Inactive Help removing a browser hijack?

Status
Not open for further replies.
C

Cynik

Posts: 11   +0
Ok i dont know what this is that i have exactly. But i will click on a website that i frequently use and it will redirect me to "http://www.thewebtimes.net/?n=1311813258". Sometimes it will re-direct me somewhere else 'goingonearth' i think. I've ran Malware Bytes and Bitdefender and both programs found nothing :/. I really need some help. Im a newbie with computers so please explain as simply as possible.
 
Welcome to TechSpot! I'll help with the redirect.

I try to make the instruction as clear as possible. If you don't understand something, just ask. We have some steps for you to follow to begin. The logs from the scans will help me see what's on your system- the good and the bad. They will also show me if and what additional scans may be needed.:

Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7268

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

28/07/2011 02:19:51
mbam-log-2011-07-28 (02-19-51).txt

Scan type: Quick scan
Objects scanned: 201347
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\kmsemulator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-29 01:25:51
Windows 6.1.7601 Service Pack 1
Running: l1psu8ig.exe


---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.7.gthr 0 bytes

---- EOF - GMER 1.0.15 ----







Did i do that correctly?
 
So far, so good. Have you run the DDS scan yet? There are 2 logs to paste in from that.
 
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by user at 0:44:54 on 2011-07-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5815.4029 [GMT 1:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe
C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\DeskPins\DeskPins.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAUQBFAFoAVAAtAEIAUQBKAEcAMwAtAEUANgA0AEYAQQAtADkAMgBMADcASAAtADYARQBNAEIAUgA"&"inst=NwA2AC0AOAA4ADAANQA1ADkANwAwADMALQBEAEQAVAArADAALQBEADMAOAAxAEwAKwA1AC0ASQA5ADAAKwAxAC0AUABMACsAOQAtAE4AMQBEACsAMQA"&"prod=54"&"ver=9.0.872
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DeskPins.lnk - C:\Program Files (x86)\DeskPins\DeskPins.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F518B303-9165-41C6-9608-4863083AF131} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Defender BHO - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: BitDefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAUQBFAFoAVAAtAEIAUQBKAEcAMwAtAEUANgA0AEYAQQAtADkAMgBMADcASAAtADYARQBNAEIAUgA"&"inst=NwA2AC0AOAA4ADAANQA1ADkANwAwADMALQBEAEQAVAArADAALQBEADMAOAAxAEwAKwA1AC0ASQA5ADAAKwAxAC0AUABMACsAOQAtAE4AMQBEACsAMQA"&"prod=54"&"ver=9.0.872
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z288z4im.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 Sahdad64;HDD Filter Driver;C:\Windows\system32\Drivers\Sahdad64.sys --> C:\Windows\system32\Drivers\Sahdad64.sys [?]
R0 Saibad64;Volume Filter Driver;C:\Windows\system32\Drivers\Saibad64.sys --> C:\Windows\system32\Drivers\Saibad64.sys [?]
R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2010-6-18 88144]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-6-18 98384]
R1 Bdvedisk;Bdvedisk;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\system32\Drivers\SaibVdAd64.sys --> C:\Windows\system32\Drivers\SaibVdAd64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-28 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-28 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-7-14 32240]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2011-7-28 112592]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-3-10 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-7-11 867712]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-10 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-3-10 244624]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2011-7-28 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2011-7-28 1142224]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-7-17 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-7-17 487280]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-10 2320920]
R2 Updatesrv;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2010-8-10 50664]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 BDFM;BDFM;C:\Windows\system32\DRIVERS\bdfm.sys --> C:\Windows\system32\DRIVERS\bdfm.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-16 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe --> C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-7-21 467248]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
S4 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-07-29 01:23:31 2301208 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-07-29 01:23:20 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-07-29 01:23:16 710976 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-07-28 12:25:46 -------- d-----w- C:\Users\user\AppData\Roaming\Avira
2011-07-28 12:22:24 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-07-28 12:22:23 -------- d-----w- C:\ProgramData\Avira
2011-07-28 12:22:23 -------- d-----w- C:\Program Files (x86)\Avira
2011-07-27 23:55:20 767952 ----a-w- C:\Windows\BDTSupport.dll
2011-07-27 23:55:20 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2011-07-27 23:55:19 165840 ----a-w- C:\Windows\PCTBDRes.dll
2011-07-27 23:55:19 1652688 ----a-w- C:\Windows\PCTBDCore.dll
2011-07-27 23:53:34 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2011-07-27 23:53:34 133072 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-07-27 23:53:32 233488 ------w- C:\Windows\System32\drivers\PCTCore64.sys
2011-07-27 23:53:30 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2011-07-27 23:53:21 -------- d-----w- C:\Users\user\AppData\Roaming\PC Tools
2011-07-27 23:53:21 -------- d-----w- C:\ProgramData\PC Tools
2011-07-27 23:53:21 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2011-07-27 23:53:21 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-07-27 02:00:14 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-07-27 01:49:45 -------- d-----w- C:\Users\user\AppData\Roaming\Roxio Burn
2011-07-27 01:41:24 -------- d-----w- C:\Users\user\AppData\Roaming\Macrovision
2011-07-27 01:41:00 -------- d-----w- C:\Users\user\AppData\Local\Sonic_Solutions
2011-07-27 01:35:50 -------- d-----w- C:\ProgramData\Uninstall
2011-07-27 01:35:40 -------- d-----w- C:\ProgramData\eSellerate
2011-07-27 01:35:13 27632 ------w- C:\Windows\System32\drivers\SaibVdAd64.sys
2011-07-27 01:35:13 27120 ------w- C:\Windows\System32\drivers\Sahdad64.sys
2011-07-27 01:35:13 19952 ------w- C:\Windows\System32\drivers\Saibad64.sys
2011-07-27 01:34:04 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2011-07-27 01:34:04 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2011-07-27 01:34:04 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2011-07-27 01:32:28 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2011-07-27 01:32:03 -------- d-----w- C:\Users\user\AppData\Roaming\Simple Star
2011-07-27 01:32:01 -------- d-----w- C:\ProgramData\PhotoShow Shared Assets
2011-07-27 01:28:41 -------- d--h--w- C:\Windows\msdownld.tmp
2011-07-27 01:28:38 -------- d-----w- C:\Windows\SysWow64\directx
2011-07-27 01:26:27 -------- d-----w- C:\Users\user\AppData\Roaming\Roxio Log Files
2011-07-27 01:16:35 91568 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2011-07-27 01:16:35 -------- d-----w- C:\Program Files (x86)\PowerISO
2011-07-25 00:39:27 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-07-25 00:39:27 -------- d-----w- C:\FIND_MOZ_EXT
2011-07-25 00:38:50 -------- d-----w- C:\Users\user\AppData\Roaming\WebcamMax
2011-07-25 00:38:50 -------- d-----w- C:\ProgramData\WebcamMax
2011-07-25 00:37:29 -------- d-----w- C:\Program Files (x86)\WebcamMax
2011-07-25 00:09:31 66048 --sha-r- C:\Windows\SysWow64\wpdshextl.dll
2011-07-24 01:07:10 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2011-07-24 01:06:43 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-07-21 18:28:27 53248 ----a-r- C:\Users\user\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-07-21 18:27:08 -------- d-----w- C:\Users\user\AppData\Local\Downloaded Installations
2011-07-21 18:20:14 -------- d-----w- C:\Users\user\AppData\Local\Research In Motion
2011-07-21 18:20:13 -------- d-----w- C:\Users\user\AppData\Roaming\Research In Motion
2011-07-21 18:19:46 31744 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
2011-07-21 18:19:20 -------- d-----w- C:\ProgramData\Research In Motion
2011-07-21 18:19:04 -------- d-----w- C:\Program Files (x86)\Research In Motion
2011-07-21 18:19:04 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2011-07-21 10:53:40 -------- d-----w- C:\Users\user\AppData\Roaming\Mp3tag
2011-07-21 10:53:08 -------- d-----w- C:\Program Files (x86)\Mp3tag
2011-07-19 17:18:40 -------- d-----w- C:\Program Files (x86)\softendo.com
2011-07-18 23:05:50 2301208 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-07-18 23:05:38 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-07-18 23:05:34 710976 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-18 20:39:37 -------- d-----w- C:\Users\user\AppData\Local\Windows Live
2011-07-18 16:15:20 -------- d-----w- C:\ProgramData\Dumps
2011-07-17 23:27:57 -------- d-----w- C:\Program Files (x86)\VirtualDJ
2011-07-17 23:23:18 -------- d-----w- C:\Windows\System32\SPReview
2011-07-17 22:58:37 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-17 19:34:23 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-07-17 19:14:03 -------- d-----w- C:\Users\user\AppData\Roaming\WTablet
2011-07-17 19:14:02 749936 ----a-w- C:\Windows\System32\Pen_Touch_Tablet.dll
2011-07-17 19:14:02 642928 ----a-w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
2011-07-17 19:13:58 -------- d-----w- C:\Program Files (x86)\TabletPlugins
2011-07-17 19:13:56 18288 ----a-w- C:\Windows\System32\drivers\wacmoumonitor.sys
2011-07-17 19:13:54 12848 ------w- C:\Windows\System32\drivers\wacommousefilter.sys
2011-07-17 19:13:40 16168 ------w- C:\Windows\System32\drivers\wacomvhid.sys
2011-07-17 19:13:37 756592 ------w- C:\Windows\System32\Pen_Tablet.dll
2011-07-17 19:13:37 650096 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll
2011-07-17 19:13:37 600432 ----a-w- C:\Windows\System32\Wintab32.dll
2011-07-17 19:13:37 506736 ----a-w- C:\Windows\SysWow64\Wintab32.dll
2011-07-17 19:13:35 -------- d-----w- C:\Program Files\Tablet
2011-07-17 18:00:45 -------- d-----w- C:\Users\user\AppData\Local\Adobe
2011-07-17 16:42:35 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-07-17 16:41:59 512000 ----a-w- C:\Windows\System32\rpcss.dll
2011-07-17 16:40:59 82432 ----a-w- C:\Windows\SysWow64\dot3cfg.dll
2011-07-17 16:39:57 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-07-17 16:39:57 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-07-17 16:37:40 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-17 16:37:40 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-07-17 16:37:39 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-07-17 16:37:24 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-07-17 16:37:14 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-07-17 16:36:42 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-07-17 16:36:41 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-07-17 16:04:42 -------- d-----w- C:\ProgramData\McAfee Security Scan
2011-07-17 16:04:40 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2011-07-17 13:04:37 -------- d-----w- C:\Windows\SysWow64\Wat
2011-07-17 13:04:37 -------- d-----w- C:\Windows\System32\Wat
2011-07-17 10:53:38 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-07-17 03:05:55 -------- d-----w- C:\ProgramData\bdch
2011-07-17 03:05:05 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-07-17 03:05:05 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-07-17 03:05:04 2871808 ------w- C:\Windows\explorer.exe
2011-07-17 03:05:03 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-07-17 03:05:00 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-07-17 03:05:00 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-07-17 03:05:00 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-07-17 03:05:00 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-07-17 03:05:00 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-07-17 03:05:00 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-07-17 02:58:58 -------- d-----w- C:\Users\user\AppData\Roaming\BitDefender
2011-07-17 02:58:49 -------- d-----w- C:\Program Files\BitDefender
2011-07-17 02:56:45 -------- d-----w- C:\ProgramData\e9230000-51dd-4f99-eee6-47fb13627d99
2011-07-17 02:54:08 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-07-17 02:54:08 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-07-17 02:54:08 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-07-17 02:52:31 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-07-17 02:52:31 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-07-17 02:52:28 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-07-17 02:52:28 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-07-17 02:52:27 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-07-17 02:52:27 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-07-17 02:52:23 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-07-17 02:52:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-07-17 02:52:13 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-07-17 02:52:13 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-07-17 02:52:13 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-07-17 02:40:22 -------- d-----w- C:\ProgramData\45010000-ca18-485b-2f93-17ad8dc44da5
2011-07-17 02:32:55 -------- d-----w- C:\Users\user\AppData\Roaming\QuickScan
2011-07-17 02:32:35 -------- d-----w- C:\ProgramData\BitDefender
2011-07-17 02:32:35 -------- d-----w- C:\Program Files\Common Files\BitDefender
2011-07-17 02:32:31 388168 ------w- C:\Windows\System32\drivers\bdfsfltr.sys
2011-07-17 02:32:29 846312 ----a-w- C:\ProgramData\bdinstall.bin
2011-07-17 02:29:48 642944 ----a-w- C:\Windows\System32\winload.efi
2011-07-17 02:29:48 605552 ----a-w- C:\Windows\System32\winload.exe
2011-07-17 02:29:48 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-07-17 02:29:48 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-07-17 02:29:47 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2011-07-17 02:29:47 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-07-17 02:29:47 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-07-17 02:29:47 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-07-17 02:29:24 -------- d-----w- C:\Program Files (x86)\DeskPins
2011-07-17 02:28:04 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-07-17 02:28:04 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-07-17 02:28:03 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-07-17 02:28:01 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-07-17 02:26:59 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-07-17 02:26:59 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-07-17 02:23:34 -------- d-----w- C:\Users\user\AppData\Local\Programs
2011-07-17 02:20:58 -------- d-----w- C:\Users\user\AppData\Local\ArcSoft
2011-07-17 02:20:57 -------- d-----w- C:\ProgramData\ArcSoft
2011-07-17 02:20:21 245408 ----a-w- C:\Windows\SysWow64\unicows.dll
2011-07-17 02:20:20 212480 ----a-w- C:\Windows\SysWow64\PCDLIB32.DLL
2011-07-17 02:20:07 19968 ------w- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
2011-07-17 02:20:06 55808 ----a-w- C:\Windows\system\ArcSoftKsUFilter.dll
2011-07-17 02:19:34 77824 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-07-17 02:19:34 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-07-17 02:19:34 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-07-17 02:19:34 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-07-17 02:19:33 614532 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-07-17 01:09:28 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-07-17 01:09:19 -------- d-----w- C:\Users\user\AppData\Local\Microsoft Help
2011-07-17 00:45:46 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-17 00:26:51 -------- d-----w- C:\Program Files\SystemRequirementsLab
2011-07-17 00:14:35 -------- d-----w- C:\Program Files (x86)\AVG
2011-07-16 23:30:14 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B65C523C-D3DD-44AE-9700-DB3A7C65BDDA}\mpengine.dll
2011-07-16 23:30:13 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-07-16 18:49:17 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes
2011-07-16 18:49:09 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-16 18:49:08 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-16 18:49:05 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-16 18:49:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-16 18:22:50 -------- d-----w- C:\extensions
2011-07-16 18:22:49 -------- d-----w- C:\Program Files (x86)\Conduit
2011-07-16 18:22:48 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-07-16 18:22:48 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-07-16 18:22:47 -------- d-----w- C:\Users\user\AppData\Local\Conduit
2011-07-16 18:22:46 -------- d-----w- C:\Program Files (x86)\uTorrentBar
2011-07-16 18:22:37 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-07-16 18:22:02 -------- d-----w- C:\Users\user\AppData\Roaming\uTorrent
2011-07-16 18:22:02 -------- d-----w- C:\Users\user\AppData\Local\uTorrent
2011-07-16 18:20:26 -------- d-----w- C:\Users\user\AppData\Local\Google
2011-07-12 01:36:34 -------- d-----w- C:\Windows\NAPP_Dism_Log
2011-07-11 21:48:12 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npwachk.dll
2011-07-11 17:44:12 -------- d-----w- C:\Program Files (x86)\Microsoft Digital Experience
2011-07-11 17:42:30 -------- d-----w- C:\ProgramData\Microsoft Digital Experience
2011-07-11 17:39:36 -------- d-----w- C:\Users\user\AppData\Roaming\Intel Corporation
2011-07-11 17:39:34 -------- d-----w- C:\Users\user\AppData\Local\EgisTec IPS
2011-07-11 17:39:02 -------- d-----w- C:\Users\user\AppData\Local\VirtualStore
2011-07-11 17:37:53 -------- d-----w- C:\Program Files (x86)\OEM
2011-07-11 17:37:31 -------- d-----w- C:\Program Files\Acer Accessory Store
2011-07-11 17:06:04 -------- d-----w- C:\Program Files (x86)\NTI
2011-07-11 17:05:39 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-07-11 17:04:58 -------- d-----w- C:\Windows\en
2011-07-11 17:04:39 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-11 17:04:15 -------- d-----w- C:\Windows\PCHEALTH
2011-07-11 17:04:07 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-07-11 17:04:07 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-07-11 17:04:07 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-07-11 17:04:07 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-07-11 17:04:06 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-07-11 17:04:06 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-07-11 17:03:43 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d5ce3aa1cc3fec04\DSETUP.dll
2011-07-11 17:03:43 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d5ce3aa1cc3fec04\DXSETUP.exe
2011-07-11 17:03:43 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d5ce3aa1cc3fec04\dsetup32.dll
2011-07-11 17:03:43 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7d9866111cc3fec05\MeshBetaRemover.exe
2011-07-11 17:03:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7cdebabc1cc3fec03\DSETUP.dll
2011-07-11 17:03:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7cdebabc1cc3fec03\DXSETUP.exe
2011-07-11 17:03:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7cdebabc1cc3fec03\dsetup32.dll
2011-07-11 17:03:40 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-07-11 17:03:01 1819648 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\Word.en-us\WordMUI.msi
2011-07-11 17:01:16 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-07-11 17:01:16 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-07-11 17:01:16 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-07-11 17:00:01 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-07-11 17:00:00 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2011-07-11 16:59:41 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2011-07-11 16:52:45 214400 ----a-w- C:\Windows\SysWow64\Snpropwp.dll
2011-07-11 16:52:45 206208 ----a-w- C:\Windows\PLFSetI.exe
2011-07-11 16:52:45 113264 ----a-w- C:\Windows\FixUVC.exe
2011-07-11 16:52:08 -------- d-----w- C:\Program Files\Elantech
2011-07-11 16:49:12 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-07-11 16:46:23 -------- d---a-w- C:\book
2011-07-11 16:42:01 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-07-11 16:40:46 -------- d-----w- C:\Program Files\Common Files\Intel
2011-07-11 16:40:45 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
.
==================== Find3M ====================
.
2011-07-17 23:33:18 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-17 23:33:18 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-19 09:54:28 507904 ----a-r- C:\Windows\SysWow64\btwapi.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2010-07-08 09:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
.
============= FINISH: 0:46:48.95 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/07/2011 18:36:55
System Uptime: 30/07/2011 00:37:37 (0 hours ago)
.
Motherboard: Acer | | Aspire 5742
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU | 2240/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 347.224 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye webcam Ver:1.1.201.221
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.1 MUI
Airport Mania First Flight
Amazonia
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Ask Toolbar
µTorrent
Avira AntiVir Personal - Free Antivirus
Backup Manager Basic
Bing Bar
Bing Bar Platform
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Browser Defender 2.0.6.15
Cake Mania
Conduit Engine
Contextual Tool Yourprofitclub
CyberLink PowerDVD 9
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
DeskPins (remove only)
Dream Day First Home
eBay Worldwide
eSobi v2
Farm Frenzy 2
Galapago
Google Toolbar for Internet Explorer
Google Update Helper
Heroes of Hellas
Identity Card
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Security Scan Plus
Merriam Websters Spell Jam
Mesh Runtime
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 5.0.1 (x86 en-GB)
Mp3tag v2.49
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker Suite
Norton Online Backup
PDF Settings CS5
Poker Pop
PowerISO
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Roxio BackOnTrack
Roxio BackOnTrackPE
Roxio Burn - Secure
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2011 Pro
Roxio PhotoShow
Roxio Video Capture USB
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Shredder
SmartSound Common Data
SmartSound Quicktracks 5
Spin & Win
Spyware Doctor 7.0
Super Mario 3 : Mario Forever Advance Edition
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
uTorrentBar Toolbar
VirtualDJ
Visual C++ 8.0 Runtime Setup Package (x64)
WebcamMax
WebTablet IE Plugin
WebTablet Netscape Plugin
Welcome Center
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
30/07/2011 00:38:56, Error: Service Control Manager [7000] - The CamMonitor service failed to start due to the following error: The system cannot find the file specified.
30/07/2011 00:38:54, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
28/07/2011 14:54:38, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
28/07/2011 13:25:18, Error: Service Control Manager [7001] - The Avira AntiVir WebGuard service depends on the Avira AntiVir Guard service which failed to start because of the following error: The operation completed successfully.
28/07/2011 13:25:18, Error: Service Control Manager [7001] - The Avira AntiVir MailGuard service depends on the Avira AntiVir Guard service which failed to start because of the following error: The service has not been started.
27/07/2011 22:23:24, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
27/07/2011 03:02:29, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
27/07/2011 03:02:29, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
27/07/2011 03:02:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
27/07/2011 02:34:23, Error: Service Control Manager [7030] - The RoxMediaDB13 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
27/07/2011 02:34:23, Error: Service Control Manager [7030] - The Roxio Hard Drive Watcher 12 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
26/07/2011 14:58:10, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
26/07/2011 14:29:45, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
25/07/2011 22:07:10, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
.
==== End Of File ===========================
 
Between 7/11 and 7/27, it looks like you put the whole system together! Why are there no System Restore points?

You have the Ask Toolbar all over the system. That usually comes from being prechecked on a download screen. Be sure to look for any preloads and uncheck them before you do the download.
======================================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
===============================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Logs in next reply please.
 
ComboFix 11-07-31.01 - user 31/07/2011 0:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5815.4268 [GMT 1:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\FullRemove.exe
c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A57FE2EB-CEC1-4780-B2AE-5AFE1E40CAEA}.xps
c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D82856BA-314C-47E9-9E99-49E8D6A79354}.xps
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-30 23:17 . 2011-07-30 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-29 01:23 . 2011-07-29 01:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-07-29 01:23 . 2011-07-29 01:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-07-29 01:23 . 2011-07-29 01:23 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-07-28 12:22 . 2011-07-28 14:21 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-28 12:22 . 2011-07-28 14:21 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-28 12:22 . 2009-05-11 11:49 51992 ----a-w- c:\windows\SysWow64\drivers\avgntdd.sys
2011-07-28 12:22 . 2009-05-11 11:49 17016 ----a-w- c:\windows\SysWow64\drivers\avgntmgr.sys
2011-07-28 12:22 . 2011-07-28 12:22 -------- d-----w- c:\programdata\Avira
2011-07-28 12:22 . 2011-07-28 12:22 -------- d-----w- c:\program files (x86)\Avira
2011-07-27 02:00 . 2011-07-27 02:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-27 01:35 . 2011-07-27 01:35 -------- d-----w- c:\programdata\Uninstall
2011-07-27 01:31 . 2011-07-27 01:31 -------- d-----w- c:\program files\Roxio
2011-07-27 01:28 . 2011-07-27 01:30 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-27 01:16 . 2011-07-27 01:16 -------- d-----w- c:\program files (x86)\PowerISO
2011-07-27 01:16 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-07-25 00:39 . 2011-07-25 00:39 -------- d-----w- c:\program files (x86)\Ask.com
2011-07-25 00:39 . 2011-07-25 00:39 -------- d-----w- C:\FIND_MOZ_EXT
2011-07-25 00:38 . 2011-07-25 18:32 -------- d-----w- c:\programdata\WebcamMax
2011-07-25 00:37 . 2011-07-25 00:42 -------- d-----w- c:\program files (x86)\WebcamMax
2011-07-25 00:09 . 2011-07-25 00:09 66048 --sha-r- c:\windows\SysWow64\wpdshextl.dll
2011-07-24 01:07 . 2011-07-24 01:07 -------- d-----w- c:\program files (x86)\Winamp Detect
2011-07-24 01:06 . 2011-07-27 01:35 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-07-24 01:06 . 2011-07-24 01:08 -------- d-----w- c:\program files (x86)\Winamp
2011-07-21 18:19 . 2009-01-09 14:02 31744 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2011-07-21 18:19 . 2011-07-21 18:19 -------- d-----w- c:\programdata\Research In Motion
2011-07-21 18:19 . 2011-07-21 18:19 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2011-07-21 18:19 . 2011-07-21 18:19 -------- d-----w- c:\program files (x86)\Research In Motion
2011-07-21 10:53 . 2011-07-21 10:53 -------- d-----w- c:\program files (x86)\Mp3tag
2011-07-19 17:18 . 2011-07-19 17:18 -------- d-----w- c:\program files (x86)\softendo.com
2011-07-18 23:05 . 2011-07-18 23:05 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-07-18 23:05 . 2011-07-18 23:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-07-18 23:05 . 2011-07-18 23:05 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-18 16:15 . 2011-07-18 16:15 -------- d-----w- c:\programdata\Dumps
2011-07-17 23:27 . 2011-07-17 23:29 -------- d-----w- c:\program files (x86)\VirtualDJ
2011-07-17 23:23 . 2011-07-17 23:23 -------- d-----w- c:\windows\system32\SPReview
2011-07-17 22:58 . 2011-07-17 22:58 -------- d-----w- c:\windows\system32\EventProviders
2011-07-17 19:34 . 2011-07-17 19:34 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-07-17 19:32 . 2011-07-17 19:34 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-17 19:31 . 2011-07-17 19:31 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-07-17 19:14 . 2010-10-21 08:38 749936 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2011-07-17 19:14 . 2010-10-21 08:38 642928 ----a-w- c:\windows\SysWow64\Pen_Touch_Tablet.dll
2011-07-17 19:13 . 2011-07-17 19:14 -------- d-----w- c:\program files (x86)\TabletPlugins
2011-07-17 19:13 . 2010-10-05 12:26 18288 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-07-17 19:13 . 2010-10-05 12:26 12848 ------w- c:\windows\system32\drivers\wacommousefilter.sys
2011-07-17 19:13 . 2010-10-05 12:26 16168 ------w- c:\windows\system32\drivers\wacomvhid.sys
2011-07-17 19:13 . 2010-10-21 08:38 756592 ------w- c:\windows\system32\Pen_Tablet.dll
2011-07-17 19:13 . 2010-10-21 08:38 600432 ----a-w- c:\windows\system32\Wintab32.dll
2011-07-17 19:13 . 2010-10-21 08:38 506736 ----a-w- c:\windows\SysWow64\Wintab32.dll
2011-07-17 19:13 . 2010-10-21 08:38 650096 ----a-w- c:\windows\SysWow64\Pen_Tablet.dll
2011-07-17 19:13 . 2011-07-17 19:14 -------- d-----w- c:\program files\Tablet
2011-07-17 17:10 . 2011-07-17 17:11 -------- d-----w- c:\users\Guest
2011-07-17 16:41 . 2010-11-20 13:27 1900544 ----a-w- c:\windows\system32\setupapi.dll
2011-07-17 16:40 . 2010-11-20 13:27 303104 ----a-w- c:\program files\DVD Maker\WMM2CLIP.dll
2011-07-17 16:39 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-07-17 16:39 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-07-17 16:37 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-17 16:37 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-07-17 16:37 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-07-17 16:37 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-07-17 16:37 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-07-17 16:36 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-07-17 16:36 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-07-17 16:04 . 2011-07-17 16:04 -------- d-----w- c:\programdata\McAfee Security Scan
2011-07-17 16:04 . 2011-07-20 22:12 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2011-07-17 13:04 . 2011-07-17 13:04 -------- d-----w- c:\windows\SysWow64\Wat
2011-07-17 13:04 . 2011-07-17 13:04 -------- d-----w- c:\windows\system32\Wat
2011-07-17 10:53 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-07-17 03:05 . 2011-07-17 03:05 -------- d-----w- c:\programdata\bdch
2011-07-17 03:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-07-17 03:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-07-17 03:05 . 2011-02-25 06:19 2871808 ------w- c:\windows\explorer.exe
2011-07-17 03:05 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-07-17 03:05 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-07-17 03:05 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-07-17 03:05 . 2010-12-23 10:42 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-07-17 03:05 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-07-17 03:05 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-07-17 03:05 . 2010-12-23 05:54 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-07-17 02:58 . 2011-07-17 03:00 -------- d-----w- c:\program files\BitDefender
2011-07-17 02:56 . 2011-07-17 02:56 -------- d-----w- c:\programdata\e9230000-51dd-4f99-eee6-47fb13627d99
2011-07-17 02:54 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-07-17 02:54 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-07-17 02:54 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-07-17 02:52 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-07-17 02:52 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-07-17 02:52 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-17 02:52 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-07-17 02:52 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-07-17 02:52 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-07-17 02:52 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-07-17 02:52 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-07-17 02:52 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-07-17 02:52 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-07-17 02:52 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-07-17 02:40 . 2011-07-17 02:40 -------- d-----w- c:\programdata\45010000-ca18-485b-2f93-17ad8dc44da5
2011-07-17 02:32 . 2011-07-17 02:59 -------- d-----w- c:\programdata\BitDefender
2011-07-17 02:32 . 2011-07-17 02:58 -------- d-----w- c:\program files\Common Files\BitDefender
2011-07-17 02:32 . 2010-07-09 14:08 388168 ------w- c:\windows\system32\drivers\bdfsfltr.sys
2011-07-17 02:32 . 2011-07-17 03:00 846312 ----a-w- c:\programdata\bdinstall.bin
2011-07-17 02:29 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2011-07-17 02:29 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe
2011-07-17 02:29 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi
2011-07-17 02:29 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe
2011-07-17 02:29 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2011-07-17 02:29 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2011-07-17 02:29 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-07-17 02:29 . 2010-11-20 13:27 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2011-07-17 02:29 . 2011-07-17 02:29 -------- d-----w- c:\program files (x86)\DeskPins
2011-07-17 02:28 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-17 02:28 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-17 02:28 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-17 02:28 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-07-17 02:26 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-07-17 02:26 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe
2011-07-17 02:20 . 2011-07-25 00:04 -------- d-----w- c:\programdata\ArcSoft
2011-07-17 02:20 . 2005-04-27 15:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2011-07-17 02:20 . 1995-07-31 12:44 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL
2011-07-17 02:20 . 2008-04-24 13:06 19968 ------w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2011-07-17 02:20 . 2008-09-04 16:06 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll
2011-07-17 02:20 . 2011-07-25 14:07 -------- d-----w- c:\program files (x86)\ArcSoft
2011-07-17 02:20 . 2011-07-17 02:20 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2011-07-17 01:09 . 2011-07-17 01:09 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-07-17 01:09 . 2011-07-17 11:00 -------- d-----w- c:\programdata\Microsoft Help
2011-07-17 01:09 . 2011-07-17 01:09 -------- d-----r- C:\MSOCache
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 23:33 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-17 23:33 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-16 18:47 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-03 05:57 . 2011-07-17 02:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-19 09:54 . 2011-05-19 09:54 507904 ----a-r- c:\windows\SysWow64\btwapi.dll
2010-07-08 09:37 . 2010-07-08 09:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ------w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40 120176 ------w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2010-08-10 71216]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]
"CPMonitor"="c:\program files (x86)\Roxio 2011\5.0\CPMonitor.exe" [2010-07-13 84464]
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-30 477680]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAUQBFAFoAVAAtAEIAUQBKAEcAMwAtAEUANgA0AEYAQQAtADkAMgBMADcASAAtADYARQBNAEIAUgA&inst=NwA2AC0AOAA4ADAANQA1ADkANwAwADMALQBEAEQAVAArADAALQBEADMAOAAxAEwAKwA1AC0ASQA5ADAAKwAxAC0AUABMACsAOQAtAE4AMQBEACsAMQA&prod=54&ver=9.0.872" [?]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DeskPins.lnk - c:\program files (x86)\DeskPins\DeskPins.exe [2004-5-2 62464]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *bddel.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-07-21 467248]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x]
S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-06-18 88144]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-06-18 98384]
S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-02 457200]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-07-14 32240]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-01-05 867712]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2010-08-10 50664]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 18:20]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 18:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:42 137584 ------w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2011-07-11 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-01-05 860040]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2010-08-10 76360]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2010-08-11 1971584]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z288z4im.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-MDX.CloudPin - c:\program files (x86)\Microsoft Digital Experience\Scripts\PinApps.vbs
AddRemove-d66d403f - c:\windows\system32\d66d403f.exe
AddRemove-VirtualDJ - c:\program files (x86)\VirtualDJ\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vaaur8rPygA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Completion time: 2011-07-31 00:25:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-30 23:25
.
Pre-Run: 371,748,478,976 bytes free
Post-Run: 372,696,604,672 bytes free
.
- - End Of File - - D73277BAF92AEA881768AC6F86B7C40E
 
C:\Windows\Temp\tmp000006c0\tmp000052dd Win32/Adware.RON.FSV application
C:\Windows\Temp\tmp000006c0\tmp000052e0 Win32/Adware.RON.FSV application
C:\Windows\Temp\tmp00004005\tmp00053e6f Win32/Adware.RON.FSV application
C:\Windows\Temp\tmp00004005\tmp00053e70 Win32/Adware.RON.FSV application
C:\Windows\Temp\tmp00004005\tmp00053e71 Win32/Adware.RON.FSV application
C:\Windows\Temp\tmp00004005\tmp00054d2c Win32/Adware.RON.FSV application
C:\Windows\Temp\tmp00004005\tmp00054d2d Win32/Adware.RON.FSV application
C:\Windows\Temp\tmp00004005\tmp00054d2e Win32/Adware.RON.FSV application
C:\Windows\Temp\tmp00004005\tmp00054d2f Win32/Adware.RON.FSV application
 
Reply #9:
Between 7/11 and 7/27, it looks like you put the whole system together! Why are there no System Restore points?
You have the Ask Toolbar all over the system. That usually comes from being prechecked on a download screen. Be sure to look for any preloads and uncheck them before you do the download.
Click to expand...
========================================
Multiple antivirtus programs. Please decide which you want to keep and remove the others:
2011-07-17 03:00 >- c:\program files\BitDefender)
2011-07-17 16:04 >- c:\program files (x86)\McAfee Security Scan
2011-07-17 00:14:35 >-C:\Program Files (x86)\AVG
==========================================
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files  
C:\Windows\Temp\tmp000006c0\tmp000052dd 
C:\Windows\Temp\tmp000006c0\tmp000052e0 
C:\Windows\Temp\tmp00004005\tmp00053e6f 
C:\Windows\Temp\tmp00004005\tmp00053e70 
C:\Windows\Temp\tmp00004005\tmp00053e71 
C:\Windows\Temp\tmp00004005\tmp00054d2c 
C:\Windows\Temp\tmp00004005\tmp00054d2d 
C:\Windows\Temp\tmp00004005\tmp00054d2e 
C:\Windows\Temp\tmp00004005\tmp00054d2f 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==================================
Combofix script will be in next reply.
 
After you have finished instructions in my previous reply:
Please run this Custom CFScript:Note: There are a lot of entries. Be sure you cooy everything in the code box before running the script.

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\windows\explorer.exe
c:\windows\SysWow64\explorer.exe
C:\Windows\SysWow64\ConduitEngine.tmp
Folder::
c:\windows\msdownld.tmp
c:\program files (x86)\Ask.com
c:\programdata\Dumps
c:\users\Guest
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\ConduitEngine
C:\Users\user\AppData\Local\Conduit
C:\Program Files (x86)\uTorrentBar
C:\Program Files (x86)\uTorrent
C:\Users\user\AppData\Roaming\uTorrent
C:\Users\user\AppData\Local\uTorrent
DDS::
uStart Page = about:blank
mStart Page = about:blank
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAUQBFAFoAVAAtAEIAUQBKAEcAMwAtAEUANgA0AEYAQQAtADkAMgB MADcASAAtADYARQBNAEIAUgA"&"inst=NwA2AC0AOAA4ADAANQA1ADkANwAwADMALQBEAEQAVAArADAALQBEADMAOAAxAEwAKwA1AC0ASQA5ADAAKwAxAC0AUABMACsAOQAtAE4AMQBEACsAMQA"&" prod=54"&"ver=9.0.872
BHO-X64: Browser Defender BHO - No File
BHO-X64: Search Helper - No File
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAUQBFAFoAVAAtAEIAUQBKAEcAMwAtAEUANgA0AEYAQQAtADkAMgB MADcASAAtADYARQBNAEIAUgA"&"inst=NwA2AC0AOAA4ADAANQA1ADkANwAwADMALQBEAEQAVAArADAALQBEADMAOAAxAEwAKwA1AC0ASQA5ADAAKwAxAC0AUABMACsAOQAtAE4AMQBEACsAMQA"&" prod=54"&"ver=9.0.872
DirLook::
c:\programdata\e9230000-51dd-4f99-eee6-47fb13627d99
RegLock::
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vaaur8rPygA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"

Registry::
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru nOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAUQBFAFoAVAAtAEIAUQBKAEcAMwAtAEUANgA0AEYAQQAtADkAMgB MADcASAAtADYARQBNAEIAUgA&inst=NwA2AC0AOAA4ADAANQA1ADkANwAwADMALQBEAEQAVAArADAALQBEADMAOAAxAEwAKwA1AC0ASQA5ADAAKwAxAC0AUABMACsAOQAtAE4AMQBEACsAMQA&prod =54&ver=9.0.872"
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
 
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3945164 bytes
->FireFox cache emptied: 8564763 bytes
->Flash cache emptied: 531 bytes

User: Kiosk
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 75 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 1045535 bytes
->Temporary Internet Files folder emptied: 82545767 bytes
->FireFox cache emptied: 48247508 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 1212465199 bytes

Total Files Cleaned = 1,294.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 08012011_123907

Files moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

What is a system restore point and how do i create one?
 
ComboFix 11-07-31.01 - user 01/08/2011 12:52:31.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5815.4121 [GMT 1:00]
Running from: c:\users\user\Documents\Malware Removal Stuff\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\explorer.exe"
"c:\windows\SysWow64\ConduitEngine.tmp"
"c:\windows\SysWow64\explorer.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_8b7c.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngin.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\ldrConduitEngin.dll
c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
c:\program files (x86)\ConduitEngine\toolbar.cfg
c:\program files (x86)\uTorrent
c:\program files (x86)\uTorrent\uTorrent.exe
c:\program files (x86)\uTorrentBar
c:\program files (x86)\uTorrentBar\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\ldrtbuTor.dll
c:\program files (x86)\uTorrentBar\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\prxtbuTor.dll
c:\program files (x86)\uTorrentBar\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\tbuTor.dll
c:\program files (x86)\uTorrentBar\toolbar.cfg
c:\program files (x86)\uTorrentBar\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentBar\uninstall.exe
c:\program files (x86)\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\programdata\Dumps
c:\users\user\AppData\Local\Conduit
c:\users\user\AppData\Local\Conduit\CT2786678\uTorrentBarAutoUpdateHelper.exe
c:\users\user\AppData\Local\uTorrent
c:\users\user\AppData\Roaming\uTorrent
c:\users\user\AppData\Roaming\uTorrent\(PSP) 50 Cent - Bulletproof G-Unit Edition [ResourceRG Games by KloWn].torrent
c:\users\user\AppData\Roaming\uTorrent\(PSP) Megaman - Powered Up [ResourceRG Games by KloWn].torrent
c:\users\user\AppData\Roaming\uTorrent\(PSP) Mortal Kombat - Unchained [ResourceRG Games by KloWn].torrent
c:\users\user\AppData\Roaming\uTorrent\(PSP) Scarface - Money,Power,Respect [ResourceRG Games by KloWn].torrent
c:\users\user\AppData\Roaming\uTorrent\(PSP) Space Invaders Evolution [ResourceRg Games by KloWn].torrent
c:\users\user\AppData\Roaming\uTorrent\(PSX-PSP) Capcom vs. SNK - Millennium Fight 2000 Pro converted properly [ResourceRG Games by KloWn].torrent
c:\users\user\AppData\Roaming\uTorrent\(PSX-PSP) Legacy Of Kain-Soul Reaver converted properly [ResourceRG Games by KloWn].torrent
c:\users\user\AppData\Roaming\uTorrent\(PSX-PSP) Oddworld 1 & 2 converted properly [ResourceRG Games by KloWn].torrent
c:\users\user\AppData\Roaming\uTorrent\(PSX-PSP) Pandemonium! 1 & 2 converted properly [ResourceRG Games by KloWn].torrent
c:\users\user\AppData\Roaming\uTorrent\(PSX-PSP) R-Type Delta converted properly [ResourceRG Games by KloWn].torrent
c:\users\user\AppData\Roaming\uTorrent\(PSX-PSP) Tekken 3 converted properly [ResourceRG Games by KloWn].torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.TorrentDay.com ] - Penn.And.Teller.Fool.Us.S01E08.HDTV.XviD-ANGELiC.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.Torrentday.com ] - The.Family.Crews.S02E01.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.TorrentDay.com ] - The.Family.Crews.S02E03.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.TorrentDay.com ] - The.Family.Crews.S02E04.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.TorrentDay.com ] - The.Family.Crews.S02E05.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.TorrentDay.com ] - The.Family.Crews.S02E06.HDTV.XviD-CRiMSON.1.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.TorrentDay.com ] - The.Family.Crews.S02E06.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.TorrentDay.com ] - The.Family.Crews.S02E07.HDTV.XviD-CRiMSON.1.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.TorrentDay.com ] - The.Family.Crews.S02E07.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.TorrentDay.com ] - The.Family.Crews.S02E08.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.TorrentDay.com ] - The.Family.Crews.S02E09.HDTV.XviD-CRiMSON.1.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.TorrentDay.com ] - The.Family.Crews.S02E09.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.TorrentDay.com ] - The.Family.Crews.S02E10.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.TorrentDay.com ] - The.Family.Crews.S02E11.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\[ www.Torrenting.com ] - The.Family.Crews.S02E02.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\[PSP].Fifa.Street.2.[EUR].-.[www.ESPALPSP.com].rar.torrent
c:\users\user\AppData\Roaming\uTorrent\[PSP]Chili.con.Carnage.[EUR][FULL].-.[ESPALPSP.com].rar.torrent
c:\users\user\AppData\Roaming\uTorrent\[PSP]Dark Mirror.torrent
c:\users\user\AppData\Roaming\uTorrent\[PSP]The Warriors[Multi 5] TANKATORRENTS-com.torrent
c:\users\user\AppData\Roaming\uTorrent\[PSX-PSP]Medievil[EUR][ESPALPSP.com].rar.torrent
c:\users\user\AppData\Roaming\uTorrent\{ www.SceneTime.com } - The.Family.Crews.S02E04.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\{ www.SceneTime.com } - The.Family.Crews.S02E05.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\Aarakshan [2011-MP3-VBR-320Kbps] - xDR.torrent
c:\users\user\AppData\Roaming\uTorrent\Amy Winehouse - Back To Black (Deluxe Edition).torrent
c:\users\user\AppData\Roaming\uTorrent\Amy Winehouse - Back To Black[Deluxe Edition][www.lokotorrents.com][mp3].torrent
c:\users\user\AppData\Roaming\uTorrent\apps\3609FC884502A1DF0AA5D9D160C827BB1BD51FC9.btapp
c:\users\user\AppData\Roaming\uTorrent\apps\4585805A0BEAAAA6F570825EB241201C227B5E09.btapp
c:\users\user\AppData\Roaming\uTorrent\arcsoft-webcam-companion-4.0.exe.torrent
c:\users\user\AppData\Roaming\uTorrent\ArcSoft WebCam Companion 2.0 & Magic-i Visual Effects 2.0.torrent
c:\users\user\AppData\Roaming\uTorrent\Atomix Virtual DJ Pro V7.02 {Precracked} + Addons {blaze69}.torrent
c:\users\user\AppData\Roaming\uTorrent\AVG Anti-Virus Professional 9.0 Build 663a1706 + Keygen [RH].torrent
c:\users\user\AppData\Roaming\uTorrent\avira-antivir-personal-free-antivirus-10.0.0.635.exe.torrent
c:\users\user\AppData\Roaming\uTorrent\AVIRA Antivir 2011 V.10.0.0.641 WITH key.torrent
c:\users\user\AppData\Roaming\uTorrent\Avira Antivirus Premuim 10 + Key to 2012.torrent
c:\users\user\AppData\Roaming\uTorrent\Big Bass Anthems 2011VBR MP3 BLOWA TLS.torrent
c:\users\user\AppData\Roaming\uTorrent\BitDefender 2011 All Products + Trial Reset till 2045 [RH].torrent
c:\users\user\AppData\Roaming\uTorrent\BitDefender Total Security 2011 x86 x64 - TESTiNG.torrent
c:\users\user\AppData\Roaming\uTorrent\BURNOUT LEGENDS.cso.torrent
c:\users\user\AppData\Roaming\uTorrent\CyberLink YouCam Deluxe 4.0.913.12934 Incl Serial Key.torrent
c:\users\user\AppData\Roaming\uTorrent\dht.dat
c:\users\user\AppData\Roaming\uTorrent\dht.dat.old
c:\users\user\AppData\Roaming\uTorrent\DJ Badboy & Danny B Present-The Mid-Season Vibez [2011-MP3-320Kbps] ~M2Tv~.torrent
c:\users\user\AppData\Roaming\uTorrent\DJ Mystery & Y.G.C.-The Game Classic Collabos-(Bootleg)-2009-MIXFIEND.torrent
c:\users\user\AppData\Roaming\uTorrent\Dj Zunils.torrent
c:\users\user\AppData\Roaming\uTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1
c:\users\user\AppData\Roaming\uTorrent\dlimagecache\2D78C93EC367E6C1D9894103FA04B3BE5B20A84E
c:\users\user\AppData\Roaming\uTorrent\dlimagecache\BBEEC0395D21A2A7F91889D7C7509F3D5D46FC05
c:\users\user\AppData\Roaming\uTorrent\Dragon Balls.rar.torrent
c:\users\user\AppData\Roaming\uTorrent\Everybody On Dance Floor 12 [2011-MP3-VBR] - [DJLUV].torrent
c:\users\user\AppData\Roaming\uTorrent\Family Guy [MULTI5][WwW.GamesTorrents.CoM].torrent
c:\users\user\AppData\Roaming\uTorrent\Futurama.S06E18.HDTV.XviD-ASAP.avi.torrent
c:\users\user\AppData\Roaming\uTorrent\Futurama.S06E19.HDTV.XviD-ASAP.avi.torrent
c:\users\user\AppData\Roaming\uTorrent\Futurama.S06E20.All.the.Presidents.Heads.HDTV.XviD-FQM.avi.torrent
c:\users\user\AppData\Roaming\uTorrent\Harry Potter and the Deathly Hallows Part 1[2010]DVDRip XviD-ExtraTorrentRG.torrent
c:\users\user\AppData\Roaming\uTorrent\ie\ie.1310840575.tmp
c:\users\user\AppData\Roaming\uTorrent\ie\ie.1311300188.tmp
c:\users\user\AppData\Roaming\uTorrent\ie\ie.1311300194.tmp
c:\users\user\AppData\Roaming\uTorrent\Jim Jones (The Diplomats Present) - On My Way To Church (RETAIL) 2004-C4.torrent
c:\users\user\AppData\Roaming\uTorrent\Lumines II (PSP).torrent
c:\users\user\AppData\Roaming\uTorrent\M.O.S. Anthems - Hip Hop 2011.torrent
c:\users\user\AppData\Roaming\uTorrent\Magic ISO Maker 5.5.rar.torrent
c:\users\user\AppData\Roaming\uTorrent\MalwareBytes Anti Malware v1.51.0.1200 with Serial.torrent
c:\users\user\AppData\Roaming\uTorrent\Man.vs.Wild.S07E01.Men.vs.Wild.with.Jake.Gyllenhaal.HDTV.XviD-MOMENTUM.avi.torrent
c:\users\user\AppData\Roaming\uTorrent\Man.vs.Wild.S07E02.New.Zealand.South.Island.HDTV.XviD-MOMENTUM.avi.torrent
c:\users\user\AppData\Roaming\uTorrent\Mario_Forever_Advance.exe.torrent
c:\users\user\AppData\Roaming\uTorrent\Medievil Resurrection [PSP ~ Multi5].rar.torrent
c:\users\user\AppData\Roaming\uTorrent\Microsoft Office 2010.torrent
c:\users\user\AppData\Roaming\uTorrent\Need.For.Speed.Undercover.EUR.PSP-GLoBAL.torrent
c:\users\user\AppData\Roaming\uTorrent\Now 79 - 2CDs.2011[www.lokotorrents.com][mp3].torrent
c:\users\user\AppData\Roaming\uTorrent\NOW That's What I Call Music Vol. 79.torrent
c:\users\user\AppData\Roaming\uTorrent\Pokemon Emerald (U).gba.torrent
c:\users\user\AppData\Roaming\uTorrent\PowerISO v4.7 + Serials [ChattChitto RG].torrent
c:\users\user\AppData\Roaming\uTorrent\PSP - Def Jam Fight For New York The Take Over - ENG.ISO.torrent
c:\users\user\AppData\Roaming\uTorrent\PSP - Exit [USA] [www.GamesTorrents.com].torrent
c:\users\user\AppData\Roaming\uTorrent\PSP - Family Guy.cso.torrent
c:\users\user\AppData\Roaming\uTorrent\PSP - The Godfather Mob Wars [English] [WwW.GamesTorrents.CoM].torrent
c:\users\user\AppData\Roaming\uTorrent\PSP 145 Iso Games.1.torrent
c:\users\user\AppData\Roaming\uTorrent\PSP 145 Iso Games.torrent
c:\users\user\AppData\Roaming\uTorrent\PSP.Game.MegamanMaverickHunterX.English.ISO408MB.ByCombateMortal.rar.torrent
c:\users\user\AppData\Roaming\uTorrent\PSP.PSX_Game.MegaManX6.English.Eboot.305MB.torrent
c:\users\user\AppData\Roaming\uTorrent\ratchet_and_clank_size_matters.cso.torrent
c:\users\user\AppData\Roaming\uTorrent\resume.dat
c:\users\user\AppData\Roaming\uTorrent\resume.dat.old
c:\users\user\AppData\Roaming\uTorrent\Roll Deep.torrent
c:\users\user\AppData\Roaming\uTorrent\ROXIO 2011.torrent
c:\users\user\AppData\Roaming\uTorrent\rss.dat
c:\users\user\AppData\Roaming\uTorrent\rss.dat.old
c:\users\user\AppData\Roaming\uTorrent\settings.dat
c:\users\user\AppData\Roaming\uTorrent\settings.dat.old
c:\users\user\AppData\Roaming\uTorrent\Spyware Doctor v7.0.0.545 + New-Serial -TrT.torrent
c:\users\user\AppData\Roaming\uTorrent\SpyZooka.v2.5.9.6.Cracked-F4CG.torrent
c:\users\user\AppData\Roaming\uTorrent\The.Family.Crews.S01E01.DSR.XviD-CRiMSON - [ www.torrentday.com ].torrent
c:\users\user\AppData\Roaming\uTorrent\The.Family.Crews.S01E02.DSR.XviD-CRiMSON - [ www.torrentday.com ].torrent
c:\users\user\AppData\Roaming\uTorrent\The.Family.Crews.S01E03.DSR.XviD-CRiMSON - [ www.torrentday.com ].torrent
c:\users\user\AppData\Roaming\uTorrent\The.Family.Crews.S01E04.DSR.XviD-CRiMSON - [ www.torrentday.com ].1.torrent
c:\users\user\AppData\Roaming\uTorrent\The.Family.Crews.S01E04.DSR.XviD-CRiMSON - [ www.torrentday.com ].torrent
c:\users\user\AppData\Roaming\uTorrent\The.Family.Crews.S01E06.DSR.XviD-DVSKY.torrent
c:\users\user\AppData\Roaming\uTorrent\The.Family.Crews.S01E07.DSR.XviD-CRiMSON - [ www.torrentday.com ].torrent
c:\users\user\AppData\Roaming\uTorrent\The.Family.Crews.S01E08.DSR.XviD-CRiMSON - [ www.torrentday.com ].torrent
c:\users\user\AppData\Roaming\uTorrent\The.Family.Crews.S01E09.DSR.XviD-CRiMSON - [ www.torrentday.com ].torrent
c:\users\user\AppData\Roaming\uTorrent\The.Family.Crews.S01E10.DSR.XviD-CRiMSON - [ www.torrentday.com ].torrent
c:\users\user\AppData\Roaming\uTorrent\The.Family.Crews.S02E06.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\The.Family.Crews.S02E11.HDTV.XviD-CRiMSON.torrent
c:\users\user\AppData\Roaming\uTorrent\TonyHawksUnderground2Remix.zip.torrent
c:\users\user\AppData\Roaming\uTorrent\Top.Gear.17x05.HDTV.XviD-FoV.avi.torrent
c:\users\user\AppData\Roaming\uTorrent\utorrent.lng
c:\users\user\AppData\Roaming\uTorrent\V.A. - Addicted To Bass 2011 (3CD) (2011) DutchReleaseTeam.torrent
c:\users\user\AppData\Roaming\uTorrent\Va Ministry Of Sound Runnign Trax 3 (split tracks)1.torrent
c:\users\user\AppData\Roaming\uTorrent\Various DJ Mixes - April 2011 - [2 C D Pack] - Dj Rajiv.torrent
c:\users\user\AppData\Roaming\uTorrent\Various DJ Mixes - July 2011 - Dj Rajiv.torrent
c:\users\user\AppData\Roaming\uTorrent\WebCamMax 7.1.7.6 MultiLanguage Software + Crack.torrent
c:\users\user\AppData\Roaming\uTorrent\WinRAR 3.93 Final 32Bit And 64Bit Full {blaze69}.torrent
c:\users\user\AppData\Roaming\uTorrent\Zelda - the Minish Cap.GBA.torrent
.
.
((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))
.
.
2011-08-01 11:57 . 2011-08-01 11:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-01 11:39 . 2011-08-01 11:39 -------- d-----w- C:\_OTM
2011-07-30 23:31 . 2011-07-30 23:31 -------- d-----w- c:\program files (x86)\ESET
2011-07-29 01:23 . 2011-07-29 01:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-07-29 01:23 . 2011-07-29 01:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-07-29 01:23 . 2011-07-29 01:23 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-07-28 12:22 . 2011-07-31 01:07 -------- d-----w- c:\programdata\Avira
2011-07-27 02:00 . 2011-07-27 02:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-27 01:35 . 2011-07-27 01:35 -------- d-----w- c:\programdata\Uninstall
2011-07-27 01:31 . 2011-07-27 01:31 -------- d-----w- c:\program files\Roxio
2011-07-27 01:16 . 2011-07-27 01:16 -------- d-----w- c:\program files (x86)\PowerISO
2011-07-27 01:16 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-07-25 00:39 . 2011-07-25 00:39 -------- d-----w- C:\FIND_MOZ_EXT
2011-07-25 00:38 . 2011-07-25 18:32 -------- d-----w- c:\programdata\WebcamMax
2011-07-25 00:37 . 2011-07-25 00:42 -------- d-----w- c:\program files (x86)\WebcamMax
2011-07-25 00:09 . 2011-07-25 00:09 66048 --sha-r- c:\windows\SysWow64\wpdshextl.dll
2011-07-24 01:07 . 2011-07-24 01:07 -------- d-----w- c:\program files (x86)\Winamp Detect
2011-07-24 01:06 . 2011-07-27 01:35 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-07-24 01:06 . 2011-07-24 01:08 -------- d-----w- c:\program files (x86)\Winamp
2011-07-21 18:19 . 2009-01-09 14:02 31744 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2011-07-21 18:19 . 2011-07-21 18:19 -------- d-----w- c:\programdata\Research In Motion
2011-07-21 18:19 . 2011-07-21 18:19 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2011-07-21 18:19 . 2011-07-21 18:19 -------- d-----w- c:\program files (x86)\Research In Motion
2011-07-21 10:53 . 2011-07-21 10:53 -------- d-----w- c:\program files (x86)\Mp3tag
2011-07-19 17:18 . 2011-07-19 17:18 -------- d-----w- c:\program files (x86)\softendo.com
2011-07-18 23:05 . 2011-07-18 23:05 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-07-18 23:05 . 2011-07-18 23:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-07-18 23:05 . 2011-07-18 23:05 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-17 23:27 . 2011-07-17 23:29 -------- d-----w- c:\program files (x86)\VirtualDJ
2011-07-17 23:23 . 2011-07-17 23:23 -------- d-----w- c:\windows\system32\SPReview
2011-07-17 22:58 . 2011-07-17 22:58 -------- d-----w- c:\windows\system32\EventProviders
2011-07-17 19:34 . 2011-07-17 19:34 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-07-17 19:32 . 2011-07-17 19:34 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-17 19:31 . 2011-07-17 19:31 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-07-17 19:14 . 2010-10-21 08:38 749936 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2011-07-17 19:14 . 2010-10-21 08:38 642928 ----a-w- c:\windows\SysWow64\Pen_Touch_Tablet.dll
2011-07-17 19:13 . 2011-07-17 19:14 -------- d-----w- c:\program files (x86)\TabletPlugins
2011-07-17 19:13 . 2010-10-05 12:26 18288 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-07-17 19:13 . 2010-10-05 12:26 12848 ------w- c:\windows\system32\drivers\wacommousefilter.sys
2011-07-17 19:13 . 2010-10-05 12:26 16168 ------w- c:\windows\system32\drivers\wacomvhid.sys
2011-07-17 19:13 . 2010-10-21 08:38 756592 ------w- c:\windows\system32\Pen_Tablet.dll
2011-07-17 19:13 . 2010-10-21 08:38 600432 ----a-w- c:\windows\system32\Wintab32.dll
2011-07-17 19:13 . 2010-10-21 08:38 506736 ----a-w- c:\windows\SysWow64\Wintab32.dll
2011-07-17 19:13 . 2010-10-21 08:38 650096 ----a-w- c:\windows\SysWow64\Pen_Tablet.dll
2011-07-17 19:13 . 2011-07-17 19:14 -------- d-----w- c:\program files\Tablet
2011-07-17 17:10 . 2011-07-17 17:11 -------- d-----w- c:\users\Guest
2011-07-17 16:41 . 2010-11-20 13:27 1900544 ----a-w- c:\windows\system32\setupapi.dll
2011-07-17 16:40 . 2010-11-20 13:27 303104 ----a-w- c:\program files\DVD Maker\WMM2CLIP.dll
2011-07-17 16:39 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-07-17 16:39 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-07-17 16:37 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-17 16:37 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-07-17 16:37 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-07-17 16:37 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-07-17 16:37 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-07-17 16:36 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-07-17 16:36 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-07-17 13:04 . 2011-07-17 13:04 -------- d-----w- c:\windows\SysWow64\Wat
2011-07-17 13:04 . 2011-07-17 13:04 -------- d-----w- c:\windows\system32\Wat
2011-07-17 10:53 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-07-17 03:05 . 2011-07-17 03:05 -------- d-----w- c:\programdata\bdch
2011-07-17 03:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-07-17 03:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-07-17 03:05 . 2011-02-25 06:19 2871808 ------w- c:\windows\explorer.exe
2011-07-17 03:05 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-07-17 03:05 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-07-17 03:05 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-07-17 03:05 . 2010-12-23 10:42 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-07-17 03:05 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-07-17 03:05 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-07-17 03:05 . 2010-12-23 05:54 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-07-17 02:58 . 2011-07-17 03:00 -------- d-----w- c:\program files\BitDefender
2011-07-17 02:56 . 2011-07-17 02:56 -------- d-----w- c:\programdata\e9230000-51dd-4f99-eee6-47fb13627d99
2011-07-17 02:54 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-07-17 02:54 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-07-17 02:54 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-07-17 02:52 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-07-17 02:52 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-07-17 02:52 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-17 02:52 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-07-17 02:52 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-07-17 02:52 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-07-17 02:52 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-07-17 02:52 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-07-17 02:52 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-07-17 02:52 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-07-17 02:52 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-07-17 02:40 . 2011-07-17 02:40 -------- d-----w- c:\programdata\45010000-ca18-485b-2f93-17ad8dc44da5
2011-07-17 02:32 . 2011-07-17 02:59 -------- d-----w- c:\programdata\BitDefender
2011-07-17 02:32 . 2011-07-17 02:58 -------- d-----w- c:\program files\Common Files\BitDefender
2011-07-17 02:32 . 2010-07-09 14:08 388168 ------w- c:\windows\system32\drivers\bdfsfltr.sys
2011-07-17 02:32 . 2011-07-17 03:00 846312 ----a-w- c:\programdata\bdinstall.bin
2011-07-17 02:29 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2011-07-17 02:29 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe
2011-07-17 02:29 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi
2011-07-17 02:29 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe
2011-07-17 02:29 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2011-07-17 02:29 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2011-07-17 02:29 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-07-17 02:29 . 2010-11-20 13:27 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2011-07-17 02:29 . 2011-07-17 02:29 -------- d-----w- c:\program files (x86)\DeskPins
2011-07-17 02:28 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-17 02:28 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-17 02:28 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-17 02:28 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-07-17 02:26 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-07-17 02:26 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe
2011-07-17 02:20 . 2011-07-25 00:04 -------- d-----w- c:\programdata\ArcSoft
2011-07-17 02:20 . 2005-04-27 15:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2011-07-17 02:20 . 1995-07-31 12:44 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL
2011-07-17 02:20 . 2008-04-24 13:06 19968 ------w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2011-07-17 02:20 . 2008-09-04 16:06 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll
2011-07-17 02:20 . 2011-07-25 14:07 -------- d-----w- c:\program files (x86)\ArcSoft
2011-07-17 02:20 . 2011-07-17 02:20 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2011-07-17 01:09 . 2011-07-17 01:09 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-07-17 01:09 . 2011-07-17 11:00 -------- d-----w- c:\programdata\Microsoft Help
2011-07-17 01:09 . 2011-07-17 01:09 -------- d-----r- C:\MSOCache
2011-07-17 00:45 . 2011-07-17 17:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-17 00:45 . 2011-07-17 00:45 -------- d-----w- c:\windows\system32\Macromed
2011-07-17 00:26 . 2011-07-17 00:26 -------- d-----w- c:\program files\SystemRequirementsLab
2011-07-16 23:30 . 2011-06-20 07:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B65C523C-D3DD-44AE-9700-DB3A7C65BDDA}\mpengine.dll
2011-07-16 23:30 . 2011-05-24 18:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-07-16 18:49 . 2011-07-06 18:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-16 18:49 . 2011-07-16 18:49 -------- d-----w- c:\programdata\Malwarebytes
2011-07-16 18:49 . 2011-07-16 18:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 23:33 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-17 23:33 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-16 18:47 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-03 05:57 . 2011-07-17 02:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-19 09:54 . 2011-05-19 09:54 507904 ----a-r- c:\windows\SysWow64\btwapi.dll
2010-07-08 09:37 . 2010-07-08 09:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\e9230000-51dd-4f99-eee6-47fb13627d99 ----
.
2011-07-17 02:56 . 2011-07-17 02:56 3313 ----a-w- c:\programdata\e9230000-51dd-4f99-eee6-47fb13627d99\1310870917_1_01.xml
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-30_23.19.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-08-01 11:42 37904 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-07-17 19:22 . 2011-07-30 22:11 61063 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2011-07-17 19:22 . 2011-08-01 11:58 61063 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2011-07-16 18:13 . 2011-08-01 11:42 8374 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3050388347-3726198533-3878670028-1000_UserData.bin
- 2011-07-30 23:18 . 2011-07-30 23:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-01 11:57 . 2011-08-01 11:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-30 23:18 . 2011-07-30 23:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-01 11:57 . 2011-08-01 11:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-16 11:09 . 2011-08-01 02:09 241548 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-07-30 18:54 628460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-01 02:11 628460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-01 02:11 110612 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-07-30 18:54 110612 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-07-30 23:17 504788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-01 11:57 504788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-16 16:37 . 2011-08-01 11:39 2972296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-07-16 16:37 . 2011-07-28 00:21 2972296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-17 02:09 . 2011-08-01 11:57 1329068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3050388347-3726198533-3878670028-1000-8192.dat
- 2011-07-17 02:09 . 2011-07-30 23:17 1329068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3050388347-3726198533-3878670028-1000-8192.dat
- 2011-07-17 19:20 . 2011-07-28 15:56 1359196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3050388347-3726198533-3878670028-1000-12288.dat
+ 2011-07-17 19:20 . 2011-08-01 02:49 1359196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3050388347-3726198533-3878670028-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40 120176 ------w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2010-08-10 71216]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]
"CPMonitor"="c:\program files (x86)\Roxio 2011\5.0\CPMonitor.exe" [2010-07-13 84464]
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-30 477680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAUQBFAFoAVAAtAEIAUQBKAEcAMwAtAEUANgA0AEYAQQAtADkAMgBMADcASAAtADYARQBNAEIAUgA&inst=NwA2AC0AOAA4ADAANQA1ADkANwAwADMALQBEAEQAVAArADAALQBEADMAOAAxAEwAKwA1AC0ASQA5ADAAKwAxAC0AUABMACsAOQAtAE4AMQBEACsAMQA&prod=54&ver=9.0.872" [?]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DeskPins.lnk - c:\program files (x86)\DeskPins\DeskPins.exe [2004-5-2 62464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *bddel.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 136176]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-07-21 467248]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x]
S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-06-18 88144]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-06-18 98384]
S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-02 457200]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-07-14 32240]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-01-05 867712]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2010-08-10 50664]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 18:20]
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 18:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:42 137584 ------w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2011-07-11 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-01-05 860040]
"MDX.CloudPin"="c:\program files (x86)\Microsoft Digital Experience\Scripts\PinApps.vbs" [BU]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2010-08-10 76360]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2010-08-11 1971584]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z288z4im.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
AddRemove-uTorrentBar Toolbar - c:\program files (x86)\uTorrentBar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Completion time: 2011-08-01 13:04:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-01 12:04
ComboFix2.txt 2011-07-30 23:25
.
Pre-Run: 374,291,054,592 bytes free
Post-Run: 374,220,083,200 bytes free
.
- - End Of File - - 536A3F8D673B92CCE7E6724EC1DF2BFB
 
What is a system restore point and how do i create one?
Click to expand...

System Restore allows for the rolling back of system files, registry keys, installed programs, etc.,to a previous state in the event of system malfunction or failure. The restore point is an image of the system for a particular date and time.

Window 7 (and Vista) is based on a technology called Shadow Copy. or Volume Snapshot Service (VSS allows a snapshot of NTFS file system on local or removable volume by any Windows component using VSS.

What a System Restore Point can mean to you:
1. You do an update- Windows or others, but it conflicts with something on the system and causes problems. Setting a restore point before you do the update or download will allow you to return the system to the point it was before the update or download.
2. You get a malware infection. It so corrupts the system that you cannot boot into it normally. If there is a restore point available, you can boot into Safe Mode, access System Restore to get into the system. This is why we don't disable System Restore at the beginning of cleaning.
=========================================
System Restore Win 7
  • Click on Start> Right click on Computer> Properties
  • Click on System Protection link
    System Protection Screen​
    1046d1227678053-system-restore-point-create-system_properties.jpg
  • Close the System Window
  • Check to make sure System Protection is turned for the drive you want to set- this will usually be Local Drive(C)
  • Click on Create
  • Type name for restore point like 'Before program download'
    Naming​
    1047d1227678060-system-restore-point-create-name.jpg
  • Click on Create again.
  • Click on Close when you get the 'restore point created successfully.
Images courtesy Shawn,sevenforums
 
You're welcome. I thought it might be helpful to know how to do something that may save your a......system some day!

Yes, I looked at the logs. Please remove all of the pirated programs and download if you want me to continue support. If you do, run the following after the removals:

Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
    in your next reply.
--------------------------------------------
As long as you pirate programs, apps, download, you're going to get malware. As long as you use file sharing, you are going to get malware. As long as you do, you will always be seconds away from another hijack.
=============================================
I queried you about the multiple antivirus programs running. You didn't acknowledge it.
=============================================
Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
    [o] Click START> then RUN
    [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
    [o] Double click OTCleanIt.exe.
    [o] Click the CleanUp! button.
    [o] If you are prompted to Reboot during the cleanup, select Yes.
    [o]The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  • Set a new, clean Restore Point
    [o] Click on Start> right click on Computer> Properties
    [o] Select System Protection
    [o] Click on the Create button (near bottom)
    [o] Type a name for the Restore Point
    [o] Click on Create again to save the restore point.
  • Deleting all but the most recent System Protection point in Windows 7
    [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
    [o] Click Disk Cleanup from there.
    image2.png

    [o] Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
    [o] Click the More Options tab
    w7-srp2.png

    [o] Click the Clean up under System Restore and Shadow Copies.
    [o] Click OK.
    [o] You will get a confirmation screen> Just click Delete.
    [o] Click OK on the Disk Cleanup Screen.
    [o] Click Delete Files on the Confirmation screen.
image6.png

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
 
Im looking to uninstall AVG etc. However when i go to control panel i cant find it under the 'uninstall a progrm' list. To my knowledge all that is running is Bitdefender i think :s. I've uninstalled utorrent and deleted all the downloads.
Is this the last step by the way?
 
Did you remove the pirated programs? Did you run the CK program? Log?

Remove AVG: Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.
=============================
If that doesn't work, try this:
AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc.
Note:
  • AVG user settings will be removed.
  • Virus Vault contents will be removed.
  • All other items related to AVG installation and use will be removed.
  • You will be asked during the removal procedure to restart your computer. Please do so.
  • Make sure there is no open work in process prior toto launching AVG Remover.
Use the appropriate download for your system for the AVG Remover: AVG Remover:32bit
AVG Remover:64 bit
=======================================
Is this the last step by the way?
Click to expand...
Yes, if you don't remove the pirated programs. It's useless to continue removing bad entries out the front door when more are getting in via piracy and file sharing. If you choose not to: >>>
Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
    [o] Click START> then RUN
    [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
    [o] Double click OTCleanIt.exe.
    [o] Click the CleanUp! button.
    [o] If you are prompted to Reboot during the cleanup, select Yes.
    [o]The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  • Set a new, clean Restore Point
    [o] Click on Start> right click on Computer> Properties
    [o] Select System Protection
    [o] Click on the Create button (near bottom)
    [o] Type a name for the Restore Point
    [o] Click on Create again to save the restore point.
  • Deleting all but the most recent System Protection point in Windows 7
    [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
    [o] Click Disk Cleanup from there.
    image2.png

    [o] Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
    [o] Click the More Options tab
    w7-srp2.png

    [o] Click the Clean up under System Restore and Shadow Copies.
    [o] Click OK.
    [o] You will get a confirmation screen> Just click Delete.
    [o] Click OK on the Disk Cleanup Screen.
    [o] Click Delete Files on the Confirmation screen.
image6.png

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
Bitwarden's password manager browser extension has a known exploit it hasn't addressed...
Replies
16
Views
902
anastrophe
anastrophe
midian182
Brain implants powered by AI help paralyzed man feel and move again
Replies
2
Views
412
RudyBob
RudyBob
Cal Jeffrey
Someone created a video game with nothing but AI tools ChatGPT, Dall-E, and Midjourney
Replies
15
Views
546
havok585
havok585

Latest posts

Back