Solved Search/Firefox redirection virus

Status
Not open for further replies.

Vesp08

Posts: 8   +0
Hello, recently it seems i've gotten the so-called "goggle search virus," in which my searchs via yahoo and/or bing, have been redirected to random websites along with those same random websites occasionally showing up without a search redirect, I have followed the 8 steps preliminary removal and have all logs except gmer to include; this is due to running 64 bit version of windows vista and not being able to produce a log with that program.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6161

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/24/2011 7:04:19 PM
mbam-log-2011-03-24 (19-04-19).txt

Scan type: Quick scan
Objects scanned: 167738
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 9

Memory Processes Infected:
c:\Windows\SysWOW64\htui32.exe (Trojan.Tracur.S) -> 2884 -> Unloaded process successfully.
c:\programdata\kbdintel32.exe (Trojan.Tracur.S) -> 2984 -> Unloaded process successfully.
c:\Users\Brad\AppData\Roaming\SysWin\lsass.exe (Trojan.Tracur.S) -> 4876 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinRM32 (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDBPL (Trojan.Tracur.S) -> Value: RTHDBPL -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\378194794 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\Users\Brad\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\SysWOW64\htui32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\programdata\kbdintel32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Users\Brad\AppData\Roaming\SysWin\lsass.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\System32\htui32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\System32\kbdintel32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\System32\KBDIR32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\kbdintel32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\KBDIR32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\SysWin\lsass.exe (Worm.Prolaco) -> Quarantined and deleted successfully.

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Brad at 10:28:21.02 on Fri 03/25/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1655 [GMT -4:00]
.
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Windows\Explorer.EXE
C:\Windows\MHotKey.exe
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe
C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\RAVCpl64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\ModLedKey.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\BitDefender\BitDefender 2011\downloader.exe
C:\Users\Brad\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit=userinit.exe,
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\Program Files (x86)\BearShareTb\BearShareDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\Program Files (x86)\BearShareTb\BearShareDx.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [PlayNC Launcher]
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Spyware Doctor with AntiVirus] C:\Users\Brad\Desktop\sdasetup.exe -min
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [eRecoveryService]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
dRunOnce: [StartMSu] "C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe" /s
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTC~1.LNK - C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTL~1.LNK - C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: BitDefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
mRun-x64: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"
mRun-x64: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - component: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\components\bdaphff3.6.dll
FF - component: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\components\bdaphff3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: SimilarWeb: FirefoxAddon@similarWeb.com - %profile%\extensions\FirefoxAddon@similarWeb.com
FF - Ext: Smart Bookmarks Bar: smartbookmarksbar@remy.juteau - %profile%\extensions\smartbookmarksbar@remy.juteau
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: BitDefender Antiphishing Toolbar: FFToolbar@bitdefender.com - C:\Program Files\BitDefender\BitDefender 2011\bdaphffext
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2010-8-20 88144]
R1 Bdvedisk;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2010-1-19 103944]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-11 202752]
R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-10-30 24576]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2010-12-6 53224]
R3 BDFM;BDFM;C:\Windows\System32\drivers\bdfm.sys [2010-5-13 162896]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2008-9-30 316544]
R3 gwfilt64;gwfilt64;C:\Windows\System32\drivers\gwfilt64.sys [2008-1-9 28160]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RTS5121.sys [2008-10-30 204288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-2-8 79360]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-1-9 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-1-9 79360]
S3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [2009-2-8 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 DFU;DFU;C:\Windows\System32\drivers\MassDfu.sys [2009-2-8 14592]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2009-2-8 28160]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-10-11 467248]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2010-6-28 692816]
S4 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2010-6-28 1040976]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-9 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-03-25 05:14:27 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2011-03-25 05:14:26 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-03-25 05:14:26 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-03-25 05:14:26 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-03-25 05:14:26 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-03-24 22:57:01 -------- d-----w- C:\Users\Brad\AppData\Roaming\Malwarebytes
2011-03-24 22:56:54 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-24 22:56:54 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-24 22:56:51 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-24 22:56:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-24 21:56:28 -------- d-----w- C:\PROGRA~3\PC Tools
2011-03-23 23:18:13 2425344 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-23 23:18:13 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-23 23:18:12 731136 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-23 23:18:12 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-23 23:17:15 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-23 23:17:14 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-23 23:17:14 416768 ----a-w- C:\Windows\System32\sbe.dll
2011-03-23 23:17:14 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-23 23:17:13 322560 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-23 23:17:13 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-23 23:17:12 210944 ----a-w- C:\Windows\System32\sbeio.dll
2011-03-23 23:17:12 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
2011-03-21 22:36:40 -------- d-sh--w- C:\PROGRA~3\SysWoW32
2011-03-21 22:36:25 203776 --sh--w- C:\PROGRA~3\unrar.exe
2011-03-20 16:19:51 -------- d-----w- C:\Users\Brad\FrostWire
2011-03-20 07:03:44 -------- d-----w- C:\Users\Brad\AppData\Roaming\uTorrent
2011-03-17 20:53:03 95232 ----a-w- C:\Windows\System32\xvid.ax
2011-03-17 20:53:03 703488 ----a-w- C:\Windows\System32\xvidcore.dll
2011-03-17 20:53:03 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2011-03-17 20:53:02 79360 ----a-w- C:\Windows\SysWow64\xvid.ax
2011-03-17 20:53:02 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-03-17 20:53:02 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-03-17 20:53:02 -------- d-----w- C:\Program Files (x86)\Xvid
2011-03-12 16:28:40 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 16:28:40 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-09 04:14:15 -------- d-----w- C:\PROGRA~3\bdch
2011-03-08 01:14:01 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-03-08 01:14:01 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-02-27 06:14:42 -------- d-----w- C:\RSII Rome-total war
2011-02-27 03:00:07 -------- d--h--w- C:\PROGRA~3\CanonIJEGV
2011-02-26 00:48:14 -------- d-----w- C:\Users\Brad\AppData\Local\Chromium
.
==================== Find3M ====================
.
2011-02-16 04:40:57 102712 ----a-w- C:\Windows\System32\drivers\bdhv.sys
2011-01-22 21:16:14 126975 ----a-w- C:\PROGRA~3\bdinstall.bin
2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-20 16:17:15 366592 ------w- C:\Windows\System32\winspool.drv
2011-01-20 16:17:03 625152 ----a-w- C:\Windows\System32\dxgi.dll
2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2011-01-20 16:16:52 327680 ------w- C:\Windows\System32\d3d10_1core.dll
2011-01-20 16:16:52 196096 ------w- C:\Windows\System32\d3d10_1.dll
2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll
2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll
2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll
2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll
2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll
2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll
2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll
2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll
2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll
2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe
2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll
2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll
2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll
2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe
2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll
2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll
2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-08 09:03:01 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-08 08:47:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-08 06:45:51 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-08 06:28:49 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-31 14:16:41 2757632 ----a-w- C:\Windows\System32\win32k.sys
2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
2010-07-08 14:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
.
============= FINISH: 10:30:59.01 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/30/2008 9:57:48 PM
System Uptime: 3/25/2011 9:56:01 AM (1 hours ago)
.
Motherboard: Gateway | | TBGM01
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2667/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 689 GiB total, 286.181 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Aion
Apple Application Support
Apple Software Update
Barbarian Invasion
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2(TM)
Battlefield 2142 Deluxe Edition
Borderlands
Call of Duty(R) - World at War(TM)
Call of Duty(R) 4 - Modern Warfare(TM)
Canon MP Navigator EX 2.0
Canon MP240 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system
Creative ALchemy
Creative ALchemy (X-Fi Edition)
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Creative USB Headsets
CRI-Squad-Alpha-0.9.3.5
Curse Client
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
DarthMod Ultimate Commander Edition
DarthMod Ultimate Commander Edition
Dragon Age Awakening Redesigned
Dragon Age Awakening Velanna Redesigned©
Dragon Age Redesigned © Morrigan
Dragon Age Redesigned Fixes
Dragon Age Redesigned Oghren©
Dragon Age Redesigned©
Dragon Age Redesigned© Zevran
Dragon Age Redesigned© Leliana
Dragon Age Redesigned© Sten
Dragon Age Redesigned© Wynne
Dragon Age: Origins
EA Download Manager
Empire: Total War
Empire: Total War - Special Forces Unit
Fallout 3
Fallout 3 - The Garden of Eden Creation Kit
Fallout Mod Manager 0.10.3
Fallout: New Vegas
FrostWire 4.21.4
Game Booster
GameSpy Comrade
Gateway Games
Gateway Recovery Management
GEAR driver installer for x86 and x64
GearDrvs
Google Toolbar for Internet Explorer
Google Update Helper
Grand Theft Auto IV
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Inkjet Printer/Scanner Extended Survey Program
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) 6 Update 3
Java(TM) 6 Update 5
KB0817 Keyboard Driver
Malwarebytes' Anti-Malware
MediaBar
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SOAP Toolkit 3.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
Mozilla Firefox (3.6.15)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCsoft Launcher
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PunkBuster for Battlefield 1942
PunkBuster Services
QuickTime
Realtek Card Reader
Rome - Total War
Search Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Segoe UI
Sins of a Solar Empire
SmartCopy
SmartLauncher
Sound Blaster X-Fi MB
Spelling Dictionaries Support For Adobe Reader 8
Steam
Total War: SHOGUN 2 Demo
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Warhammer Online - Age of Reckoning
WebEx Support Manager for Internet Explorer
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
World of Warcraft
Xvid Video Codec
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

GMER issue has nothing to do with 64-bit Windows.
If GMER doesn't find any changes, it won't produce any log.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Ok I have ran ComboFix and here is the report:

ComboFix 11-03-25.01 - Brad 03/25/2011 22:48:28.1.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1798 [GMT -4:00]
Running from: c:\users\Brad\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~3\Microsoft\Network\Downloader\qmgr0.dat
c:\progra~3\Microsoft\Network\Downloader\qmgr1.dat
c:\progra~3\SysWoW32
c:\progra~3\SysWoW32\mu2128803415v4
c:\progra~3\SysWoW32\mu2128803415v4.kwd
c:\progra~3\SysWoW32\mu2128803415v5
c:\progra~3\SysWoW32\mu2128803415v5.kwd
c:\progra~3\SysWoW32\mu2128803415v6
c:\progra~3\SysWoW32\mu2128803415v6.kwd
c:\progra~3\SysWoW32\mu2128803415v7
c:\progra~3\SysWoW32\mu2128803415v7.kwd
c:\progra~3\SysWoW32\wu2128803415v0
c:\progra~3\SysWoW32\wu2128803415v0.kwd
c:\progra~3\SysWoW32\wu2128803415v1
c:\progra~3\SysWoW32\wu2128803415v1.kwd
c:\progra~3\SysWoW32\wu2128803415v2
c:\progra~3\SysWoW32\wu2128803415v2.kwd
c:\progra~3\SysWoW32\wu2128803415v3
c:\progra~3\SysWoW32\wu2128803415v3.kwd
c:\progra~3\unrar.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\users\Brad\AppData\Roaming\.#
.
----- BITS: Possible infected sites -----
.
hxxp://ads1.msads.net
.
((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 )))))))))))))))))))))))))))))))
.
.
2011-03-26 03:09 . 2011-03-26 03:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-26 03:09 . 2011-03-26 03:09 -------- d-----w- c:\users\Brad\AppData\Local\temp
2011-03-25 20:16 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-25 20:16 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-25 20:16 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-25 20:16 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-25 20:16 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-25 20:16 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-25 20:16 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-25 20:16 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-25 05:14 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2011-03-25 05:14 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-25 05:14 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-25 05:14 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-03-25 05:14 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-03-24 22:57 . 2011-03-24 22:57 -------- d-----w- c:\users\Brad\AppData\Roaming\Malwarebytes
2011-03-24 22:56 . 2011-03-24 22:56 -------- d-----w- c:\progra~3\Malwarebytes
2011-03-24 22:56 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-24 22:56 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-24 22:56 . 2011-03-24 22:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-24 21:56 . 2011-03-24 21:56 -------- d-----w- c:\progra~3\PC Tools
2011-03-23 23:18 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll
2011-03-23 23:18 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-23 23:18 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe
2011-03-23 23:18 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-23 23:17 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-03-23 23:17 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll
2011-03-23 23:17 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-23 23:17 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-23 23:17 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-23 23:17 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-23 23:17 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll
2011-03-23 23:17 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
2011-03-20 16:19 . 2011-03-20 16:20 -------- d-----w- c:\users\Brad\FrostWire
2011-03-20 07:03 . 2011-03-20 07:12 -------- d-----w- c:\users\Brad\AppData\Roaming\uTorrent
2011-03-17 20:53 . 2011-02-22 19:40 95232 ----a-w- c:\windows\system32\xvid.ax
2011-03-17 20:53 . 2011-02-22 19:39 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-17 20:53 . 2011-02-22 19:38 703488 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-17 20:53 . 2011-03-17 20:53 -------- d-----w- c:\program files (x86)\Xvid
2011-03-17 20:53 . 2011-02-22 19:39 79360 ----a-w- c:\windows\SysWow64\xvid.ax
2011-03-17 20:53 . 2011-02-22 19:39 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-03-17 20:53 . 2011-02-22 19:37 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-09 04:14 . 2011-03-09 04:14 -------- d-----w- c:\progra~3\bdch
2011-03-08 01:14 . 2011-01-06 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-08 01:14 . 2011-01-06 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-02-27 06:14 . 2011-02-27 06:15 -------- d-----w- C:\RSII Rome-total war
2011-02-27 03:00 . 2011-02-27 03:00 -------- d--h--w- c:\progra~3\CanonIJEGV
2011-02-26 00:48 . 2011-02-26 00:48 -------- d-----w- c:\users\Brad\AppData\Local\Chromium
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 02:36 . 2010-06-24 15:33 18328 ----a-w- c:\progra~3\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-16 04:40 . 2010-05-13 20:52 102712 ----a-w- c:\windows\system32\drivers\bdhv.sys
2011-01-22 21:16 . 2011-01-22 04:11 126975 ----a-w- c:\progra~3\bdinstall.bin
2011-01-20 16:46 . 2011-02-19 22:04 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:17 . 2011-02-19 22:04 366592 ------w- c:\windows\system32\winspool.drv
2011-01-20 16:17 . 2011-02-19 22:04 625152 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:16 . 2011-02-19 22:04 287232 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:16 . 2011-02-19 22:04 327680 ------w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:16 . 2011-02-19 22:04 196096 ------w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:16 . 2011-02-19 22:04 1268224 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:16 . 2011-02-19 22:04 748544 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:16 . 2011-02-19 22:04 47104 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:16 . 2011-02-19 22:04 3548672 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:16 . 2011-02-19 22:04 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:14 . 2011-02-19 22:04 278528 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:14 . 2011-02-19 22:04 195072 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:08 . 2011-02-19 22:04 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2011-01-20 16:08 . 2011-02-19 22:04 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-19 22:04 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-01-20 16:08 . 2011-02-19 22:04 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2011-01-20 16:08 . 2011-02-19 22:04 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2011-01-20 16:07 . 2011-02-19 22:04 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2011-01-20 16:07 . 2011-02-19 22:04 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2011-01-20 16:06 . 2011-02-19 22:04 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-20 16:04 . 2011-02-19 22:04 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2011-01-20 16:04 . 2011-02-19 22:04 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2011-01-20 15:01 . 2011-02-19 22:04 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 15:01 . 2011-02-19 22:04 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:59 . 2011-02-19 22:04 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:58 . 2011-02-19 22:04 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:57 . 2011-02-19 22:04 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:42 . 2011-02-19 22:04 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:41 . 2011-02-19 22:04 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:40 . 2011-02-19 22:04 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:40 . 2011-02-19 22:04 34304 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-20 14:40 . 2011-02-19 22:04 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:37 . 2011-02-19 22:04 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:35 . 2011-02-19 22:04 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 14:28 . 2011-02-19 22:04 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2011-01-20 14:27 . 2011-02-19 22:04 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-20 14:25 . 2011-02-19 22:04 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2011-01-20 14:24 . 2011-02-19 22:04 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-19 22:04 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-19 22:04 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-19 22:04 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2011-01-20 14:14 . 2011-02-19 22:04 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-19 22:04 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-01-20 14:11 . 2011-02-19 22:04 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2011-01-20 14:06 . 2011-02-19 22:04 834048 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:47 . 2011-02-19 22:04 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-01-13 10:20 . 2011-01-22 01:53 7844688 ----a-w- c:\progra~3\Microsoft\Windows Defender\Definition Updates\{9D13924F-173C-4FF4-8A8C-D68364DF9A1A}\mpengine.dll
2011-01-08 09:03 . 2011-02-19 21:57 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 08:47 . 2011-02-19 21:57 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-08 06:45 . 2011-02-19 21:57 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 06:28 . 2011-02-19 21:57 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-31 14:16 . 2011-02-19 21:54 2757632 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 16:08 . 2011-01-20 01:15 466944 ----a-w- c:\windows\system32\odbc32.dll
2010-12-28 15:55 . 2011-01-20 01:15 413696 ----a-w- c:\windows\SysWow64\odbc32.dll
2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-08-10 14:06 91576 ------w- c:\program files (x86)\BearShareTb\BearShareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files (x86)\BearShareTb\BearShareDx.dll" [2009-08-10 91576]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2008-07-10 225396]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-02-15 417792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-02-16 71216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"StartMSu"="c:\program files (x86)\Creative\MediaSource5\Startmsu.exe" [2006-10-02 81920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2008-10-30 319488]
SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2008-10-30 335872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-02-08 79360]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-10-31 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-01-10 79360]
R3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [2009-02-08 79360]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 DFU;DFU;c:\windows\system32\drivers\MassDfu.sys [2009-02-08 14592]
R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-02-16 467248]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]
S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-02-16 53224]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [x]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 18:59]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 18:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2006-11-02 46592]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 2114376]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-02-16 76360]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-02-16 2008640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-Spyware Doctor with AntiVirus - c:\users\Brad\Desktop\sdasetup.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Skytel - Skytel.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2960005529-3494219434-145418510-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2960005529-3494219434-145418510-1000\Software\SecuROM\License information*]
"datasecu"=hex:98,dd,e8,1f,5b,4d,31,97,96,bd,f2,ac,2d,92,48,c0,b4,b0,78,1e,56,
bd,86,ca,80,0a,8d,cf,82,70,bf,c2,45,16,ab,50,96,7c,cf,26,9b,e5,5b,e1,15,df,\
"rkeysecu"=hex:b0,23,45,a0,be,86,b6,c3,34,c8,4a,39,79,40,4c,30
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-03-25 23:25:56
ComboFix-quarantined-files.txt 2011-03-26 03:25
.
Pre-Run: 308,224,270,336 bytes free
Post-Run: 308,483,801,088 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BEA922EE9160F887DC861511DF2F2DF8
 
Looks good.
How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I have ran OTL; also on regards of the redirections, they stopped after scanning with Malwarebyte, I believe the infected files are in quarantine in that program, anyways here are the logs from the OTL scan:

OTL logfile created on: 3/26/2011 12:07:23 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Brad\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.87 Gb Total Space | 287.35 Gb Free Space | 41.71% Space Free | Partition Type: NTFS

Computer Name: GAMING-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/26 00:05:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Downloads\OTL.exe
PRC - [2011/02/16 00:49:39 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
PRC - [2011/01/20 17:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/18 08:46:50 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2008/08/11 19:57:02 | 000,319,488 | ---- | M] () -- C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
PRC - [2008/08/11 12:20:28 | 000,335,872 | ---- | M] (North Star com.) -- C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
PRC - [2008/07/20 20:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 20:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/07/10 17:15:42 | 000,225,396 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2008/05/30 13:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/04/30 11:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/23 20:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/01 14:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/01/08 17:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


========== Modules (SafeList) ==========

MOD - [2011/03/26 00:05:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Downloads\OTL.exe
MOD - [2011/02/15 18:16:11 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\plugin_net.m32
MOD - [2011/02/15 18:16:10 | 000,176,128 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\plugin_extra.m32
MOD - [2011/02/15 18:16:04 | 000,286,720 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\plugin_nt.m32
MOD - [2011/02/15 18:16:02 | 000,667,648 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\plugin_fragments.m32
MOD - [2011/02/15 18:16:02 | 000,155,648 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\plugin_base.m32
MOD - [2011/02/15 18:15:58 | 000,249,864 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\midas32.dll
MOD - [2011/02/15 18:15:58 | 000,126,976 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\plugin_registry.m32
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/12/08 20:03:42 | 000,116,224 | ---- | M] (BitDefender SRL) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\leaktests.m32


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/16 00:48:31 | 000,467,248 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2011/02/16 00:44:16 | 002,613,744 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV:64bit: - [2011/02/16 00:41:23 | 000,053,224 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2009/08/13 22:15:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/07/22 22:54:06 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/02/25 21:08:04 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/09/18 08:46:50 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/08 17:09:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe -- (Creative ALchemy AL1 Licensing Service)
SRV - [2009/02/08 17:04:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe -- (Creative HOAL Licensing Service)
SRV - [2008/10/30 21:57:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2008/07/20 20:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/30 11:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/09 20:27:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/20 18:42:04 | 000,115,280 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV:64bit: - [2010/08/20 15:42:08 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV:64bit: - [2010/07/09 15:08:16 | 000,388,168 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2010/06/28 12:55:44 | 001,040,976 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\avckf.sys -- (avckf)
DRV:64bit: - [2010/06/28 12:55:38 | 000,692,816 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\avc3.sys -- (avc3)
DRV:64bit: - [2010/05/13 16:52:08 | 000,162,896 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bdfm.sys -- (BDFM)
DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/01/19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\bdvedisk.sys -- (Bdvedisk)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/19 18:57:57 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/08/14 00:30:12 | 006,201,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/02/08 17:47:31 | 000,014,592 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MassDfu.sys -- (DFU)
DRV:64bit: - [2008/08/14 17:30:10 | 000,335,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8187Se.sys -- (RTL8187Se)
DRV:64bit: - [2008/08/12 20:13:23 | 000,181,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/07/20 20:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/06/13 04:41:54 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2008/06/04 02:06:54 | 000,204,288 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RTS5121.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/04/10 04:20:30 | 000,028,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2008/04/10 04:20:00 | 000,028,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV - [2009/02/08 17:47:31 | 000,014,592 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MassDfu.sys -- (DFU)
DRV - [2008/06/11 14:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2002/07/17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=fx6800-01e&c=BB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 5D 2A 06 39 6F BC 49 A2 5D 05 5B B1 E2 6E D2 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 5D 2A 06 39 6F BC 49 A2 5D 05 5B B1 E2 6E D2 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 5D 2A 06 39 6F BC 49 A2 5D 05 5B B1 E2 6E D2 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 5D 2A 06 39 6F BC 49 A2 5D 05 5B B1 E2 6E D2 [binary data]

IE - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 5D 2A 06 39 6F BC 49 A2 5D 05 5B B1 E2 6E D2 [binary data]
IE - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.1.9
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/01/22 17:13:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/25 16:16:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/25 16:16:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2011/01/22 17:13:32 | 000,000,000 | ---D | M]

[2009/09/24 17:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Extensions
[2011/03/25 16:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions
[2010/05/01 03:25:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/01 03:25:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/08 14:47:07 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2010/12/06 20:52:13 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/09/27 01:10:48 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions\searchtoolbar@zugo.com
[2010/10/11 18:56:27 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions\smartbookmarksbar@remy.juteau
[2011/03/25 16:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/12 08:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}
[2010/07/12 08:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b}
[2010/05/09 02:21:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/01 16:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 22:07:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/01 17:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\BRAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2EL49ALO.DEFAULT\EXTENSIONS\FIREFOXADDON@SIMILARWEB.COM.XPI
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/25 23:09:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShareTb\BearShareDx.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShareTb\BearShareDx.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ietoolbar.dll (BitDefender S.R.L.)
O3:64bit: - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2960005529-3494219434-145418510-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2960005529-3494219434-145418510-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [StartMSu] C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [StartMSu] C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.184.64.2 4.2.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Brad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 23:26:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\temp
[2011/03/25 22:41:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/25 22:41:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/25 22:41:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/25 22:41:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/25 22:40:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/25 22:40:46 | 000,000,000 | ---D | C] -- \Qoobox
[2011/03/25 22:40:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/25 22:40:23 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/03/25 22:40:23 | 000,000,000 | ---D | C] -- \32788R22FWJFW
[2011/03/24 18:57:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Malwarebytes
[2011/03/24 18:56:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/24 18:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/24 18:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/24 18:56:51 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/03/24 18:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/24 17:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/03/20 12:19:51 | 000,000,000 | ---D | C] -- C:\Users\Brad\FrostWire
[2011/03/20 12:19:24 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/03/20 03:03:44 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\uTorrent
[2011/03/17 16:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/03/17 16:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2011/03/09 00:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2011/02/27 02:14:42 | 000,000,000 | ---D | C] -- C:\RSII Rome-total war
[2011/02/27 02:14:42 | 000,000,000 | ---D | C] -- \RSII Rome-total war
[2011/02/26 23:00:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011/02/25 20:48:14 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\Chromium

========== Files - Modified Within 30 Days ==========

[2011/03/25 23:39:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/25 23:09:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/03/25 22:37:05 | 004,302,838 | R--- | M] () -- C:\Users\Brad\Desktop\ComboFix.exe
[2011/03/25 22:36:38 | 000,808,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/25 22:36:38 | 000,676,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/25 22:36:38 | 000,133,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/25 22:32:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/25 22:30:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011/03/25 22:30:18 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 22:30:18 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 22:30:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/25 22:30:08 | 3211,968,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/25 16:16:16 | 000,000,914 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/25 16:16:16 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/24 18:56:54 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/24 18:47:46 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/24 18:41:58 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\1578548090
[2011/03/23 23:35:02 | 000,014,336 | ---- | M] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/22 23:42:10 | 000,001,185 | ---- | M] () -- C:\ProgramData\1422055281
[2011/03/22 21:35:07 | 000,000,022 | ---- | M] () -- C:\ProgramData\7438ab0a
[2011/03/22 19:05:11 | 000,000,144 | -HS- | M] () -- C:\ProgramData\1961426013
[2011/03/20 12:19:24 | 000,001,066 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.4.lnk
[2011/03/20 12:19:24 | 000,001,042 | ---- | M] () -- C:\Users\Brad\Desktop\FrostWire 4.21.4.lnk
[2011/02/27 02:28:26 | 000,001,256 | ---- | M] () -- C:\Users\Public\Desktop\Roma Surrectum II Launcher.lnk

========== Files Created - No Company Name ==========

[2011/03/25 22:41:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/25 22:41:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/25 22:41:36 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/25 22:41:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/25 22:41:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/25 22:35:47 | 004,302,838 | R--- | C] () -- C:\Users\Brad\Desktop\ComboFix.exe
[2011/03/25 16:16:16 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/25 00:37:55 | 3211,968,512 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/25 00:37:55 | 3211,968,512 | -HS- | C] () --
[2011/03/24 18:56:54 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/21 18:57:02 | 000,000,022 | ---- | C] () -- C:\ProgramData\7438ab0a
[2011/03/21 18:36:40 | 000,001,185 | ---- | C] () -- C:\ProgramData\1422055281
[2011/03/21 18:36:25 | 000,000,144 | -HS- | C] () -- C:\ProgramData\1961426013
[2011/03/20 20:09:13 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\1578548090
[2011/03/20 12:19:24 | 000,001,066 | ---- | C] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.4.lnk
[2011/03/20 12:19:24 | 000,001,042 | ---- | C] () -- C:\Users\Brad\Desktop\FrostWire 4.21.4.lnk
[2011/03/17 16:53:03 | 000,703,488 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2011/03/17 16:53:03 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2011/03/17 16:53:03 | 000,095,232 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2011/03/17 16:53:02 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/17 16:53:02 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/17 16:53:02 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011/02/27 02:28:26 | 000,001,256 | ---- | C] () -- C:\Users\Public\Desktop\Roma Surrectum II Launcher.lnk
[2011/01/22 18:14:53 | 000,000,090 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\wklnhst.dat
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/07/12 09:57:47 | 004,194,322 | ---- | C] () -- \memory_map.tga
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/06/22 00:47:36 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010/02/17 23:45:34 | 000,000,025 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\bdfvconp.ini
[2010/01/30 18:33:16 | 000,001,460 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps64.dat
[2009/12/20 20:18:51 | 000,001,306 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/09/24 17:43:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/17 00:24:38 | 000,014,336 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/09 18:37:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/09 18:37:17 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/07/09 18:36:50 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/12 16:02:27 | 000,001,039 | ---- | C] () -- C:\Windows\eReg.dat
[2009/01/10 17:26:18 | 000,214,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/01/10 17:25:55 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/01/10 17:25:55 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/01/06 23:32:20 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/01/04 05:37:33 | 000,786,440 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/12/28 01:54:18 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/10/30 22:02:53 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe
[2008/10/30 22:02:53 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2008/10/30 22:02:53 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2008/10/30 22:02:53 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2008/10/30 21:54:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/10/30 21:48:48 | 3525,718,016 | -HS- | C] () --
[2008/09/19 01:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008/09/19 01:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/09 20:29:25 | 000,001,324 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2008/01/09 20:29:25 | 000,001,269 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2008/01/09 20:28:57 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008/01/09 20:28:57 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008/01/09 19:37:33 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/01/09 19:37:32 | 000,333,257 | RHS- | C] () -- \bootmgr
[2008/01/09 19:34:38 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2007/12/06 03:53:48 | 000,001,209 | R--- | C] () -- C:\Windows\xfiskcfg.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/01/22 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\BitDefender
[2010/04/13 15:41:01 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Canon
[2011/03/21 20:39:55 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\FrostWire
[2009/11/08 01:31:27 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\MusicNet
[2011/01/22 16:11:54 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\QuickScan
[2011/01/22 18:14:57 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Template
[2011/02/25 20:46:35 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\The Creative Assembly
[2011/03/20 03:12:51 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\uTorrent
[2011/03/25 16:39:31 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2011/03/25 16:39:28 | 000,121,943 | ---- | M] () -- C:\bdlog.txt
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/01/09 19:37:33 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/03/25 23:26:06 | 000,026,692 | ---- | M] () -- C:\ComboFix.txt
[2011/03/25 22:30:08 | 3211,968,512 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/09 21:00:22 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
[2010/07/12 10:30:46 | 004,194,322 | ---- | M] () -- C:\memory_map.tga
[2011/03/25 22:30:06 | 3525,718,016 | -HS- | M] () -- C:\pagefile.sys
[2008/10/30 22:09:29 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2008/01/09 20:22:29 | 000,000,787 | ---- | M] () -- C:\RHDSetup.log
[2009/09/22 14:49:14 | 000,001,862 | ---- | M] () -- C:\tracert.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/09 18:57:28 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/15 01:31:54 | 000,000,286 | -HS- | M] () -- C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/03/25 22:37:05 | 004,302,838 | R--- | M] () -- C:\Users\Brad\Desktop\ComboFix.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/11/27 19:03:02 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/11/27 19:02:28 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/11/27 19:02:28 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/11/27 19:02:28 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/11/27 19:02:28 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/11/27 19:02:28 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/12/27 19:47:37 | 000,000,402 | -HS- | M] () -- C:\Users\Brad\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/03/22 23:42:10 | 000,001,185 | ---- | M] () -- C:\ProgramData\1422055281
[2011/03/22 19:05:11 | 000,000,144 | -HS- | M] () -- C:\ProgramData\1961426013
[2011/03/22 21:35:07 | 000,000,022 | ---- | M] () -- C:\ProgramData\7438ab0a
[2011/01/22 17:16:14 | 000,126,975 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2011/01/22 16:56:52 | 000,005,316 | ---- | M] () -- C:\ProgramData\search_result.xml

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:DE65571A

< End of report >
 
OTL Extras logfile created on: 3/26/2011 12:07:23 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Brad\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.87 Gb Total Space | 287.35 Gb Free Space | 41.71% Space Free | Partition Type: NTFS

Computer Name: GAMING-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = B7 D0 6F 60 0D 01 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CAD7FE-68A4-475F-8B29-3C99B97A7341}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{09F8D613-5B6F-4A2F-94F5-80B79A1E110C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F5812D7-62EC-42EB-B7B6-5C163B7E6A10}" = rport=10243 | protocol=6 | dir=out | app=system |
"{118CF074-A3F1-42F7-9445-4B22346776F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{16DAD898-FD4C-4DED-ACDB-6CD450EE8763}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1756FEC2-807F-4513-8AA1-BDD855C0EBCC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{17676599-0395-46AA-B231-5FB3807CDB19}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{18EDAB3C-177B-43BB-BA78-AD8E2E107440}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1D889E22-43F8-4D5E-A882-2C97C007117C}" = rport=139 | protocol=6 | dir=out | app=system |
"{1F4D5191-F6D0-44AC-BFD7-13E60CB8EA3A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2302C42B-E258-4AF3-8529-899C7E9E0036}" = rport=137 | protocol=17 | dir=out | app=system |
"{324D58E0-F2F0-473E-BC77-B2893DDA044A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{399420AB-00AE-4E35-A14A-E6FB223050C1}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B8215CD-4892-4273-BDF8-F67903C1BB4C}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{3D4E1CE4-A759-4F35-B4CB-14D985B43756}" = rport=138 | protocol=17 | dir=out | app=system |
"{54CE298E-6EE0-476A-BDD1-DB9C088DE317}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60EBBDAD-67A8-4A8C-BDC4-30A425FB5B36}" = lport=10243 | protocol=6 | dir=in | app=system |
"{625CDF63-3251-4E7C-9BFA-777B361307DB}" = lport=138 | protocol=17 | dir=in | app=system |
"{82E1A692-4CE7-4990-9290-73A2FD70737A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91C7B99D-30D4-4A55-9351-DA519BDBCB94}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{950F76FE-0F4B-4672-B95E-D5D1CA7BDEE0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{952F5118-8F80-44A7-9850-F10CE2AB3B6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AEE8512-A9E2-4F3D-AD23-A80A419B2C34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E67EEA3-B3B0-4A17-BE11-FBE21BE0FEDD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B865BC56-4754-4B87-BDB8-8B37C5CB5B56}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BD471AA5-EFF0-444B-9C4F-2D5A43F5F4E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C0FD2849-4455-459A-A59D-77D11D7C6CBB}" = lport=445 | protocol=6 | dir=in | app=system |
"{C83C18B2-E20E-4A2F-94A5-0A8CF5CD8A90}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C914DE17-25F4-459D-97F3-B73613BEB632}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1F7AF78-12C5-417D-838B-6F99B157F52A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EE40EF5A-450D-4C76-A44D-78A270FBE4DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F1E812AD-7DD5-46D2-995E-EC7C2F783474}" = lport=137 | protocol=17 | dir=in | app=system |
"{FD99692E-40B6-4051-A4E9-A5425F601E7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{077103D0-CE2F-48D8-BFEC-E1AF1D277F68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{09DDD87A-17C4-442C-B775-FC7840C9272A}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{0F022817-2717-45F6-80A5-BF9E49DB595E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{12935D87-5E10-40A5-B2DC-42F617AE637F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13EB0188-5287-4CC4-81A2-32A707570A78}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{192A9504-F86F-4251-9E1F-CFADF56C703B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1ED57B85-5A85-4FC0-93D9-1DCCE0956FD4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1FD876E1-5AEA-4FC5-8A20-AC36A0909B84}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{228146BD-6B89-49DB-8789-BB1956EE73EE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{28B5CF5D-3321-436D-98DE-B7711A681924}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2F686A57-2CBD-4C3D-AB85-AB3A49746FC1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{30A66F3A-E39E-4E27-89CD-C3B57E49992B}" = dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\roaming\f7fc.tmp |
"{3177A52D-4B2B-4EA5-8818-E2DC3F11E5E1}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{3A1C69C5-1776-403F-900D-9C7611C324A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2 demo\shogun2.exe |
"{3C184524-F56C-42F7-BAC3-265B89CC4897}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{45393F27-9258-424E-97D2-5735743C647C}" = dir=in | app=c:\windows\syswow64\htui32.exe |
"{483B322E-39C8-4CC9-AAE4-91B8FAAB2ED9}" = dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\roaming\f7fc.tmp |
"{5C553EAB-7B12-4E72-A51F-228B03BB9627}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"{5D29A5CE-45A9-4C9F-9E28-FC1214F35855}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5EDF22F5-FD7E-4FD0-973C-4EF6EFA56FA4}" = protocol=6 | dir=out | app=system |
"{6589F67F-49C6-4D59-99AA-12B3A58476B6}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{65BFD363-A0F6-4336-8633-7A817C2E2BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{68194C96-BF22-4BF8-8490-0D15B2DF5299}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{6837E46F-96AF-447F-9800-AC23A586885C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6994AC18-0247-490D-8FEF-0622723D69CA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6FCC72F5-FB37-4F3D-9196-C291FEFE0C03}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{712073FB-102C-4511-8C61-42E94A7A3B58}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{71617B10-95DC-4B3B-A129-DCF38DE6B08E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{71A94F8C-7CFF-4DFB-922D-EA1BD0D73A2B}" = dir=in | app=c:\windows\syswow64\htui32.exe |
"{71ED500F-2E00-4DD9-8883-23DBEADD6236}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{72147EBB-0F26-4EAA-9FA7-F813D39AE0F1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{72175200-CE64-4AEB-9BA8-059AFF5F9076}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{736D0B17-412C-418E-8992-70C0F8819C97}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{78CE9A28-46FF-4FF2-A21D-D804E2ED8E42}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{7CDB76DA-01D2-4DD3-80F2-8F1FF12361B4}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{7E484E9E-858E-4665-9152-281B4696D971}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{82139623-FBE9-4931-95CF-6D8BDC4C1E44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87B8A19C-0AA7-41BB-A08B-014FC428077C}" = dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\roaming\f7fc.tmp |
"{892C127B-A10C-4198-9B19-A282E0A8292A}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{8B44D02C-04F7-4A0C-AE5F-4DB46F344B55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8E5F767B-F270-4D9D-BC68-02F378335D16}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94D2042D-E51E-464D-806D-069E81FCCACA}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{9627BAC7-96CB-49F8-92F9-C6387046876D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99022F01-F258-47E2-B7F0-51C8416ED91F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9E95F42A-1EBB-4AC6-B6B7-9713BF29B60A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A945518F-8DB5-45CB-8352-60E19A898BBC}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{A9FEB3FE-8E8F-4BFB-B457-E80E423E4CB9}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{AA9751EC-6086-4E04-8143-C618AEA60C99}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{AD56B372-2A4D-4D74-8247-4783712E1B4B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B272C5CC-DFF2-4DA5-B7BE-5558ADD40C14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC906961-EB72-41ED-9726-1C3DB6AB6BCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD387047-1658-4EC5-ACBD-953E3FC421EF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C1399815-BC49-40E3-80E0-34E06FBA463B}" = dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\roaming\f7fc.tmp |
"{C78F1435-A33A-4BCE-9FF9-3AC2FF840E09}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C9F35F07-03C7-4990-A0F0-43CC6F0587BE}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{CAD1919A-850A-42D3-B064-5948FFF93AE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2 demo\shogun2.exe |
"{CBFD2284-A238-4591-B60F-53DA8C5210F5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"{CC6962EC-13FD-4930-BE4A-99A9FCA6F875}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDA01406-8C5B-4E24-B951-1A54BFDD9812}" = dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\roaming\f7fc.tmp |
"{CDF16877-A107-4A07-8381-E0A007CD5045}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{CFF70F50-629C-4066-B77C-44CAAE72D70C}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{D1D8B19D-B899-4559-8F4C-008CEC1DC8C0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8A96F57-8223-4F4A-84AF-EC271A294B2E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{DB9BFFD1-4776-456A-A093-399AB03BEE36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DCC957FA-445E-4590-8605-06BA52E88C05}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{EB4FE387-089E-47B2-845E-EF09E65488B1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F628DD43-2BA6-4E87-9C74-D03A315E60DE}" = dir=in | app=c:\windows\syswow64\htui32.exe |
"{F63588FF-D3A0-4892-8507-0E721AD0D0AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F69E853B-812F-4441-97A5-5B117245E085}" = dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\roaming\f7fc.tmp |
"{F750B49E-37D8-4966-82F5-ED84397017ED}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{FDE58C6C-6398-49F1-9823-5F990C891721}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{FFBA4D97-CBA3-476C-AE85-6CC2D7B60581}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{425F94D8-3DDF-4A0C-820C-A2EC0CE9B3D6}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{518AF126-6F3F-4D32-AF24-8BFA91B5C76C}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"TCP Query User{7F9CB34A-64E2-4350-A799-A3C7702A993F}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{DF61BFFE-4AA7-48E9-B454-BCC6C5F5D877}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"TCP Query User{F6461F28-2064-483C-A27A-4686651BCFBF}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{3D5E82D8-9351-4C0B-8B37-3810A424E4A9}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"UDP Query User{57DF07D4-0B15-46E1-BC2A-1E5236C0581C}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{600A17F6-E3C0-4AB3-815F-2DFDA639C2AB}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{EB36B43C-5319-4CEB-972A-A2DA5BE17660}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{F0FF4EC0-229B-4215-A432-BAD18E189EE2}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5A2935F1-137E-454C-B4F8-C379709449E9}" = BitDefender Total Security 2011
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"BitDefender" = BitDefender Total Security 2011
"Explorer Suite_is1" = Explorer Suite III
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSet" = Intel(R) Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51D386C4-0227-46A9-AC45-61F0A50E7AFF}" = Rome - Total War
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5B3A354B-C059-4861-A85B-CA46F1089E15}" = Creative USB Headsets
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FC210CF-1637-4125-A1CB-A8E04E9B0B37}" = Aion
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7E99FEB-A620-40B0-9B37-4410738B351E}" = Sound Blaster X-Fi MB
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition
"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver
"{EFC1B3CA-9B90-458D-AD7A-A0F2CD6F4A84}" = Realtek Card Reader
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"ALchemy X-Fi" = Creative ALchemy (X-Fi Edition)
"bearsharetb" = MediaBar
"Canon MP240 series User Registration" = Canon MP240 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"CRI-Squad-Alpha-0.9.3.5" = CRI-Squad-Alpha-0.9.3.5
"DarthMod Ultimate Commander Edition" = DarthMod Ultimate Commander Edition
"EADM" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.10.3
"FrostWire" = FrostWire 4.21.4
"Game Booster_is1" = Game Booster
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Search Toolbar" = Search Toolbar
"Sins of a Solar Empire" = Sins of a Solar Empire
"Steam App 10500" = Empire: Total War
"Steam App 10600" = Empire: Total War - Special Forces Unit
"Steam App 22380" = Fallout: New Vegas
"Steam App 34350" = Total War: SHOGUN 2 Demo
"SysInfo" = Creative System Information
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xvid Video Codec 1.3.0" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"DarthMod Ultimate Commander Edition " = DarthMod Ultimate Commander Edition
"Dragon Age Awakening Redesigned" = Dragon Age Awakening Redesigned
"Dragon Age Awakening Velanna Redesigned©" = Dragon Age Awakening Velanna Redesigned©
"Dragon Age Redesigned © Morrigan" = Dragon Age Redesigned © Morrigan
"Dragon Age Redesigned Fixes" = Dragon Age Redesigned Fixes
"Dragon Age Redesigned Oghren©" = Dragon Age Redesigned Oghren©
"Dragon Age Redesigned©" = Dragon Age Redesigned©
"Dragon Age Redesigned© Zevran" = Dragon Age Redesigned© Zevran
"Dragon Age Redesigned© Leliana" = Dragon Age Redesigned© Leliana
"Dragon Age Redesigned© Sten" = Dragon Age Redesigned© Sten
"Dragon Age Redesigned© Wynne" = Dragon Age Redesigned© Wynne

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2009 3:48:45 PM | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/24/2011 8:31:30 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/24/2011 8:31:30 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/24/2011 8:31:30 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/24/2011 8:31:30 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/24/2011 8:31:30 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/25/2011 10:10:53 AM | Computer Name = Gaming-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 002268384455 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/25/2011 10:34:59 AM | Computer Name = Gaming-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 002268384455 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/25/2011 10:56:08 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 3/25/2011 11:05:52 PM | Computer Name = Gaming-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 3/25/2011 11:09:53 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4:64bit: - HKLM..\Run: [Skytel] File not found
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:DE65571A
    
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I have followed those steps; I have the OTL and checkup logs; Eset didn't produce any log.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
C:\Windows\Updreg.EXE moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Skytel deleted successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\TEMP:DE65571A deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 156879 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 45201802 bytes
->Flash cache emptied: 2099 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 268 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 219534 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43.00 mb


[EMPTYFLASH]

User: All Users

User: Brad
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03262011_004908

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.7
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9.4.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

BitDefender BitDefender 2011 vsserv.exe
BitDefender BitDefender 2011 bdagent.exe
BitDefender BitDefender 2011 updatesrv.exe
BitDefender BitDefender 2011 pchooklaunch64.exe
BitDefender BitDefender 2011 Antispam32 pchooklaunch32.exe
BitDefender BitDefender 2011 downloader.exe
``````````End of Log````````````
 
Uninstall:
Java(TM) 6 Update 3
Java(TM) 6 Update 5


======================================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
I've ran into a problem, I removed java 6 update 5 just fine but when I try to uninstall java 6 update 3 I keep getting an error 1719, windows installer service could not be accessed.
 
I have ran the reset system restore OTL here is the log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 292177 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53797284 bytes
->Flash cache emptied: 1057 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66423 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 232216 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 52.00 mb


[EMPTYFLASH]

User: All Users

User: Brad
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.22.3 log created on 03262011_144815

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
My computer seems to be running great again, haven't had any misdirections since malwarebyte first quarantined those files, bitdefender is no longer identifying the virus it was before, everything seems to be good; I downloaded and ran the processes you recommended and am defragging atm, hopefully all will continue to be well; Thank you very much for the help this redirection virus really had me at a loss so I really appreciate the help.
 
Status
Not open for further replies.
Back