 . 2011-08-22 13:26 -------- d-----w- c:\programdata\Xerox
    2011-08-22 13:25 . 2011-08-22 13:25 40448 ----a-w- c:\windows\system32\Spool\prtprocs\x64\x5pp.dll
    2011-08-22 13:25 . 2011-08-22 13:25 11776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\x5print.dll
    2011-08-18 20:13 . 2011-08-18 20:13 -------- d-----w- c:\programdata\Affinegy
    2011-08-18 18:24 . 2011-08-18 18:24 -------- d-----w- c:\program files (x86)\Belkin
    2011-08-18 18:06 . 2011-08-18 18:06 -------- d-----w- c:\users\Vishal\AppData\Local\SupportSoft
    2011-08-18 18:04 . 2011-08-18 18:04 -------- d-----w- c:\program files (x86)\Common Files\SupportSoft
    2011-08-18 18:04 . 2011-08-18 18:04 -------- d-----w- c:\program files (x86)\ComcastUI
    2011-08-17 17:27 . 2011-08-17 17:27 -------- d-----w- c:\users\Vishal\AppData\Local\Sprint
    2011-08-17 16:56 . 2008-05-29 18:53 133120 ----a-w- c:\windows\system32\drivers\cm_netamd.sys
    2011-08-17 16:56 . 2008-05-29 18:53 133120 ----a-w- c:\windows\system32\drivers\cm_net.sys
    2011-08-17 16:55 . 2008-05-29 18:53 118272 ----a-w- c:\windows\system32\drivers\cm_seramd.sys
    2011-08-17 16:55 . 2008-05-29 18:53 118272 ----a-w- c:\windows\system32\drivers\cm_ser.sys
    2011-08-17 16:51 . 2011-08-17 16:51 -------- d-----w- c:\users\Vishal\AppData\Roaming\Sierra Wireless
    2011-08-17 16:51 . 2010-12-15 18:38 47104 ----a-w- c:\windows\system32\drivers\swmsflt.sys
    2011-08-17 16:49 . 2010-01-11 18:11 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
    2011-08-17 16:46 . 2011-08-17 16:46 -------- d-----w- c:\program files (x86)\Sierra Wireless
    2011-08-17 16:45 . 2011-08-17 16:45 -------- d-----w- c:\program files (x86)\Common Files\PctelEapPeer Authentication
    2011-08-17 16:45 . 2011-08-17 16:45 -------- d-----w- c:\program files\Novatel Wireless
    2011-08-17 16:45 . 2011-08-17 16:45 -------- d-----w- c:\programdata\Sprint
    2011-08-17 16:45 . 2011-08-17 16:45 -------- d-----w- c:\program files (x86)\Sprint
    2011-08-17 16:45 . 2011-08-17 16:45 -------- d-----w- c:\program files (x86)\Novatel Wireless
    2011-08-15 06:38 . 2011-08-15 06:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2011-08-15 06:28 . 2011-08-15 06:28 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-08-15 06:28 . 2011-08-15 06:28 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-08-15 06:28 . 2011-08-15 06:38 -------- d-----w- c:\programdata\Hitman Pro
    2011-08-10 22:02 . 2011-07-16 05:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-08-10 22:01 . 2011-06-21 05:37 673040 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
    2011-08-07 08:28 . 2007-08-18 07:54 380928 ----a-w- c:\windows\system32\ac3filter.acm
    2011-08-07 08:28 . 2011-08-07 08:28 -------- d-----w- c:\program files (x86)\AC3Filter
    2011-08-07 08:09 . 2011-08-07 08:09 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
    2011-08-06 07:03 . 2011-08-06 07:03 -------- d-----w- c:\users\Vishal\AppData\Roaming\Malwarebytes
    2011-08-06 07:03 . 2011-08-06 07:03 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-06 07:03 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-22 02:55 . 2011-05-25 04:50 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-19 16:08 . 2011-07-19 16:08 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
    2011-07-16 04:32 . 2011-08-10 22:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2011-06-23 20:25 . 2010-10-05 04:35 225328 ----a-w- c:\windows\system32\drivers\wpshelper.sys
    2011-06-11 02:56 . 2011-07-15 05:21 3134464 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2010-10-31 19071672]
    "Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "OSD_LAUNCH"="c:\program files (x86)\OSD\Launch.exe" [2010-01-05 32768]
    "FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
    "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
    "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-04-28 75048]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
    "Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]
    "RDVCHG"="c:\program files (x86)\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]
    "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\program files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
    Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-01-07 33448]
    R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
    R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-12-15 124224]
    R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [x]
    R3 cm_ser;C-motech USB Serial Port Driver;c:\windows\system32\DRIVERS\cm_ser.sys [x]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
    R3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [x]
    R3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [x]
    R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [x]
    R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [x]
    R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 ioatdma;Intel(R) QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/08/10 12:48];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-16 04:28 146928]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-02 89600]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-01-07 1052328]
    S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
    S2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-01-11 82944]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2010-08-20 689472]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-12-20 602872]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-14 136824]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\OSD\WinRing0x64.sys [2008-07-26 14544]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WINRING0_1_2_0
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-15 487424]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
    "AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
    "dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-01-18 770728]
    "EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-01-18 139944]
    "combofix"="c:\combofix\CF15326.3XE" [2009-07-14 344576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.alienware.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:53657
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-conhost - c:\users\Vishal\AppData\Roaming\Microsoft\conhost.exe
    Wow6432Node-HKLM-Run-FAStartup - (no file)
    SafeBoot-Symantec Antvirus
    Toolbar-Locked - (no file)
    WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-(Default) - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe
    AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\progra~2\PHAROS~1\Core\CTskMstr.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\AlienRespawn\Components\Scheduler\STService.exe
    c:\program files\Alienware\Command Center\AlienSense\FATrayAlert.exe
    c:\program files (x86)\OSD\OSD_Main.exe
    c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
    c:\program files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
    c:\program files\Alienware\Command Center\AlienFXHook32Mngr.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-26 01:28:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-26 05:28
    .
    Pre-Run: 49,617,645,568 bytes free
    Post-Run: 50,741,321,728 bytes free
    .
    - - End Of File - - 9A16CA4E084108106EFEEC8282393B55
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    How is redirection?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:53657
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  5. brianleonard

    brianleonard TS Rookie Topic Starter

    I followed your instructions, and here is the log (I did say yes when combofix asked for update)

    ComboFix 11-08-26.04 - Vishal 08/26/2011 17:03:29.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4020.2722 [GMT -4:00]
    Running from: c:\users\Vishal\Desktop\ComboFix.exe
    Command switches used :: c:\users\Vishal\Desktop\CFScript.txt
    AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Vishal\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-26 21:08 . 2011-08-26 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-26 02:52 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-26 02:52 . 2011-08-26 02:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-08-25 03:47 . 2011-08-25 03:47 -------- d-----w- c:\program files (x86)\DVDVideoSoft
    2011-08-24 18:57 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-24 18:57 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-08-24 02:29 . 2011-08-24 02:29 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2011-08-23 00:42 . 2011-08-23 00:42 -------- d-----w- c:\users\Vishal\AppData\Local\Cisco
    2011-08-23 00:40 . 2011-08-23 00:40 -------- d-----w- c:\program files (x86)\Cisco
    2011-08-23 00:40 . 2011-08-23 00:40 -------- d-----w- c:\programdata\Cisco
    2011-08-22 13:37 . 2011-08-22 13:37 -------- d-----w- c:\users\Vishal\AppData\Roaming\Xerox
    2011-08-22 13:26 . 2011-08-22 13:26 -------- d-----w- c:\programdata\Xerox
    2011-08-22 13:25 . 2011-08-22 13:25 40448 ----a-w- c:\windows\system32\Spool\prtprocs\x64\x5pp.dll
    2011-08-22 13:25 . 2011-08-22 13:25 11776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\x5print.dll
    2011-08-18 20:13 . 2011-08-18 20:13 -------- d-----w- c:\programdata\Affinegy
    2011-08-18 18:24 . 2011-08-18 18:24 -------- d-----w- c:\program files (x86)\Belkin
    2011-08-18 18:06 . 2011-08-18 18:06 -------- d-----w- c:\users\Vishal\AppData\Local\SupportSoft
    2011-08-18 18:04 . 2011-08-18 18:04 -------- d-----w- c:\program files (x86)\Common Files\SupportSoft
    2011-08-18 18:04 . 2011-08-18 18:04 -------- d-----w- c:\program files (x86)\ComcastUI
    2011-08-17 17:27 . 2011-08-17 17:27 -------- d-----w- c:\users\Vishal\AppData\Local\Sprint
    2011-08-17 16:56 . 2008-05-29 18:53 133120 ----a-w- c:\windows\system32\drivers\cm_netamd.sys
    2011-08-17 16:56 . 2008-05-29 18:53 133120 ----a-w- c:\windows\system32\drivers\cm_net.sys
    2011-08-17 16:55 . 2008-05-29 18:53 118272 ----a-w- c:\windows\system32\drivers\cm_seramd.sys
    2011-08-17 16:55 . 2008-05-29 18:53 118272 ----a-w- c:\windows\system32\drivers\cm_ser.sys
    2011-08-17 16:51 . 2011-08-17 16:51 -------- d-----w- c:\users\Vishal\AppData\Roaming\Sierra Wireless
    2011-08-17 16:51 . 2010-12-15 18:38 47104 ----a-w- c:\windows\system32\drivers\swmsflt.sys
    2011-08-17 16:49 . 2010-01-11 18:11 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
    2011-08-17 16:46 . 2011-08-17 16:46 -------- d-----w- c:\program files (x86)\Sierra Wireless
    2011-08-17 16:45 . 2011-08-17 16:45 -------- d-----w- c:\program files (x86)\Common Files\PctelEapPeer Authentication
    2011-08-17 16:45 . 2011-08-17 16:45 -------- d-----w- c:\program files\Novatel Wireless
    2011-08-17 16:45 . 2011-08-17 16:45 -------- d-----w- c:\programdata\Sprint
    2011-08-17 16:45 . 2011-08-17 16:45 -------- d-----w- c:\program files (x86)\Sprint
    2011-08-17 16:45 . 2011-08-17 16:45 -------- d-----w- c:\program files (x86)\Novatel Wireless
    2011-08-15 06:38 . 2011-08-15 06:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2011-08-15 06:28 . 2011-08-15 06:28 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-08-15 06:28 . 2011-08-15 06:28 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-08-15 06:28 . 2011-08-15 06:38 -------- d-----w- c:\programdata\Hitman Pro
    2011-08-10 22:02 . 2011-07-16 05:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-08-10 22:01 . 2011-06-21 05:37 673040 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
    2011-08-07 08:28 . 2007-08-18 07:54 380928 ----a-w- c:\windows\system32\ac3filter.acm
    2011-08-07 08:28 . 2011-08-07 08:28 -------- d-----w- c:\program files (x86)\AC3Filter
    2011-08-07 08:09 . 2011-08-07 08:09 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
    2011-08-06 07:03 . 2011-08-06 07:03 -------- d-----w- c:\users\Vishal\AppData\Roaming\Malwarebytes
    2011-08-06 07:03 . 2011-08-06 07:03 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-06 07:03 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-22 02:55 . 2011-05-25 04:50 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-19 16:08 . 2011-07-19 16:08 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
    2011-07-16 04:32 . 2011-08-10 22:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2011-06-23 20:25 . 2010-10-05 04:35 225328 ----a-w- c:\windows\system32\drivers\wpshelper.sys
    2011-06-11 02:56 . 2011-07-15 05:21 3134464 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-08-26_05.24.14 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2011-08-26 05:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-08-26 21:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-08-26 05:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-08-26 21:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-08-26 05:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-08-26 21:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-08-10 17:45 . 2011-08-26 21:14 42706 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2011-08-26 05:25 32602 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-08-26 21:14 32602 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-08-19 15:33 . 2011-08-26 21:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-08-19 15:33 . 2011-08-26 05:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-08-19 15:33 . 2011-08-26 05:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-08-19 15:33 . 2011-08-26 21:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-08-26 05:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-08-26 21:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-07-03 18:26 . 2011-08-26 21:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-07-03 18:26 . 2011-08-26 05:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-07-03 18:26 . 2011-08-26 05:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-07-03 18:26 . 2011-08-26 21:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-07-03 18:27 . 2011-08-26 05:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-07-03 18:27 . 2011-08-26 21:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-08-21 20:16 . 2011-08-26 21:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-08-21 20:16 . 2011-08-26 05:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-08-21 20:16 . 2011-08-26 05:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-08-21 20:16 . 2011-08-26 21:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-08-26 05:22 . 2011-08-26 05:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-08-26 21:11 . 2011-08-26 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-08-26 21:11 . 2011-08-26 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-08-26 05:22 . 2011-08-26 05:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-08-19 15:40 . 2011-08-26 18:41 301574 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 05:01 . 2011-08-26 21:08 382472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-08-26 05:20 382472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 02:34 . 2011-08-26 06:07 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2011-08-26 02:11 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2010-08-22 15:58 . 2011-08-26 05:20 32001320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-910827798-39462071-944209406-1000-8192.dat
    + 2010-08-22 15:58 . 2011-08-26 21:09 32001320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-910827798-39462071-944209406-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2010-10-31 19071672]
    "Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "OSD_LAUNCH"="c:\program files (x86)\OSD\Launch.exe" [2010-01-05 32768]
    "FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
    "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
    "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-04-28 75048]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
    "Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]
    "RDVCHG"="c:\program files (x86)\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]
    "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    "FAStartup"="" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\program files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
    Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-01-07 33448]
    R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
    R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-12-15 124224]
    R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [x]
    R3 cm_ser;C-motech USB Serial Port Driver;c:\windows\system32\DRIVERS\cm_ser.sys [x]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
    R3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [x]
    R3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [x]
    R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [x]
    R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [x]
    R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 ioatdma;Intel(R) QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/08/10 12:48];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-16 04:28 146928]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-02 89600]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-01-07 1052328]
    S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
    S2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-01-11 82944]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2010-08-20 689472]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-12-20 602872]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-14 136824]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\OSD\WinRing0x64.sys [2008-07-26 14544]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WINRING0_1_2_0
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-15 487424]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
    "AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
    "dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-01-18 770728]
    "EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-01-18 139944]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.alienware.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox 4.0 Beta 8\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Test Pilot: testpilot@labs.mozilla.com - %profile%\extensions\testpilot@labs.mozilla.com
    FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\progra~2\PHAROS~1\Core\CTskMstr.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\AlienRespawn\Components\Scheduler\STService.exe
    c:\program files\Alienware\Command Center\AlienSense\FATrayAlert.exe
    c:\program files (x86)\OSD\OSD_Main.exe
    c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
    c:\program files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
    c:\program files\Alienware\Command Center\AlienFXHook32Mngr.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-26 17:16:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-26 21:16
    ComboFix2.txt 2011-08-26 05:28
    .
    Pre-Run: 49,592,778,752 bytes free
    Post-Run: 49,313,808,384 bytes free
    .
    - - End Of File - - D9F9E41856BA05DB3BA89D2C8837F554
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You're not saying:
     
  7. brianleonard

    brianleonard TS Rookie Topic Starter

    Oh i'm sorry I missed that. The redirection hasn't happened all day so I'm incredibly happy, but I don't want to jinx it before you give me the all clear.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Very well :)

    We'll run couple more scans, just to make sure....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. brianleonard

    brianleonard TS Rookie Topic Starter

    OTL.txt (2 Parts because does not fit in one post):

    OTL logfile created on: 8/26/2011 6:05:09 PM - Run 1
    OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Vishal\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.93 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 60.76% Memory free
    7.85 Gb Paging File | 6.17 Gb Available in Paging File | 78.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 45.99 Gb Free Space | 16.23% Space Free | Partition Type: NTFS

    Computer Name: VISHAL-PC | User Name: Vishal | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/26 18:04:23 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Vishal\Downloads\OTL.exe
    PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
    PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    PRC - [2010/12/22 21:25:46 | 000,339,456 | ---- | M] (Pharos Systems International) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
    PRC - [2010/12/20 11:57:04 | 000,602,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    PRC - [2010/12/15 14:54:46 | 000,075,072 | ---- | M] (Sprint) -- C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe
    PRC - [2010/12/15 14:54:44 | 000,316,736 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe
    PRC - [2010/12/15 14:54:44 | 000,120,128 | ---- | M] (SmithMicro Inc.) -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
    PRC - [2010/10/31 14:39:40 | 019,071,672 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
    PRC - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe
    PRC - [2010/07/21 11:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
    PRC - [2010/05/21 15:34:38 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    PRC - [2010/05/21 15:33:48 | 000,063,304 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    PRC - [2010/04/23 00:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2010/04/04 14:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    PRC - [2010/04/04 14:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
    PRC - [2010/04/04 14:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
    PRC - [2010/01/25 15:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    PRC - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/01/18 13:13:32 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
    PRC - [2010/01/18 13:13:28 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
    PRC - [2010/01/11 14:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    PRC - [2010/01/04 15:10:00 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\OSD\OSD_Service.exe
    PRC - [2010/01/04 12:15:10 | 000,086,016 | ---- | M] (Microsoft) -- C:\Program Files (x86)\OSD\OSD_Main.exe
    PRC - [2009/10/13 12:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/10/13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/04/28 11:50:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    PRC - [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/12 15:52:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\5914966008346d5e9341ba1f9d6d2760\System.Core.ni.dll
    MOD - [2011/08/12 15:52:00 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\7cc7d753f499e27b4bd8a45c3e81c73e\System.Management.ni.dll
    MOD - [2011/08/11 22:58:55 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\86f429e0a23238cf277d464bd0433d86\System.Data.ni.dll
    MOD - [2011/08/11 22:58:21 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll
    MOD - [2011/08/11 22:57:30 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
    MOD - [2011/08/11 22:57:00 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
    MOD - [2011/08/11 22:56:49 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
    MOD - [2011/08/11 22:56:11 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
    MOD - [2011/08/11 22:55:52 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
    MOD - [2011/08/11 22:55:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
    MOD - [2011/08/11 22:55:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
    MOD - [2011/08/11 22:55:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
    MOD - [2011/02/24 21:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
    MOD - [2011/02/24 20:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
    MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
    MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
    MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
    MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
    MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
    MOD - [2010/12/15 14:55:28 | 000,120,128 | ---- | M] () -- C:\Program Files (x86)\Sprint\Sprint SmartView\Pac.dll
    MOD - [2010/12/15 14:54:56 | 000,070,976 | ---- | M] () -- C:\Program Files (x86)\Sprint\Sprint SmartView\Eap.dll
    MOD - [2010/08/10 13:41:20 | 004,790,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.92.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
    MOD - [2010/08/10 13:41:20 | 000,443,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.92.0__bebb3c8816410241\AlienwareAlienFXTools.dll
    MOD - [2010/08/10 13:41:20 | 000,075,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll
    MOD - [2010/08/10 13:41:20 | 000,037,712 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
    MOD - [2010/08/10 13:41:20 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
    MOD - [2010/08/10 13:41:20 | 000,028,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
    MOD - [2010/08/10 13:41:20 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
    MOD - [2010/08/10 13:41:20 | 000,027,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LightFX\1.0.92.0__bebb3c8816410241\LightFX.dll
    MOD - [2010/08/10 13:41:20 | 000,025,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
    MOD - [2010/08/10 13:41:20 | 000,024,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
    MOD - [2010/08/10 13:41:20 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll
    MOD - [2010/08/10 13:41:20 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll
    MOD - [2010/08/10 13:41:19 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
    MOD - [2010/08/10 13:41:19 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
    MOD - [2010/08/10 13:41:19 | 000,019,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
    MOD - [2010/08/10 13:41:19 | 000,017,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll
    MOD - [2010/08/10 13:41:19 | 000,011,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll
    MOD - [2010/07/21 11:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
    MOD - [2010/07/21 11:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\zlib1.dll
    MOD - [2010/07/21 11:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STRegistry.dll
    MOD - [2010/07/21 11:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STPE.dll
    MOD - [2010/07/21 11:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STNLS.dll
    MOD - [2010/07/21 11:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STLog.dll
    MOD - [2010/07/21 11:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STFiles.dll
    MOD - [2010/07/21 11:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\libxml2.dll
    MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2010/04/04 14:45:06 | 000,089,416 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
    MOD - [2010/04/04 14:44:12 | 000,059,208 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
    MOD - [2010/04/04 14:42:44 | 000,247,624 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
    MOD - [2010/01/18 13:13:32 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
    MOD - [2010/01/18 13:13:28 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
    MOD - [2009/12/16 13:07:29 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll
    MOD - [2009/12/16 13:04:21 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
    MOD - [2009/11/26 04:49:41 | 000,086,180 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll
    MOD - [2009/06/22 09:08:44 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epoemdll.dll
    MOD - [2009/06/22 09:08:43 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll
    MOD - [2009/06/22 09:08:41 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epwizres.dll
    MOD - [2009/06/22 09:08:27 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epwizard.dll
    MOD - [2009/06/22 09:06:32 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\customui.dll
    MOD - [2009/06/22 09:06:09 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epfunct.dll
    MOD - [2009/06/22 09:06:03 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\eputil.dll
    MOD - [2009/06/22 09:05:49 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\imagutil.dll
    MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
    MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll
    MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
    MOD - [2009/03/05 13:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
    MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll
    MOD - [2009/02/20 04:50:18 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\DLEAsmr.dll
    MOD - [2009/02/20 04:49:37 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\DLEAsm.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/05/21 11:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
    SRV:64bit: - [2010/04/04 14:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)
    SRV:64bit: - [2010/03/04 09:20:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/01/07 17:09:38 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dleacoms.exe -- (dlea_device)
    SRV:64bit: - [2010/01/07 17:09:33 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe -- (dleaCATSCustConnectService)
    SRV:64bit: - [2009/09/15 15:49:02 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/08/17 22:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe -- (AESTFilters)
    SRV - [2011/08/02 22:49:49 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
    SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
    SRV - [2010/12/22 21:25:46 | 000,339,456 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
    SRV - [2010/12/20 11:57:04 | 000,602,872 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
    SRV - [2010/12/15 14:54:44 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
    SRV - [2010/12/15 14:54:30 | 000,124,224 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
    SRV - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\sftservice.EXE -- (SftService)
    SRV - [2010/04/23 00:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2010/04/16 21:06:36 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/04/01 20:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/01/11 14:10:52 | 000,082,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
    SRV - [2010/01/07 17:09:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dleacoms.exe -- (dlea_device)
    SRV - [2010/01/04 15:10:00 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OSD\OSD_Service.exe -- (HappyOSD)
    SRV - [2009/10/13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/09 10:56:16 | 000,337,200 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/06/23 16:25:10 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/20 11:43:42 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
    DRV:64bit: - [2010/12/15 14:38:22 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
    DRV:64bit: - [2010/12/15 14:35:56 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
    DRV:64bit: - [2010/10/05 00:34:06 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2010/08/10 16:16:30 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/07/13 09:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
    DRV:64bit: - [2010/04/16 21:06:36 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
    DRV:64bit: - [2010/03/26 20:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
    DRV:64bit: - [2010/03/26 20:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
    DRV:64bit: - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
    DRV:64bit: - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2010/03/04 09:20:58 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2010/03/04 09:20:56 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/03/04 09:20:56 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2009/12/28 12:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
    DRV:64bit: - [2009/12/09 21:37:56 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
    DRV:64bit: - [2009/12/02 03:45:32 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
    DRV:64bit: - [2009/10/23 01:27:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/10/13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/10/13 01:22:02 | 000,178,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
    DRV:64bit: - [2009/09/15 15:49:02 | 000,499,712 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/09/15 00:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 15:53:46 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) Intel(R)
    DRV:64bit: - [2009/07/13 15:53:42 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
    DRV:64bit: - [2009/07/13 15:42:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma) Intel(R)
    DRV:64bit: - [2009/07/01 00:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/07/01 00:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/07/01 00:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/07 03:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2008/10/03 16:39:00 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2008/09/24 22:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
    DRV:64bit: - [2008/05/29 14:53:26 | 000,133,120 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cm_net.sys -- (cm_net)
    DRV:64bit: - [2008/05/29 14:53:26 | 000,118,272 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cm_ser.sys -- (cm_ser)
    DRV:64bit: - [2008/03/03 19:19:04 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2007/04/11 10:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) Driver for Intel(R)
    DRV:64bit: - [2007/04/11 10:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) Driver for Intel(R)
    DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/08/18 04:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110825.018\EX64.SYS -- (NAVEX15)
    DRV - [2011/08/18 04:00:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2011/08/18 04:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110825.018\ENG64.SYS -- (NAVENG)
    DRV - [2011/08/14 04:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
    DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
    DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/04/16 00:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/08/10 12:48:50] [Kernel | Auto | Running] -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
    DRV - [2008/07/26 05:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\OSD\WinRing0x64.sys -- (WinRing0_1_2_0)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BE BB 06 09 B3 8A 60 44 AA CA C5 F5 29 53 2D FF [binary data]

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BE BB 06 09 B3 8A 60 44 AA CA C5 F5 29 53 2D FF [binary data]

    IE - HKU\S-1-5-21-910827798-39462071-944209406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
    IE - HKU\S-1-5-21-910827798-39462071-944209406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
    IE - HKU\S-1-5-21-910827798-39462071-944209406-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-910827798-39462071-944209406-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
    FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1.3
    FF - prefs.js..extensions.enabledItems: {cbe3d970-9bff-4ccd-a4bd-ec30ced5b6ed}:1.0

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/21 13:48:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/21 13:48:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2011/08/20 11:07:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins [2011/08/07 04:22:55 | 000,000,000 | ---D | M]

    [2010/08/19 13:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vishal\AppData\Roaming\Mozilla\Extensions
    [2011/08/26 17:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\extensions
    [2011/08/04 02:00:19 | 000,000,000 | ---D | M] (Test Pilot) -- C:\Users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\extensions\testpilot@labs.mozilla.com
    [2010/09/26 16:25:25 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\extensions\vshare@toolbar
    [2011/01/07 12:40:05 | 000,002,698 | ---- | M] () -- C:\Users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\searchplugins\twitter.xml
    [2010/08/31 22:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/08/28 14:59:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/21 20:50:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    File not found (No name found) --
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/08/26 17:12:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
    O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
    O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-910827798-39462071-944209406-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
    O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [FAStartup] File not found
    O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
    O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe (HH)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RDVCHG] C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
    O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-910827798-39462071-944209406-1000..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
    O4 - HKU\S-1-5-21-910827798-39462071-944209406-1000..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe (Softthinks)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
     
  10. brianleonard

    brianleonard TS Rookie Topic Starter

    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-910827798-39462071-944209406-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-910827798-39462071-944209406-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Key error. - File not found
    O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.ac3filter - ac3filter.acm File not found
    Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/26 17:13:04 | 000,000,000 | R--D | C] -- C:\Users\Vishal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
    [2011/08/26 17:12:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/08/26 01:13:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/08/26 01:13:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/08/26 01:13:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/08/26 01:13:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/08/26 01:09:18 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/08/26 01:07:21 | 004,184,273 | R--- | C] (Swearware) -- C:\Users\Vishal\Desktop\ComboFix.exe
    [2011/08/25 22:52:30 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/08/25 22:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/08/25 22:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/08/24 23:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
    [2011/08/24 23:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
    [2011/08/23 22:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2011/08/23 22:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2011/08/22 20:42:18 | 000,000,000 | ---D | C] -- C:\Users\Vishal\AppData\Local\Cisco
    [2011/08/22 20:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
    [2011/08/22 20:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
    [2011/08/22 20:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
    [2011/08/22 09:37:12 | 000,000,000 | ---D | C] -- C:\Users\Vishal\AppData\Roaming\Xerox
    [2011/08/22 09:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
    [2011/08/18 16:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy
    [2011/08/18 14:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin
    [2011/08/18 14:24:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
    [2011/08/18 14:06:22 | 000,000,000 | ---D | C] -- C:\Users\Vishal\AppData\Local\SupportSoft
    [2011/08/18 14:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft
    [2011/08/18 14:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ComcastUI
    [2011/08/18 12:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/08/17 13:27:37 | 000,000,000 | ---D | C] -- C:\Users\Vishal\AppData\Local\Sprint
    [2011/08/17 12:56:01 | 000,133,120 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_netamd.sys
    [2011/08/17 12:56:01 | 000,133,120 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_net.sys
    [2011/08/17 12:55:57 | 000,118,272 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_seramd.sys
    [2011/08/17 12:55:57 | 000,118,272 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_ser.sys
    [2011/08/17 12:51:41 | 000,000,000 | ---D | C] -- C:\Users\Vishal\AppData\Roaming\Sierra Wireless
    [2011/08/17 12:49:53 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCASp50a64.sys
    [2011/08/17 12:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sprint
    [2011/08/17 12:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless
    [2011/08/17 12:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
    [2011/08/17 12:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Novatel Wireless
    [2011/08/17 12:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sprint
    [2011/08/17 12:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sprint
    [2011/08/17 12:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Novatel Wireless
    [2011/08/15 02:38:55 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2011/08/15 02:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2011/08/15 02:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2011/08/07 04:28:56 | 000,000,000 | ---D | C] -- C:\Users\Vishal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AC3Filter
    [2011/08/07 04:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
    [2011/08/07 04:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
    [2011/08/07 04:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
    [2011/08/07 04:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
    [2011/08/06 03:03:18 | 000,000,000 | ---D | C] -- C:\Users\Vishal\AppData\Roaming\Malwarebytes
    [2011/08/06 03:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/08/06 03:03:04 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/08/01 20:50:39 | 000,000,000 | R--D | C] -- C:\Users\Vishal\Searches
    [2010/09/01 20:28:46 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
    [2010/09/01 20:28:46 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
    [2010/09/01 20:28:45 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
    [2010/09/01 20:28:44 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
    [2010/09/01 20:28:43 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
    [2010/09/01 20:28:43 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
    [2010/09/01 20:28:42 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
    [2010/09/01 20:28:42 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
    [2010/09/01 20:28:41 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
    [2010/09/01 20:28:41 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
    [2010/09/01 20:28:41 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
    [2010/09/01 20:28:40 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/26 17:20:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/08/26 17:20:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/08/26 17:12:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/08/26 17:10:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/08/26 17:10:17 | 3161,841,664 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/26 17:02:19 | 004,184,273 | R--- | M] (Swearware) -- C:\Users\Vishal\Desktop\ComboFix.exe
    [2011/08/26 00:58:15 | 000,000,512 | ---- | M] () -- C:\Users\Vishal\Desktop\MBR.dat
    [2011/08/26 00:38:48 | 569,952,308 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/08/25 22:46:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/08/25 22:46:24 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/08/25 22:46:24 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/08/23 21:52:16 | 000,013,076 | ---- | M] () -- C:\Users\Vishal\AppData\Roaming\ED0E.14E
    [2011/08/20 11:08:44 | 000,002,149 | ---- | M] () -- C:\Users\Vishal\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk
    [2011/08/18 14:06:23 | 000,000,199 | ---- | M] () -- C:\Users\Vishal\Desktop\Comcast Email.url
    [2011/08/18 14:06:23 | 000,000,193 | ---- | M] () -- C:\Users\Vishal\Desktop\Comcast Security.url
    [2011/08/18 14:04:48 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Comcast Desktop Software.lnk
    [2011/08/18 12:24:12 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/08/17 12:52:08 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/08/17 12:48:35 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Sprint SmartView.lnk
    [2011/08/15 03:05:27 | 000,000,035 | ---- | M] () -- C:\Users\Vishal\jagex_runescape_preferences.dat
    [2011/08/15 03:04:31 | 000,000,129 | ---- | M] () -- C:\Users\Vishal\jagex_runescape_preferences2.dat
    [2011/08/15 02:38:55 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2011/08/15 02:28:52 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
    [2011/08/11 03:17:32 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2011/08/07 04:22:50 | 000,001,611 | ---- | M] () -- C:\Users\Vishal\Desktop\DivX Movies.lnk
    [2011/07/29 10:19:18 | 000,032,768 | ---- | M] () -- C:\Users\Vishal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/08/26 01:13:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/08/26 01:13:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/08/26 01:13:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/08/26 01:13:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/08/26 01:13:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/08/26 00:58:15 | 000,000,512 | ---- | C] () -- C:\Users\Vishal\Desktop\MBR.dat
    [2011/08/23 20:45:42 | 000,013,076 | ---- | C] () -- C:\Users\Vishal\AppData\Roaming\ED0E.14E
    [2011/08/18 14:06:23 | 000,000,199 | ---- | C] () -- C:\Users\Vishal\Desktop\Comcast Email.url
    [2011/08/18 14:06:23 | 000,000,193 | ---- | C] () -- C:\Users\Vishal\Desktop\Comcast Security.url
    [2011/08/18 14:04:48 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Comcast Desktop Software.lnk
    [2011/08/18 12:24:12 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/08/17 12:52:45 | 000,000,144 | ---- | C] () -- C:\Windows\SysNative\drivers\macxvi.cfg
    [2011/08/17 12:52:08 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/08/17 12:51:41 | 000,047,104 | ---- | C] () -- C:\Windows\SysNative\drivers\swmsflt.sys
    [2011/08/17 12:48:35 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Sprint SmartView.lnk
    [2011/08/15 02:58:21 | 000,000,129 | ---- | C] () -- C:\Users\Vishal\jagex_runescape_preferences2.dat
    [2011/08/15 02:56:25 | 000,000,035 | ---- | C] () -- C:\Users\Vishal\jagex_runescape_preferences.dat
    [2011/08/15 02:28:52 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
    [2011/08/11 03:17:32 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
    [2011/08/07 04:28:56 | 000,380,928 | ---- | C] () -- C:\Windows\SysNative\ac3filter.acm
    [2011/08/07 04:09:14 | 000,001,611 | ---- | C] () -- C:\Users\Vishal\Desktop\DivX Movies.lnk
    [2011/07/06 07:02:34 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2011/07/06 06:43:02 | 000,000,522 | ---- | C] () -- C:\Windows\hegames.ini
    [2010/10/09 00:10:02 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
    [2010/10/05 00:25:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/09/01 20:28:47 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
    [2010/09/01 20:28:47 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
    [2010/09/01 20:28:46 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
    [2010/09/01 20:28:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
    [2010/09/01 20:28:46 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
    [2010/09/01 20:28:45 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
    [2010/09/01 20:28:45 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
    [2010/09/01 20:28:44 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
    [2010/09/01 20:28:44 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
    [2010/09/01 20:28:40 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
    [2010/09/01 20:27:07 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll
    [2010/09/01 20:27:07 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll
    [2010/08/31 22:55:29 | 000,032,768 | ---- | C] () -- C:\Users\Vishal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/19 13:42:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/08/10 15:30:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/06/24 12:32:16 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/05/21 15:38:00 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
    [2010/04/04 14:45:06 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
    [2010/04/04 14:44:12 | 000,059,208 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
    [2010/04/04 14:42:44 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/06/09 10:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
    [1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

    ========== LOP Check ==========

    [2011/02/09 05:15:33 | 000,000,000 | ---D | M] -- C:\Users\Vishal\AppData\Roaming\DAEMON Tools Lite
    [2011/08/24 23:47:48 | 000,000,000 | ---D | M] -- C:\Users\Vishal\AppData\Roaming\DVDVideoSoft
    [2011/08/24 23:47:19 | 000,000,000 | ---D | M] -- C:\Users\Vishal\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/04/29 03:34:16 | 000,000,000 | ---D | M] -- C:\Users\Vishal\AppData\Roaming\fltk.org
    [2010/10/27 22:36:00 | 000,000,000 | ---D | M] -- C:\Users\Vishal\AppData\Roaming\ooVoo Details
    [2010/08/28 15:07:48 | 000,000,000 | ---D | M] -- C:\Users\Vishal\AppData\Roaming\OpenOffice.org
    [2011/08/17 12:51:41 | 000,000,000 | ---D | M] -- C:\Users\Vishal\AppData\Roaming\Sierra Wireless
    [2011/06/30 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\Vishal\AppData\Roaming\SystemRequirementsLab
    [2011/08/22 09:37:12 | 000,000,000 | ---D | M] -- C:\Users\Vishal\AppData\Roaming\Xerox
    [2011/06/20 14:22:52 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/08/26 17:16:51 | 000,027,469 | ---- | M] () -- C:\ComboFix.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/08/26 17:10:17 | 3161,841,664 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2010/08/10 16:21:21 | 000,003,236 | RH-- | M] () -- C:\mfg.sdr
    [2011/02/22 00:57:07 | 000,006,328 | ---- | M] () -- C:\notify_debug.txt
    [2011/08/26 17:10:43 | 4215,791,616 | -HS- | M] () -- C:\pagefile.sys
    [2010/08/10 13:39:48 | 000,000,209 | ---- | M] () -- C:\setup.log
    [2011/02/10 09:52:42 | 000,000,000 | ---- | M] () -- C:\t1d0.1
    [2011/06/14 22:08:54 | 000,000,000 | ---- | M] () -- C:\t1d0.2
    [2011/06/03 16:09:11 | 000,000,000 | ---- | M] () -- C:\t1ek.1
    [2011/06/03 16:09:11 | 000,000,000 | ---- | M] () -- C:\t1ek.2
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/08/19 11:42:17 | 000,000,221 | -HS- | M] () -- C:\Users\Vishal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/08/26 17:02:19 | 004,184,273 | R--- | M] (Swearware) -- C:\Users\Vishal\Desktop\ComboFix.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/12/26 22:00:04 | 000,000,432 | -HS- | M] () -- C:\Users\Vishal\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/05/12 01:27:29 | 000,048,430 | ---- | M] () -- C:\ProgramData\dleaJSW.log
    [2011/08/26 17:12:59 | 000,024,828 | ---- | M] () -- C:\ProgramData\dleascan.log
    [2010/09/01 20:51:07 | 000,000,252 | ---- | M] () -- C:\ProgramData\FastPics.log
    [2011/08/17 12:52:08 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/09/01 20:27:39 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  11. brianleonard

    brianleonard TS Rookie Topic Starter

    Extras.txt

    OTL Extras logfile created on: 8/26/2011 6:05:09 PM - Run 1
    OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Vishal\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.93 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 60.76% Memory free
    7.85 Gb Paging File | 6.17 Gb Available in Paging File | 78.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 45.99 Gb Free Space | 16.23% Space Free | Partition Type: NTFS

    Computer Name: VISHAL-PC | User Name: Vishal | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-910827798-39462071-944209406-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0A2163CB-4F47-44AA-A219-36133260CF17}" = Symantec Endpoint Protection
    "{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel(R) Network Connections 14.8.43.0
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{36F87C26-E447-CF8B-C2BD-49FD2534C62A}" = ccc-utility64
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{4647BF57-21C4-4BC8-BA1B-E57A30EE1D31}" = Sprint SmartView
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
    "{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
    "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Dell V310-V510 Series" = Dell V310-V510 Series
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PROSetDX" = Intel(R) Network Connections 14.8.43.0
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{042B8E2D-07F9-5A33-4455-57C1EF27005C}" = CCC Help Russian
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn
    "{1D078DC5-98AE-68DC-78EA-C6085F8239BB}" = Skins
    "{1DE2AE96-3242-441B-D18C-BBF702975851}" = CCC Help Danish
    "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{21C5ABBF-9B77-43FA-9CA0-93F27948266F}" = CCC Help Finnish
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{330B7AAD-B2FE-4989-B02A-DDA5A174FCDF}" = Accidental Damage Services Agreement
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
    "{401DFB17-91F6-132E-A794-6DF51ED13E2C}" = CCC Help Spanish
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{54EE63E3-9960-41B6-9644-BB0167C6DD42}" = Catalyst Control Center - Branding
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{575E2692-4DE1-9AEC-517C-E7AE92C1C28D}" = CCC Help Norwegian
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
    "{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
    "{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
    "{643C01F1-F211-8C0D-2A8C-EBE3281EBF96}" = Catalyst Control Center Graphics Full Existing
    "{67BBA207-A869-4D38-0F0A-6D5E08F916F1}" = Catalyst Control Center Localization All
    "{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{899D96F9-B77B-955F-4362-E36E57738B56}" = CCC Help German
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A8DD6A6-F8AF-551F-40DD-AE312E8AF22B}" = Catalyst Control Center Graphics Full New
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9477f600-04b6-41a8-b647-bea1562b84b6}" = Nero 9 Essentials
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{98E5A0C3-86ED-4429-9386-F0DB49E958EA}" = OSD Setup
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software
    "{ABFA98DE-C3EE-06A4-D333-2D29E013B795}" = CCC Help French
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AE109E8D-DC7D-981A-E51F-230E98F4039D}" = CCC Help Swedish
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}" = Banctec Service Agreement
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{C33B00BB-3953-9DB4-B2C1-EE7D2AF9A9B5}" = Catalyst Control Center Graphics Light
    "{C687E67B-474A-1402-6C22-D8B4DE9505E1}" = Catalyst Control Center Core Implementation
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{C9DC1112-682B-D508-79A3-959BCECC9C39}" = Catalyst Control Center InstallProxy
    "{CB41BAC3-8107-5305-F9DA-CB05FE6DC824}" = ccc-core-static
    "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
    "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
    "{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
    "{D17C5394-8D51-0CD9-62D6-CF1F127DF978}" = CCC Help Portuguese
    "{D2A642A4-2D3D-115A-15F7-858DA2E2E177}" = CCC Help Japanese
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{D71B7DDB-D493-BAF4-3443-61B17CE378E2}" = Catalyst Control Center Graphics Previews Vista
    "{D94E8091-5CBA-CCF0-51FA-A133FC649AEB}" = CCC Help Chinese Standard
    "{DC6DCD5E-FC40-440E-57D9-15A51DDB85D4}" = CCC Help Korean
    "{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
    "{E4E319D3-5256-F6FD-A577-EA76F358CB38}" = Catalyst Control Center Graphics Previews Common
    "{E5A6CD1A-6B4A-7F47-81EF-6D3C3ED9AF79}" = CCC Help Chinese Traditional
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{E85EF753-3B38-EA99-44BD-784986665CD1}" = CCC Help English
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{F06CE55A-5ED4-35CB-93BB-0BC32891D608}" = CCC Help Dutch
    "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
    "{F2A1A266-23B3-895C-B682-87CABE0B9689}" = CCC Help Italian
    "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
    "{F4C6DD02-8ACA-4354-BA36-9FFC3B767E73}" = Cisco AnyConnect VPN Client
    "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
    "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "AC3Filter" = AC3Filter (remove only)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Age of Empires 2.0" = Microsoft Age of Empires II
    "Akamai" = Akamai NetSession Interface
    "Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
    "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Mozilla Firefox (3.6.20)" = Mozilla Firefox (3.6.20)
    "Mozilla Firefox 7.0 (x86 en-US)" = Mozilla Firefox 7.0 (x86 en-US)
    "Pharos" = Pharos
    "RMVB Player_is1" = RMVB Player 1.0
    "Stardock MyColors" = Stardock MyColors
    "Uninstall_is1" = Uninstall 1.0.0.1
    "Veetle TV" = Veetle TV 0.9.18
    "VLC media player" = VLC media player 1.1.10

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/15/2011 12:16:30 AM | Computer Name = Vishal-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
    != mDNS_reentrancy (0)

    Error - 8/15/2011 1:28:02 AM | Computer Name = Vishal-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
    mDNS_reentrancy (0)

    Error - 8/15/2011 1:28:02 AM | Computer Name = Vishal-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
    != mDNS_reentrancy (0)

    Error - 8/15/2011 3:26:50 AM | Computer Name = Vishal-PC | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Trojan Horse in File: C:\Users\Vishal\AppData\Local\Temp\DWH8CEA.tmp
    by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
    The file was quarantined successfully.

    Error - 8/15/2011 3:28:14 AM | Computer Name = Vishal-PC | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Trojan Horse in File: C:\Users\Vishal\AppData\Local\Temp\DWHB0C0.tmp
    by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
    The file was quarantined successfully.

    Error - 8/15/2011 3:32:31 AM | Computer Name = Vishal-PC | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Tracking Cookies in File: Cookie:vishal@m.webtrends.com/
    by: Manual scan. Action: Quarantine failed : Leave Alone failed. Action Description:
    The file was deleted successfully.

    Error - 8/15/2011 4:54:39 PM | Computer Name = Vishal-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
    mDNS_reentrancy (0)

    Error - 8/15/2011 4:54:39 PM | Computer Name = Vishal-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
    != mDNS_reentrancy (0)

    Error - 8/16/2011 4:34:40 AM | Computer Name = Vishal-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
    mDNS_reentrancy (0)

    Error - 8/16/2011 4:34:40 AM | Computer Name = Vishal-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
    != mDNS_reentrancy (0)

    [ Cisco AnyConnect VPN Client Events ]
    Error - 8/25/2011 9:04:08 PM | Computer Name = Vishal-PC | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5353
    Invoked
    Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 8/25/2011 9:04:08 PM | Computer Name = Vishal-PC | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5315
    Invoked
    Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 8/25/2011 9:04:08 PM | Computer Name = Vishal-PC | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
    Line:
    5077 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)
    Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 8/25/2011 9:04:08 PM | Computer Name = Vishal-PC | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
    5003 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)
    Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 8/25/2011 11:24:18 PM | Computer Name = Vishal-PC | Source = vpnagent | ID = 67108866
    Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
    Line:
    2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 8/25/2011 11:24:18 PM | Computer Name = Vishal-PC | Source = vpnagent | ID = 67108866
    Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
    2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 8/25/2011 11:24:18 PM | Computer Name = Vishal-PC | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
    Line:
    7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 8/25/2011 11:24:18 PM | Computer Name = Vishal-PC | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4128
    Invoked
    Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
    Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 8/25/2011 11:24:18 PM | Computer Name = Vishal-PC | Source = vpnagent | ID = 67108866
    Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
    Line:
    2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 8/25/2011 11:24:18 PM | Computer Name = Vishal-PC | Source = vpnagent | ID = 67108866
    Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
    2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    [ Dell Events ]
    Error - 6/27/2011 1:42:31 AM | Computer Name = Vishal-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 6/27/2011 8:39:15 AM | Computer Name = Vishal-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 6/27/2011 8:39:15 AM | Computer Name = Vishal-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 6/29/2011 5:41:28 PM | Computer Name = Vishal-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 6/29/2011 5:41:28 PM | Computer Name = Vishal-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 6/29/2011 8:54:42 PM | Computer Name = Vishal-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 6/29/2011 8:54:42 PM | Computer Name = Vishal-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 6/30/2011 4:00:03 AM | Computer Name = Vishal-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 6/30/2011 4:00:03 AM | Computer Name = Vishal-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 8/14/2011 12:40:58 PM | Computer Name = Vishal-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ System Events ]
    Error - 8/26/2011 5:02:32 PM | Computer Name = Vishal-PC | Source = Service Control Manager | ID = 7031
    Description = The Akamai NetSession Interface service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in 1000
    milliseconds: Restart the service.

    Error - 8/26/2011 5:03:12 PM | Computer Name = Vishal-PC | Source = Service Control Manager | ID = 7034
    Description = The HappyOSD service terminated unexpectedly. It has done this 1
    time(s).

    Error - 8/26/2011 5:06:27 PM | Computer Name = Vishal-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 8/26/2011 5:08:18 PM | Computer Name = Vishal-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 8/26/2011 5:08:18 PM | Computer Name = Vishal-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 8/26/2011 5:08:44 PM | Computer Name = Vishal-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 8/26/2011 5:12:11 PM | Computer Name = Vishal-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Alienware
    Fusion Service service to connect.

    Error - 8/26/2011 5:12:11 PM | Computer Name = Vishal-PC | Source = Service Control Manager | ID = 7000
    Description = The Alienware Fusion Service service failed to start due to the following
    error: %%1053

    Error - 8/26/2011 5:12:14 PM | Computer Name = Vishal-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService
    service to connect.

    Error - 8/26/2011 5:12:14 PM | Computer Name = Vishal-PC | Source = Service Control Manager | ID = 7000
    Description = The dleaCATSCustConnectService service failed to start due to the
    following error: %%1053


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    OTL log is clean.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. brianleonard

    brianleonard TS Rookie Topic Starter

    Here are the next two logs:

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 20
    Java(TM) 6 Update 27
    Out of date Java installed!
    Adobe Flash Player 10.3.183.5
    Adobe Reader 9.4.2
    Out of date Adobe Reader installed!
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````

    ----------------------------------
    ESET Scan
    C:\Qoobox\Quarantine\C\Users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\extensions\{cbe3d970-9bff-4ccd-a4bd-ec30ced5b6ed}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Vishal\AppData\Roaming\Mozilla\Firefox\Profiles\n5zzcgf9.default\extensions\{cbe3d970-9bff-4ccd-a4bd-ec30ced5b6ed}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
     
  14. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Uninstall Java(TM) 6 Update 20 .

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current (including Service Pack 1 installation!!!)

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  15. brianleonard

    brianleonard TS Rookie Topic Starter

    Thank You for all your help. My computer is working much better than it has for quite some time now and I couldn't be more thrilled. I truly appreciate your help.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...