TechSpot

Search/Firefox redirection virus

By Vesp08
Mar 25, 2011
  1. Hello, recently it seems i've gotten the so-called "goggle search virus," in which my searchs via yahoo and/or bing, have been redirected to random websites along with those same random websites occasionally showing up without a search redirect, I have followed the 8 steps preliminary removal and have all logs except gmer to include; this is due to running 64 bit version of windows vista and not being able to produce a log with that program.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6161

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    3/24/2011 7:04:19 PM
    mbam-log-2011-03-24 (19-04-19).txt

    Scan type: Quick scan
    Objects scanned: 167738
    Time elapsed: 4 minute(s), 13 second(s)

    Memory Processes Infected: 3
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 3
    Files Infected: 9

    Memory Processes Infected:
    c:\Windows\SysWOW64\htui32.exe (Trojan.Tracur.S) -> 2884 -> Unloaded process successfully.
    c:\programdata\kbdintel32.exe (Trojan.Tracur.S) -> 2984 -> Unloaded process successfully.
    c:\Users\Brad\AppData\Roaming\SysWin\lsass.exe (Trojan.Tracur.S) -> 4876 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinRM32 (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDBPL (Trojan.Tracur.S) -> Value: RTHDBPL -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\programdata\378194794 (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\Users\Brad\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Windows\SysWOW64\htui32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    c:\programdata\kbdintel32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    c:\Users\Brad\AppData\Roaming\SysWin\lsass.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    c:\Windows\System32\htui32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    c:\Windows\System32\kbdintel32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    c:\Windows\System32\KBDIR32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\kbdintel32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\KBDIR32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\SysWin\lsass.exe (Worm.Prolaco) -> Quarantined and deleted successfully.

    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Brad at 10:28:21.02 on Fri 03/25/2011
    Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1655 [GMT -4:00]
    .
    AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: BitDefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
    FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agr64svc.exe
    C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
    C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
    C:\Windows\Explorer.EXE
    C:\Windows\MHotKey.exe
    C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe
    C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Windows\RAVCpl64.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
    C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
    C:\Windows\CNYHKey.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ChiFuncExt.exe
    C:\Windows\ModLedKey.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\BitDefender\BitDefender 2011\downloader.exe
    C:\Users\Brad\Downloads\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = about:blank
    mWinlogon: Userinit=userinit.exe,
    BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\Program Files (x86)\BearShareTb\BearShareDx.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\Program Files (x86)\BearShareTb\BearShareDx.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [PlayNC Launcher]
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    uRun: [Spyware Doctor with AntiVirus] C:\Users\Brad\Desktop\sdasetup.exe -min
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [LchDrvKey] LchDrvKey.exe
    mRun: [LedKey] CNYHKey.exe
    mRun: [eRecoveryService]
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
    dRunOnce: [StartMSu] "C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe" /s
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTC~1.LNK - C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTL~1.LNK - C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: BitDefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun-x64: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
    mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    mRun-x64: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
    mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    mRun-x64: [RtHDVCpl] RAVCpl64.exe
    mRun-x64: [Skytel] Skytel.exe
    mRun-x64: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"
    mRun-x64: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - component: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\components\bdaphff3.6.dll
    FF - component: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\components\bdaphff3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: SimilarWeb: FirefoxAddon@similarWeb.com - %profile%\extensions\FirefoxAddon@similarWeb.com
    FF - Ext: Smart Bookmarks Bar: smartbookmarksbar@remy.juteau - %profile%\extensions\smartbookmarksbar@remy.juteau
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: BitDefender Antiphishing Toolbar: FFToolbar@bitdefender.com - C:\Program Files\BitDefender\BitDefender 2011\bdaphffext
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2010-8-20 88144]
    R1 Bdvedisk;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2010-1-19 103944]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-11 202752]
    R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-10-30 24576]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
    R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2010-12-6 53224]
    R3 BDFM;BDFM;C:\Windows\System32\drivers\bdfm.sys [2010-5-13 162896]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2008-9-30 316544]
    R3 gwfilt64;gwfilt64;C:\Windows\System32\drivers\gwfilt64.sys [2008-1-9 28160]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RTS5121.sys [2008-10-30 204288]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
    S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-2-8 79360]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-1-9 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-1-9 79360]
    S3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [2009-2-8 79360]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 DFU;DFU;C:\Windows\System32\drivers\MassDfu.sys [2009-2-8 14592]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2009-2-8 28160]
    S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-10-11 467248]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2010-6-28 692816]
    S4 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2010-6-28 1040976]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-9 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-03-25 05:14:27 1149440 ----a-w- C:\Windows\System32\FntCache.dll
    2011-03-25 05:14:26 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-03-25 05:14:26 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-03-25 05:14:26 1555968 ----a-w- C:\Windows\System32\DWrite.dll
    2011-03-25 05:14:26 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-03-24 22:57:01 -------- d-----w- C:\Users\Brad\AppData\Roaming\Malwarebytes
    2011-03-24 22:56:54 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-24 22:56:54 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-24 22:56:51 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-24 22:56:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-24 21:56:28 -------- d-----w- C:\PROGRA~3\PC Tools
    2011-03-23 23:18:13 2425344 ----a-w- C:\Windows\System32\mstscax.dll
    2011-03-23 23:18:13 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2011-03-23 23:18:12 731136 ----a-w- C:\Windows\System32\mstsc.exe
    2011-03-23 23:18:12 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2011-03-23 23:17:15 559616 ----a-w- C:\Windows\System32\EncDec.dll
    2011-03-23 23:17:14 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-03-23 23:17:14 416768 ----a-w- C:\Windows\System32\sbe.dll
    2011-03-23 23:17:14 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
    2011-03-23 23:17:13 322560 ----a-w- C:\Windows\SysWow64\sbe.dll
    2011-03-23 23:17:13 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2011-03-23 23:17:12 210944 ----a-w- C:\Windows\System32\sbeio.dll
    2011-03-23 23:17:12 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
    2011-03-21 22:36:40 -------- d-sh--w- C:\PROGRA~3\SysWoW32
    2011-03-21 22:36:25 203776 --sh--w- C:\PROGRA~3\unrar.exe
    2011-03-20 16:19:51 -------- d-----w- C:\Users\Brad\FrostWire
    2011-03-20 07:03:44 -------- d-----w- C:\Users\Brad\AppData\Roaming\uTorrent
    2011-03-17 20:53:03 95232 ----a-w- C:\Windows\System32\xvid.ax
    2011-03-17 20:53:03 703488 ----a-w- C:\Windows\System32\xvidcore.dll
    2011-03-17 20:53:03 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
    2011-03-17 20:53:02 79360 ----a-w- C:\Windows\SysWow64\xvid.ax
    2011-03-17 20:53:02 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2011-03-17 20:53:02 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2011-03-17 20:53:02 -------- d-----w- C:\Program Files (x86)\Xvid
    2011-03-12 16:28:40 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-03-12 16:28:40 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-03-09 04:14:15 -------- d-----w- C:\PROGRA~3\bdch
    2011-03-08 01:14:01 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
    2011-03-08 01:14:01 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
    2011-02-27 06:14:42 -------- d-----w- C:\RSII Rome-total war
    2011-02-27 03:00:07 -------- d--h--w- C:\PROGRA~3\CanonIJEGV
    2011-02-26 00:48:14 -------- d-----w- C:\Users\Brad\AppData\Local\Chromium
    .
    ==================== Find3M ====================
    .
    2011-02-16 04:40:57 102712 ----a-w- C:\Windows\System32\drivers\bdhv.sys
    2011-01-22 21:16:14 126975 ----a-w- C:\PROGRA~3\bdinstall.bin
    2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-20 16:17:15 366592 ------w- C:\Windows\System32\winspool.drv
    2011-01-20 16:17:03 625152 ----a-w- C:\Windows\System32\dxgi.dll
    2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll
    2011-01-20 16:16:52 327680 ------w- C:\Windows\System32\d3d10_1core.dll
    2011-01-20 16:16:52 196096 ------w- C:\Windows\System32\d3d10_1.dll
    2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll
    2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll
    2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll
    2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll
    2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll
    2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll
    2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll
    2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll
    2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll
    2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll
    2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe
    2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll
    2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
    2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll
    2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
    2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll
    2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe
    2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll
    2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
    2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
    2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll
    2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll
    2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-01-08 09:03:01 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-08 08:47:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-08 06:45:51 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-08 06:28:49 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-12-31 14:16:41 2757632 ----a-w- C:\Windows\System32\win32k.sys
    2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll
    2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2010-07-08 14:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
    .
    ============= FINISH: 10:30:59.01 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/30/2008 9:57:48 PM
    System Uptime: 3/25/2011 9:56:01 AM (1 hours ago)
    .
    Motherboard: Gateway | | TBGM01
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2667/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 689 GiB total, 286.181 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.3
    Aion
    Apple Application Support
    Apple Software Update
    Barbarian Invasion
    Battlefield 1942
    Battlefield 1942: Secret Weapons of WWII
    Battlefield 1942: The Road To Rome
    Battlefield 2(TM)
    Battlefield 2142 Deluxe Edition
    Borderlands
    Call of Duty(R) - World at War(TM)
    Call of Duty(R) 4 - Modern Warfare(TM)
    Canon MP Navigator EX 2.0
    Canon MP240 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Compatibility Pack for the 2007 Office system
    Creative ALchemy
    Creative ALchemy (X-Fi Edition)
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative System Information
    Creative USB Headsets
    CRI-Squad-Alpha-0.9.3.5
    Curse Client
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    DarthMod Ultimate Commander Edition
    DarthMod Ultimate Commander Edition
    Dragon Age Awakening Redesigned
    Dragon Age Awakening Velanna Redesigned©
    Dragon Age Redesigned © Morrigan
    Dragon Age Redesigned Fixes
    Dragon Age Redesigned Oghren©
    Dragon Age Redesigned©
    Dragon Age Redesigned© Zevran
    Dragon Age Redesigned© Leliana
    Dragon Age Redesigned© Sten
    Dragon Age Redesigned© Wynne
    Dragon Age: Origins
    EA Download Manager
    Empire: Total War
    Empire: Total War - Special Forces Unit
    Fallout 3
    Fallout 3 - The Garden of Eden Creation Kit
    Fallout Mod Manager 0.10.3
    Fallout: New Vegas
    FrostWire 4.21.4
    Game Booster
    GameSpy Comrade
    Gateway Games
    Gateway Recovery Management
    GEAR driver installer for x86 and x64
    GearDrvs
    Google Toolbar for Internet Explorer
    Google Update Helper
    Grand Theft Auto IV
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Inkjet Printer/Scanner Extended Survey Program
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    KB0817 Keyboard Driver
    Malwarebytes' Anti-Malware
    MediaBar
    Medieval II Total War
    Medieval II Total War : Kingdoms : Americas
    Medieval II Total War : Kingdoms : Britannia
    Medieval II Total War : Kingdoms : Crusades
    Medieval II Total War : Kingdoms : Teutonic
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Suite Activation Assistant
    Microsoft Silverlight
    Microsoft SOAP Toolkit 3.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft Works
    Mozilla Firefox (3.6.15)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NCsoft Launcher
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    PunkBuster for Battlefield 1942
    PunkBuster Services
    QuickTime
    Realtek Card Reader
    Rome - Total War
    Search Toolbar
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Segoe UI
    Sins of a Solar Empire
    SmartCopy
    SmartLauncher
    Sound Blaster X-Fi MB
    Spelling Dictionaries Support For Adobe Reader 8
    Steam
    Total War: SHOGUN 2 Demo
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Warhammer Online - Age of Reckoning
    WebEx Support Manager for Internet Explorer
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    World of Warcraft
    Xvid Video Codec
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    GMER issue has nothing to do with 64-bit Windows.
    If GMER doesn't find any changes, it won't produce any log.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. Vesp08

    Vesp08 TS Rookie Topic Starter

    Ok I have ran ComboFix and here is the report:

    ComboFix 11-03-25.01 - Brad 03/25/2011 22:48:28.1.8 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1798 [GMT -4:00]
    Running from: c:\users\Brad\Desktop\ComboFix.exe
    AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
    FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
    SP: BitDefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\progra~3\Microsoft\Network\Downloader\qmgr0.dat
    c:\progra~3\Microsoft\Network\Downloader\qmgr1.dat
    c:\progra~3\SysWoW32
    c:\progra~3\SysWoW32\mu2128803415v4
    c:\progra~3\SysWoW32\mu2128803415v4.kwd
    c:\progra~3\SysWoW32\mu2128803415v5
    c:\progra~3\SysWoW32\mu2128803415v5.kwd
    c:\progra~3\SysWoW32\mu2128803415v6
    c:\progra~3\SysWoW32\mu2128803415v6.kwd
    c:\progra~3\SysWoW32\mu2128803415v7
    c:\progra~3\SysWoW32\mu2128803415v7.kwd
    c:\progra~3\SysWoW32\wu2128803415v0
    c:\progra~3\SysWoW32\wu2128803415v0.kwd
    c:\progra~3\SysWoW32\wu2128803415v1
    c:\progra~3\SysWoW32\wu2128803415v1.kwd
    c:\progra~3\SysWoW32\wu2128803415v2
    c:\progra~3\SysWoW32\wu2128803415v2.kwd
    c:\progra~3\SysWoW32\wu2128803415v3
    c:\progra~3\SysWoW32\wu2128803415v3.kwd
    c:\progra~3\unrar.exe
    c:\program files (x86)\Search Toolbar
    c:\program files (x86)\Search Toolbar\icon.ico
    c:\program files (x86)\Search Toolbar\SearchToolbar.dll
    c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
    c:\users\Brad\AppData\Roaming\.#
    .
    ----- BITS: Possible infected sites -----
    .
    hxxp://ads1.msads.net
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-26 03:09 . 2011-03-26 03:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-26 03:09 . 2011-03-26 03:09 -------- d-----w- c:\users\Brad\AppData\Local\temp
    2011-03-25 20:16 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-03-25 20:16 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-03-25 20:16 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
    2011-03-25 20:16 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
    2011-03-25 20:16 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-03-25 20:16 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2011-03-25 20:16 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
    2011-03-25 20:16 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-25 05:14 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-25 05:14 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-25 05:14 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-03-25 05:14 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-25 05:14 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-03-24 22:57 . 2011-03-24 22:57 -------- d-----w- c:\users\Brad\AppData\Roaming\Malwarebytes
    2011-03-24 22:56 . 2011-03-24 22:56 -------- d-----w- c:\progra~3\Malwarebytes
    2011-03-24 22:56 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-24 22:56 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-24 22:56 . 2011-03-24 22:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-24 21:56 . 2011-03-24 21:56 -------- d-----w- c:\progra~3\PC Tools
    2011-03-23 23:18 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-23 23:18 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
    2011-03-23 23:18 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-23 23:18 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
    2011-03-23 23:17 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-23 23:17 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll
    2011-03-23 23:17 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-23 23:17 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-03-23 23:17 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll
    2011-03-23 23:17 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
    2011-03-23 23:17 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-23 23:17 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
    2011-03-20 16:19 . 2011-03-20 16:20 -------- d-----w- c:\users\Brad\FrostWire
    2011-03-20 07:03 . 2011-03-20 07:12 -------- d-----w- c:\users\Brad\AppData\Roaming\uTorrent
    2011-03-17 20:53 . 2011-02-22 19:40 95232 ----a-w- c:\windows\system32\xvid.ax
    2011-03-17 20:53 . 2011-02-22 19:39 255488 ----a-w- c:\windows\system32\xvidvfw.dll
    2011-03-17 20:53 . 2011-02-22 19:38 703488 ----a-w- c:\windows\system32\xvidcore.dll
    2011-03-17 20:53 . 2011-03-17 20:53 -------- d-----w- c:\program files (x86)\Xvid
    2011-03-17 20:53 . 2011-02-22 19:39 79360 ----a-w- c:\windows\SysWow64\xvid.ax
    2011-03-17 20:53 . 2011-02-22 19:39 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
    2011-03-17 20:53 . 2011-02-22 19:37 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
    2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-03-09 04:14 . 2011-03-09 04:14 -------- d-----w- c:\progra~3\bdch
    2011-03-08 01:14 . 2011-01-06 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-03-08 01:14 . 2011-01-06 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
    2011-02-27 06:14 . 2011-02-27 06:15 -------- d-----w- C:\RSII Rome-total war
    2011-02-27 03:00 . 2011-02-27 03:00 -------- d--h--w- c:\progra~3\CanonIJEGV
    2011-02-26 00:48 . 2011-02-26 00:48 -------- d-----w- c:\users\Brad\AppData\Local\Chromium
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-09 02:36 . 2010-06-24 15:33 18328 ----a-w- c:\progra~3\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-16 04:40 . 2010-05-13 20:52 102712 ----a-w- c:\windows\system32\drivers\bdhv.sys
    2011-01-22 21:16 . 2011-01-22 04:11 126975 ----a-w- c:\progra~3\bdinstall.bin
    2011-01-20 16:46 . 2011-02-19 22:04 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:17 . 2011-02-19 22:04 366592 ------w- c:\windows\system32\winspool.drv
    2011-01-20 16:17 . 2011-02-19 22:04 625152 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:16 . 2011-02-19 22:04 287232 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:16 . 2011-02-19 22:04 327680 ------w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:16 . 2011-02-19 22:04 196096 ------w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:16 . 2011-02-19 22:04 1268224 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:16 . 2011-02-19 22:04 748544 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:16 . 2011-02-19 22:04 47104 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:16 . 2011-02-19 22:04 3548672 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:16 . 2011-02-19 22:04 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:14 . 2011-02-19 22:04 278528 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:14 . 2011-02-19 22:04 195072 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:08 . 2011-02-19 22:04 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
    2011-01-20 16:08 . 2011-02-19 22:04 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-19 22:04 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-19 22:04 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
    2011-01-20 16:08 . 2011-02-19 22:04 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
    2011-01-20 16:07 . 2011-02-19 22:04 258048 ----a-w- c:\windows\SysWow64\winspool.drv
    2011-01-20 16:07 . 2011-02-19 22:04 586240 ----a-w- c:\windows\SysWow64\stobject.dll
    2011-01-20 16:06 . 2011-02-19 22:04 2873344 ----a-w- c:\windows\SysWow64\mf.dll
    2011-01-20 16:04 . 2011-02-19 22:04 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
    2011-01-20 16:04 . 2011-02-19 22:04 98816 ----a-w- c:\windows\SysWow64\mfps.dll
    2011-01-20 15:01 . 2011-02-19 22:04 3068416 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 15:01 . 2011-02-19 22:04 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:59 . 2011-02-19 22:04 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:58 . 2011-02-19 22:04 1461760 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:57 . 2011-02-19 22:04 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:42 . 2011-02-19 22:04 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:41 . 2011-02-19 22:04 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:40 . 2011-02-19 22:04 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:40 . 2011-02-19 22:04 34304 ----a-w- c:\windows\system32\mfpmp.exe
    2011-01-20 14:40 . 2011-02-19 22:04 377344 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:37 . 2011-02-19 22:04 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:35 . 2011-02-19 22:04 566272 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 14:28 . 2011-02-19 22:04 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
    2011-01-20 14:27 . 2011-02-19 22:04 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-01-20 14:25 . 2011-02-19 22:04 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
    2011-01-20 14:24 . 2011-02-19 22:04 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-19 22:04 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-19 22:04 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-19 22:04 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-19 22:04 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-19 22:04 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-19 22:04 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2011-01-20 14:06 . 2011-02-19 22:04 834048 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:47 . 2011-02-19 22:04 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-01-13 10:20 . 2011-01-22 01:53 7844688 ----a-w- c:\progra~3\Microsoft\Windows Defender\Definition Updates\{9D13924F-173C-4FF4-8A8C-D68364DF9A1A}\mpengine.dll
    2011-01-08 09:03 . 2011-02-19 21:57 48128 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 08:47 . 2011-02-19 21:57 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-08 06:45 . 2011-02-19 21:57 367104 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-08 06:28 . 2011-02-19 21:57 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
    2010-12-31 14:16 . 2011-02-19 21:54 2757632 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 16:08 . 2011-01-20 01:15 466944 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-28 15:55 . 2011-01-20 01:15 413696 ----a-w- c:\windows\SysWow64\odbc32.dll
    2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
    2009-08-10 14:06 91576 ------w- c:\program files (x86)\BearShareTb\BearShareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files (x86)\BearShareTb\BearShareDx.dll" [2009-08-10 91576]
    .
    [HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 68856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
    "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2008-07-10 225396]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
    "LedKey"="CNYHKey.exe" [2008-04-24 339968]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-02-15 417792]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-02-16 71216]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "StartMSu"="c:\program files (x86)\Creative\MediaSource5\Startmsu.exe" [2006-10-02 81920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2008-10-30 319488]
    SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2008-10-30 335872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux3"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-02-08 79360]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-10-31 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-01-10 79360]
    R3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [2009-02-08 79360]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 DFU;DFU;c:\windows\system32\drivers\MassDfu.sys [2009-02-08 14592]
    R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [x]
    R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-02-16 467248]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
    R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
    S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]
    S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
    S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-02-16 53224]
    S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
    S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [x]
    S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 18:59]
    .
    2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 18:59]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
    "RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2006-11-02 46592]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 2114376]
    "RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-02-16 76360]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-02-16 2008640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
    Wow6432Node-HKCU-Run-Spyware Doctor with AntiVirus - c:\users\Brad\Desktop\sdasetup.exe
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    Wow6432Node-HKLM-Run-eRecoveryService - (no file)
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-Skytel - Skytel.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2960005529-3494219434-145418510-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2960005529-3494219434-145418510-1000\Software\SecuROM\License information*]
    "datasecu"=hex:98,dd,e8,1f,5b,4d,31,97,96,bd,f2,ac,2d,92,48,c0,b4,b0,78,1e,56,
    bd,86,ca,80,0a,8d,cf,82,70,bf,c2,45,16,ab,50,96,7c,cf,26,9b,e5,5b,e1,15,df,\
    "rkeysecu"=hex:b0,23,45,a0,be,86,b6,c3,34,c8,4a,39,79,40,4c,30
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2011-03-25 23:25:56
    ComboFix-quarantined-files.txt 2011-03-26 03:25
    .
    Pre-Run: 308,224,270,336 bytes free
    Post-Run: 308,483,801,088 bytes free
    .
    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - BEA922EE9160F887DC861511DF2F2DF8
     
  4. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Looks good.
    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  5. Vesp08

    Vesp08 TS Rookie Topic Starter

    I have ran OTL; also on regards of the redirections, they stopped after scanning with Malwarebyte, I believe the infected files are in quarantine in that program, anyways here are the logs from the OTL scan:

    OTL logfile created on: 3/26/2011 12:07:23 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Brad\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 688.87 Gb Total Space | 287.35 Gb Free Space | 41.71% Space Free | Partition Type: NTFS

    Computer Name: GAMING-PC | User Name: Brad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/26 00:05:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Downloads\OTL.exe
    PRC - [2011/02/16 00:49:39 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
    PRC - [2011/01/20 17:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
    PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2009/09/18 08:46:50 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2008/08/11 19:57:02 | 000,319,488 | ---- | M] () -- C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
    PRC - [2008/08/11 12:20:28 | 000,335,872 | ---- | M] (North Star com.) -- C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
    PRC - [2008/07/20 20:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/07/20 20:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/07/10 17:15:42 | 000,225,396 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
    PRC - [2008/05/30 13:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
    PRC - [2008/04/30 11:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/04/23 20:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
    PRC - [2008/02/01 14:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
    PRC - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    PRC - [2007/01/08 17:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/26 00:05:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Downloads\OTL.exe
    MOD - [2011/02/15 18:16:11 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\plugin_net.m32
    MOD - [2011/02/15 18:16:10 | 000,176,128 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\plugin_extra.m32
    MOD - [2011/02/15 18:16:04 | 000,286,720 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\plugin_nt.m32
    MOD - [2011/02/15 18:16:02 | 000,667,648 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\plugin_fragments.m32
    MOD - [2011/02/15 18:16:02 | 000,155,648 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\plugin_base.m32
    MOD - [2011/02/15 18:15:58 | 000,249,864 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\midas32.dll
    MOD - [2011/02/15 18:15:58 | 000,126,976 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\plugin_registry.m32
    MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2009/12/08 20:03:42 | 000,116,224 | ---- | M] (BitDefender SRL) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00065_003\leaktests.m32


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/02/16 00:48:31 | 000,467,248 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
    SRV:64bit: - [2011/02/16 00:44:16 | 002,613,744 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
    SRV:64bit: - [2011/02/16 00:41:23 | 000,053,224 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (UPDATESRV)
    SRV:64bit: - [2009/08/13 22:15:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2008/07/22 22:54:06 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
    SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/02/25 21:08:04 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2009/09/18 08:46:50 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/08 17:09:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe -- (Creative ALchemy AL1 Licensing Service)
    SRV - [2009/02/08 17:04:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe -- (Creative HOAL Licensing Service)
    SRV - [2008/10/30 21:57:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2008/07/20 20:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/04/30 11:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2008/01/09 20:27:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/08/20 18:42:04 | 000,115,280 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
    DRV:64bit: - [2010/08/20 15:42:08 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
    DRV:64bit: - [2010/07/09 15:08:16 | 000,388,168 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
    DRV:64bit: - [2010/06/28 12:55:44 | 001,040,976 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\avckf.sys -- (avckf)
    DRV:64bit: - [2010/06/28 12:55:38 | 000,692,816 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\avc3.sys -- (avc3)
    DRV:64bit: - [2010/05/13 16:52:08 | 000,162,896 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bdfm.sys -- (BDFM)
    DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2010/01/19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\bdvedisk.sys -- (Bdvedisk)
    DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/08/19 18:57:57 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/08/14 00:30:12 | 006,201,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/02/08 17:47:31 | 000,014,592 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MassDfu.sys -- (DFU)
    DRV:64bit: - [2008/08/14 17:30:10 | 000,335,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8187Se.sys -- (RTL8187Se)
    DRV:64bit: - [2008/08/12 20:13:23 | 000,181,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2008/07/20 20:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
    DRV:64bit: - [2008/06/13 04:41:54 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
    DRV:64bit: - [2008/06/04 02:06:54 | 000,204,288 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RTS5121.sys -- (RSUSBSTOR)
    DRV:64bit: - [2008/04/10 04:20:30 | 000,028,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
    DRV:64bit: - [2008/04/10 04:20:00 | 000,028,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64)
    DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV - [2009/02/08 17:47:31 | 000,014,592 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MassDfu.sys -- (DFU)
    DRV - [2008/06/11 14:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
    DRV - [2002/07/17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=fx6800-01e&c=BB
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 5D 2A 06 39 6F BC 49 A2 5D 05 5B B1 E2 6E D2 [binary data]
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 5D 2A 06 39 6F BC 49 A2 5D 05 5B B1 E2 6E D2 [binary data]
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 5D 2A 06 39 6F BC 49 A2 5D 05 5B B1 E2 6E D2 [binary data]

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 5D 2A 06 39 6F BC 49 A2 5D 05 5B B1 E2 6E D2 [binary data]

    IE - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 5D 2A 06 39 6F BC 49 A2 5D 05 5B B1 E2 6E D2 [binary data]
    IE - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
    FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.1.9
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="


    FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/01/22 17:13:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/25 16:16:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/25 16:16:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2011/01/22 17:13:32 | 000,000,000 | ---D | M]

    [2009/09/24 17:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Extensions
    [2011/03/25 16:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions
    [2010/05/01 03:25:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/05/01 03:25:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/11/08 14:47:07 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
    [2010/12/06 20:52:13 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    [2010/09/27 01:10:48 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions\searchtoolbar@zugo.com
    [2010/10/11 18:56:27 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\2el49alo.default\extensions\smartbookmarksbar@remy.juteau
    [2011/03/25 16:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/07/12 08:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}
    [2010/07/12 08:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b}
    [2010/05/09 02:21:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/01 16:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/01 22:07:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/01 17:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    File not found (No name found) --
    () (No name found) -- C:\USERS\BRAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2EL49ALO.DEFAULT\EXTENSIONS\FIREFOXADDON@SIMILARWEB.COM.XPI
    [2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/03/25 23:09:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
    O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShareTb\BearShareDx.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
    O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShareTb\BearShareDx.dll ()
    O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ietoolbar.dll (BitDefender S.R.L.)
    O3:64bit: - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
    O4:64bit: - HKLM..\Run: [Skytel] File not found
    O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
    O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-2960005529-3494219434-145418510-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2960005529-3494219434-145418510-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
    O4 - HKU\.DEFAULT..\RunOnce: [StartMSu] C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-18..\RunOnce: [StartMSu] C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe (Creative Technology Ltd)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.184.64.2 4.2.2.1
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Brad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Brad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
    Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/25 23:26:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\temp
    [2011/03/25 22:41:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/25 22:41:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/25 22:41:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/25 22:41:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/25 22:40:46 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/25 22:40:46 | 000,000,000 | ---D | C] -- \Qoobox
    [2011/03/25 22:40:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/25 22:40:23 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/03/25 22:40:23 | 000,000,000 | ---D | C] -- \32788R22FWJFW
    [2011/03/24 18:57:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Malwarebytes
    [2011/03/24 18:56:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/03/24 18:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/24 18:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/03/24 18:56:51 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/03/24 18:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/03/24 17:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2011/03/20 12:19:51 | 000,000,000 | ---D | C] -- C:\Users\Brad\FrostWire
    [2011/03/20 12:19:24 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
    [2011/03/20 03:03:44 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\uTorrent
    [2011/03/17 16:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
    [2011/03/17 16:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
    [2011/03/09 00:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
    [2011/02/27 02:14:42 | 000,000,000 | ---D | C] -- C:\RSII Rome-total war
    [2011/02/27 02:14:42 | 000,000,000 | ---D | C] -- \RSII Rome-total war
    [2011/02/26 23:00:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
    [2011/02/25 20:48:14 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\Chromium

    ========== Files - Modified Within 30 Days ==========

    [2011/03/25 23:39:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/25 23:09:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/03/25 22:37:05 | 004,302,838 | R--- | M] () -- C:\Users\Brad\Desktop\ComboFix.exe
    [2011/03/25 22:36:38 | 000,808,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/03/25 22:36:38 | 000,676,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/03/25 22:36:38 | 000,133,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/03/25 22:32:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/25 22:30:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
    [2011/03/25 22:30:18 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/25 22:30:18 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/25 22:30:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/25 22:30:08 | 3211,968,512 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/25 16:16:16 | 000,000,914 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/03/25 16:16:16 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/03/24 18:56:54 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/24 18:47:46 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/03/24 18:41:58 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\1578548090
    [2011/03/23 23:35:02 | 000,014,336 | ---- | M] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/22 23:42:10 | 000,001,185 | ---- | M] () -- C:\ProgramData\1422055281
    [2011/03/22 21:35:07 | 000,000,022 | ---- | M] () -- C:\ProgramData\7438ab0a
    [2011/03/22 19:05:11 | 000,000,144 | -HS- | M] () -- C:\ProgramData\1961426013
    [2011/03/20 12:19:24 | 000,001,066 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.4.lnk
    [2011/03/20 12:19:24 | 000,001,042 | ---- | M] () -- C:\Users\Brad\Desktop\FrostWire 4.21.4.lnk
    [2011/02/27 02:28:26 | 000,001,256 | ---- | M] () -- C:\Users\Public\Desktop\Roma Surrectum II Launcher.lnk

    ========== Files Created - No Company Name ==========

    [2011/03/25 22:41:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/25 22:41:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/25 22:41:36 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/25 22:41:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/25 22:41:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/25 22:35:47 | 004,302,838 | R--- | C] () -- C:\Users\Brad\Desktop\ComboFix.exe
    [2011/03/25 16:16:16 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/03/25 00:37:55 | 3211,968,512 | -HS- | C] () -- C:\hiberfil.sys
    [2011/03/25 00:37:55 | 3211,968,512 | -HS- | C] () --
    [2011/03/24 18:56:54 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/21 18:57:02 | 000,000,022 | ---- | C] () -- C:\ProgramData\7438ab0a
    [2011/03/21 18:36:40 | 000,001,185 | ---- | C] () -- C:\ProgramData\1422055281
    [2011/03/21 18:36:25 | 000,000,144 | -HS- | C] () -- C:\ProgramData\1961426013
    [2011/03/20 20:09:13 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\1578548090
    [2011/03/20 12:19:24 | 000,001,066 | ---- | C] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.4.lnk
    [2011/03/20 12:19:24 | 000,001,042 | ---- | C] () -- C:\Users\Brad\Desktop\FrostWire 4.21.4.lnk
    [2011/03/17 16:53:03 | 000,703,488 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
    [2011/03/17 16:53:03 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
    [2011/03/17 16:53:03 | 000,095,232 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
    [2011/03/17 16:53:02 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/03/17 16:53:02 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/03/17 16:53:02 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
    [2011/02/27 02:28:26 | 000,001,256 | ---- | C] () -- C:\Users\Public\Desktop\Roma Surrectum II Launcher.lnk
    [2011/01/22 18:14:53 | 000,000,090 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\wklnhst.dat
    [2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/07/12 09:57:47 | 004,194,322 | ---- | C] () -- \memory_map.tga
    [2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
    [2010/06/22 00:47:36 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
    [2010/02/17 23:45:34 | 000,000,025 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\bdfvconp.ini
    [2010/01/30 18:33:16 | 000,001,460 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps64.dat
    [2009/12/20 20:18:51 | 000,001,306 | ---- | C] () -- C:\Windows\WinInit.Ini
    [2009/09/24 17:43:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2009/08/17 00:24:38 | 000,014,336 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/07/09 18:37:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/07/09 18:37:17 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/07/09 18:36:50 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/01/12 16:02:27 | 000,001,039 | ---- | C] () -- C:\Windows\eReg.dat
    [2009/01/10 17:26:18 | 000,214,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2009/01/10 17:25:55 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2009/01/10 17:25:55 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2009/01/06 23:32:20 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
    [2009/01/04 05:37:33 | 000,786,440 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2008/12/28 01:54:18 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2008/10/30 22:02:53 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe
    [2008/10/30 22:02:53 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
    [2008/10/30 22:02:53 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
    [2008/10/30 22:02:53 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
    [2008/10/30 21:54:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/10/30 21:48:48 | 3525,718,016 | -HS- | C] () --
    [2008/09/19 01:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
    [2008/09/19 01:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
    [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008/01/09 20:29:25 | 000,001,324 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
    [2008/01/09 20:29:25 | 000,001,269 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
    [2008/01/09 20:28:57 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2008/01/09 20:28:57 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2008/01/09 19:37:33 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
    [2008/01/09 19:37:32 | 000,333,257 | RHS- | C] () -- \bootmgr
    [2008/01/09 19:34:38 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
    [2007/12/06 03:53:48 | 000,001,209 | R--- | C] () -- C:\Windows\xfiskcfg.ini
    [2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    ========== LOP Check ==========

    [2011/01/22 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\BitDefender
    [2010/04/13 15:41:01 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Canon
    [2011/03/21 20:39:55 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\FrostWire
    [2009/11/08 01:31:27 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\MusicNet
    [2011/01/22 16:11:54 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\QuickScan
    [2011/01/22 18:14:57 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Template
    [2011/02/25 20:46:35 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\The Creative Assembly
    [2011/03/20 03:12:51 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\uTorrent
    [2011/03/25 16:39:31 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2011/03/25 16:39:28 | 000,121,943 | ---- | M] () -- C:\bdlog.txt
    [2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/01/09 19:37:33 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/03/25 23:26:06 | 000,026,692 | ---- | M] () -- C:\ComboFix.txt
    [2011/03/25 22:30:08 | 3211,968,512 | -HS- | M] () -- C:\hiberfil.sys
    [2008/01/09 21:00:22 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
    [2010/07/12 10:30:46 | 004,194,322 | ---- | M] () -- C:\memory_map.tga
    [2011/03/25 22:30:06 | 3525,718,016 | -HS- | M] () -- C:\pagefile.sys
    [2008/10/30 22:09:29 | 000,000,163 | ---- | M] () -- C:\power2go.log
    [2008/01/09 20:22:29 | 000,000,787 | ---- | M] () -- C:\RHDSetup.log
    [2009/09/22 14:49:14 | 000,001,862 | ---- | M] () -- C:\tracert.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/09 18:57:28 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/06/15 01:31:54 | 000,000,286 | -HS- | M] () -- C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/25 22:37:05 | 004,302,838 | R--- | M] () -- C:\Users\Brad\Desktop\ComboFix.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/11/27 19:03:02 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/11/27 19:02:28 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/11/27 19:02:28 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/11/27 19:02:28 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/11/27 19:02:28 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2010/11/27 19:02:28 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/12/27 19:47:37 | 000,000,402 | -HS- | M] () -- C:\Users\Brad\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/03/22 23:42:10 | 000,001,185 | ---- | M] () -- C:\ProgramData\1422055281
    [2011/03/22 19:05:11 | 000,000,144 | -HS- | M] () -- C:\ProgramData\1961426013
    [2011/03/22 21:35:07 | 000,000,022 | ---- | M] () -- C:\ProgramData\7438ab0a
    [2011/01/22 17:16:14 | 000,126,975 | ---- | M] () -- C:\ProgramData\bdinstall.bin
    [2011/01/22 16:56:52 | 000,005,316 | ---- | M] () -- C:\ProgramData\search_result.xml

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:DE65571A

    < End of report >
     
  6. Vesp08

    Vesp08 TS Rookie Topic Starter

    OTL Extras logfile created on: 3/26/2011 12:07:23 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Brad\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 688.87 Gb Total Space | 287.35 Gb Free Space | 41.71% Space Free | Partition Type: NTFS

    Computer Name: GAMING-PC | User Name: Brad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = B7 D0 6F 60 0D 01 CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04CAD7FE-68A4-475F-8B29-3C99B97A7341}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{09F8D613-5B6F-4A2F-94F5-80B79A1E110C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0F5812D7-62EC-42EB-B7B6-5C163B7E6A10}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{118CF074-A3F1-42F7-9445-4B22346776F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{16DAD898-FD4C-4DED-ACDB-6CD450EE8763}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1756FEC2-807F-4513-8AA1-BDD855C0EBCC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{17676599-0395-46AA-B231-5FB3807CDB19}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{18EDAB3C-177B-43BB-BA78-AD8E2E107440}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{1D889E22-43F8-4D5E-A882-2C97C007117C}" = rport=139 | protocol=6 | dir=out | app=system |
    "{1F4D5191-F6D0-44AC-BFD7-13E60CB8EA3A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2302C42B-E258-4AF3-8529-899C7E9E0036}" = rport=137 | protocol=17 | dir=out | app=system |
    "{324D58E0-F2F0-473E-BC77-B2893DDA044A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{399420AB-00AE-4E35-A14A-E6FB223050C1}" = lport=139 | protocol=6 | dir=in | app=system |
    "{3B8215CD-4892-4273-BDF8-F67903C1BB4C}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{3D4E1CE4-A759-4F35-B4CB-14D985B43756}" = rport=138 | protocol=17 | dir=out | app=system |
    "{54CE298E-6EE0-476A-BDD1-DB9C088DE317}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{60EBBDAD-67A8-4A8C-BDC4-30A425FB5B36}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{625CDF63-3251-4E7C-9BFA-777B361307DB}" = lport=138 | protocol=17 | dir=in | app=system |
    "{82E1A692-4CE7-4990-9290-73A2FD70737A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{91C7B99D-30D4-4A55-9351-DA519BDBCB94}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{950F76FE-0F4B-4672-B95E-D5D1CA7BDEE0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{952F5118-8F80-44A7-9850-F10CE2AB3B6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9AEE8512-A9E2-4F3D-AD23-A80A419B2C34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9E67EEA3-B3B0-4A17-BE11-FBE21BE0FEDD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{B865BC56-4754-4B87-BDB8-8B37C5CB5B56}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{BD471AA5-EFF0-444B-9C4F-2D5A43F5F4E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{C0FD2849-4455-459A-A59D-77D11D7C6CBB}" = lport=445 | protocol=6 | dir=in | app=system |
    "{C83C18B2-E20E-4A2F-94A5-0A8CF5CD8A90}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C914DE17-25F4-459D-97F3-B73613BEB632}" = rport=445 | protocol=6 | dir=out | app=system |
    "{E1F7AF78-12C5-417D-838B-6F99B157F52A}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{EE40EF5A-450D-4C76-A44D-78A270FBE4DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{F1E812AD-7DD5-46D2-995E-EC7C2F783474}" = lport=137 | protocol=17 | dir=in | app=system |
    "{FD99692E-40B6-4051-A4E9-A5425F601E7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{077103D0-CE2F-48D8-BFEC-E1AF1D277F68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
    "{09DDD87A-17C4-442C-B775-FC7840C9272A}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
    "{0F022817-2717-45F6-80A5-BF9E49DB595E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{12935D87-5E10-40A5-B2DC-42F617AE637F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{13EB0188-5287-4CC4-81A2-32A707570A78}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{192A9504-F86F-4251-9E1F-CFADF56C703B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{1ED57B85-5A85-4FC0-93D9-1DCCE0956FD4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1FD876E1-5AEA-4FC5-8A20-AC36A0909B84}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{228146BD-6B89-49DB-8789-BB1956EE73EE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{28B5CF5D-3321-436D-98DE-B7711A681924}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{2F686A57-2CBD-4C3D-AB85-AB3A49746FC1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{30A66F3A-E39E-4E27-89CD-C3B57E49992B}" = dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\roaming\f7fc.tmp |
    "{3177A52D-4B2B-4EA5-8818-E2DC3F11E5E1}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |
    "{3A1C69C5-1776-403F-900D-9C7611C324A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2 demo\shogun2.exe |
    "{3C184524-F56C-42F7-BAC3-265B89CC4897}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
    "{45393F27-9258-424E-97D2-5735743C647C}" = dir=in | app=c:\windows\syswow64\htui32.exe |
    "{483B322E-39C8-4CC9-AAE4-91B8FAAB2ED9}" = dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\roaming\f7fc.tmp |
    "{5C553EAB-7B12-4E72-A51F-228B03BB9627}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
    "{5D29A5CE-45A9-4C9F-9E28-FC1214F35855}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5EDF22F5-FD7E-4FD0-973C-4EF6EFA56FA4}" = protocol=6 | dir=out | app=system |
    "{6589F67F-49C6-4D59-99AA-12B3A58476B6}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
    "{65BFD363-A0F6-4336-8633-7A817C2E2BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{68194C96-BF22-4BF8-8490-0D15B2DF5299}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |
    "{6837E46F-96AF-447F-9800-AC23A586885C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6994AC18-0247-490D-8FEF-0622723D69CA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{6FCC72F5-FB37-4F3D-9196-C291FEFE0C03}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
    "{712073FB-102C-4511-8C61-42E94A7A3B58}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
    "{71617B10-95DC-4B3B-A129-DCF38DE6B08E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{71A94F8C-7CFF-4DFB-922D-EA1BD0D73A2B}" = dir=in | app=c:\windows\syswow64\htui32.exe |
    "{71ED500F-2E00-4DD9-8883-23DBEADD6236}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
    "{72147EBB-0F26-4EAA-9FA7-F813D39AE0F1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{72175200-CE64-4AEB-9BA8-059AFF5F9076}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{736D0B17-412C-418E-8992-70C0F8819C97}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
    "{78CE9A28-46FF-4FF2-A21D-D804E2ED8E42}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{7CDB76DA-01D2-4DD3-80F2-8F1FF12361B4}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
    "{7E484E9E-858E-4665-9152-281B4696D971}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
    "{82139623-FBE9-4931-95CF-6D8BDC4C1E44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{87B8A19C-0AA7-41BB-A08B-014FC428077C}" = dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\roaming\f7fc.tmp |
    "{892C127B-A10C-4198-9B19-A282E0A8292A}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
    "{8B44D02C-04F7-4A0C-AE5F-4DB46F344B55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8E5F767B-F270-4D9D-BC68-02F378335D16}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{94D2042D-E51E-464D-806D-069E81FCCACA}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
    "{9627BAC7-96CB-49F8-92F9-C6387046876D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{99022F01-F258-47E2-B7F0-51C8416ED91F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9E95F42A-1EBB-4AC6-B6B7-9713BF29B60A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{A945518F-8DB5-45CB-8352-60E19A898BBC}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
    "{A9FEB3FE-8E8F-4BFB-B457-E80E423E4CB9}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{AA9751EC-6086-4E04-8143-C618AEA60C99}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{AD56B372-2A4D-4D74-8247-4783712E1B4B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{B272C5CC-DFF2-4DA5-B7BE-5558ADD40C14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BC906961-EB72-41ED-9726-1C3DB6AB6BCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BD387047-1658-4EC5-ACBD-953E3FC421EF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{C1399815-BC49-40E3-80E0-34E06FBA463B}" = dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\roaming\f7fc.tmp |
    "{C78F1435-A33A-4BCE-9FF9-3AC2FF840E09}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C9F35F07-03C7-4990-A0F0-43CC6F0587BE}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{CAD1919A-850A-42D3-B064-5948FFF93AE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2 demo\shogun2.exe |
    "{CBFD2284-A238-4591-B60F-53DA8C5210F5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
    "{CC6962EC-13FD-4930-BE4A-99A9FCA6F875}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{CDA01406-8C5B-4E24-B951-1A54BFDD9812}" = dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\roaming\f7fc.tmp |
    "{CDF16877-A107-4A07-8381-E0A007CD5045}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{CFF70F50-629C-4066-B77C-44CAAE72D70C}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
    "{D1D8B19D-B899-4559-8F4C-008CEC1DC8C0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D8A96F57-8223-4F4A-84AF-EC271A294B2E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{DB9BFFD1-4776-456A-A093-399AB03BEE36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{DCC957FA-445E-4590-8605-06BA52E88C05}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
    "{EB4FE387-089E-47B2-845E-EF09E65488B1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{F628DD43-2BA6-4E87-9C74-D03A315E60DE}" = dir=in | app=c:\windows\syswow64\htui32.exe |
    "{F63588FF-D3A0-4892-8507-0E721AD0D0AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F69E853B-812F-4441-97A5-5B117245E085}" = dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\roaming\f7fc.tmp |
    "{F750B49E-37D8-4966-82F5-ED84397017ED}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{FDE58C6C-6398-49F1-9823-5F990C891721}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{FFBA4D97-CBA3-476C-AE85-6CC2D7B60581}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
    "TCP Query User{425F94D8-3DDF-4A0C-820C-A2EC0CE9B3D6}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "TCP Query User{518AF126-6F3F-4D32-AF24-8BFA91B5C76C}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
    "TCP Query User{7F9CB34A-64E2-4350-A799-A3C7702A993F}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
    "TCP Query User{DF61BFFE-4AA7-48E9-B454-BCC6C5F5D877}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
    "TCP Query User{F6461F28-2064-483C-A27A-4686651BCFBF}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
    "UDP Query User{3D5E82D8-9351-4C0B-8B37-3810A424E4A9}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
    "UDP Query User{57DF07D4-0B15-46E1-BC2A-1E5236C0581C}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "UDP Query User{600A17F6-E3C0-4AB3-815F-2DFDA639C2AB}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
    "UDP Query User{EB36B43C-5319-4CEB-972A-A2DA5BE17660}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
    "UDP Query User{F0FF4EC0-229B-4215-A432-BAD18E189EE2}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5A2935F1-137E-454C-B4F8-C379709449E9}" = BitDefender Total Security 2011
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
    "BitDefender" = BitDefender Total Security 2011
    "Explorer Suite_is1" = Explorer Suite III
    "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PROSet" = Intel(R) Network Connections Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
    "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
    "{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{51D386C4-0227-46A9-AC45-61F0A50E7AFF}" = Rome - Total War
    "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
    "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
    "{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
    "{5B3A354B-C059-4861-A85B-CA46F1089E15}" = Creative USB Headsets
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9FC210CF-1637-4125-A1CB-A8E04E9B0B37}" = Aion
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
    "{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
    "{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C7E99FEB-A620-40B0-9B37-4410738B351E}" = Sound Blaster X-Fi MB
    "{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
    "{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
    "{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition
    "{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver
    "{EFC1B3CA-9B90-458D-AD7A-A0F2CD6F4A84}" = Realtek Card Reader
    "{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "ALchemy" = Creative ALchemy
    "ALchemy X-Fi" = Creative ALchemy (X-Fi Edition)
    "bearsharetb" = MediaBar
    "Canon MP240 series User Registration" = Canon MP240 series User Registration
    "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "CRI-Squad-Alpha-0.9.3.5" = CRI-Squad-Alpha-0.9.3.5
    "DarthMod Ultimate Commander Edition" = DarthMod Ultimate Commander Edition
    "EADM" = EA Download Manager
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Fallout Mod Manager_is1" = Fallout Mod Manager 0.10.3
    "FrostWire" = FrostWire 4.21.4
    "Game Booster_is1" = Game Booster
    "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Money2007b" = Microsoft Money Essentials
    "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
    "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PunkBusterSvc" = PunkBuster Services
    "Search Toolbar" = Search Toolbar
    "Sins of a Solar Empire" = Sins of a Solar Empire
    "Steam App 10500" = Empire: Total War
    "Steam App 10600" = Empire: Total War - Special Forces Unit
    "Steam App 22380" = Fallout: New Vegas
    "Steam App 34350" = Total War: SHOGUN 2 Demo
    "SysInfo" = Creative System Information
    "Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
    "WildTangent gateway Master Uninstall" = Gateway Games
    "WinLiveSuite" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft
    "Xvid Video Codec 1.3.0" = Xvid Video Codec

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2960005529-3494219434-145418510-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client
    "DarthMod Ultimate Commander Edition " = DarthMod Ultimate Commander Edition
    "Dragon Age Awakening Redesigned" = Dragon Age Awakening Redesigned
    "Dragon Age Awakening Velanna Redesigned©" = Dragon Age Awakening Velanna Redesigned©
    "Dragon Age Redesigned © Morrigan" = Dragon Age Redesigned © Morrigan
    "Dragon Age Redesigned Fixes" = Dragon Age Redesigned Fixes
    "Dragon Age Redesigned Oghren©" = Dragon Age Redesigned Oghren©
    "Dragon Age Redesigned©" = Dragon Age Redesigned©
    "Dragon Age Redesigned© Zevran" = Dragon Age Redesigned© Zevran
    "Dragon Age Redesigned© Leliana" = Dragon Age Redesigned© Leliana
    "Dragon Age Redesigned© Sten" = Dragon Age Redesigned© Sten
    "Dragon Age Redesigned© Wynne" = Dragon Age Redesigned© Wynne

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/29/2009 3:48:45 PM | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 3/24/2011 8:31:30 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 3/24/2011 8:31:30 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 3/24/2011 8:31:30 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 3/24/2011 8:31:30 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 3/24/2011 8:31:30 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 3/25/2011 10:10:53 AM | Computer Name = Gaming-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.100 for the Network Card with network
    address 002268384455 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 3/25/2011 10:34:59 AM | Computer Name = Gaming-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.100 for the Network Card with network
    address 002268384455 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 3/25/2011 10:56:08 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 3/25/2011 11:05:52 PM | Computer Name = Gaming-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 3/25/2011 11:09:53 PM | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7030
    Description =


    < End of report >
     
  7. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
      O4:64bit: - HKLM..\Run: [Skytel] File not found
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:DE65571A
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  8. Vesp08

    Vesp08 TS Rookie Topic Starter

    I have followed those steps; I have the OTL and checkup logs; Eset didn't produce any log.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
    C:\Windows\Updreg.EXE moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Skytel deleted successfully.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\ProgramData\webex\ieatgpc.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ADS C:\ProgramData\TEMP:DE65571A deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Brad
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 156879 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 45201802 bytes
    ->Flash cache emptied: 2099 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 268 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 219534 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 43.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Brad
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03262011_004908

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    Results of screen317's Security Check version 0.99.7
    Windows Vista (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9.4.3
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    BitDefender BitDefender 2011 vsserv.exe
    BitDefender BitDefender 2011 bdagent.exe
    BitDefender BitDefender 2011 updatesrv.exe
    BitDefender BitDefender 2011 pchooklaunch64.exe
    BitDefender BitDefender 2011 Antispam32 pchooklaunch32.exe
    BitDefender BitDefender 2011 downloader.exe
    ``````````End of Log````````````
     
  9. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Uninstall:
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5


    ======================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  10. Vesp08

    Vesp08 TS Rookie Topic Starter

    I've ran into a problem, I removed java 6 update 5 just fine but when I try to uninstall java 6 update 3 I keep getting an error 1719, windows installer service could not be accessed.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Leave it alone then...
     
  12. Vesp08

    Vesp08 TS Rookie Topic Starter

    I have ran the reset system restore OTL here is the log:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Brad
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 292177 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 53797284 bytes
    ->Flash cache emptied: 1057 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 66423 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 232216 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 52.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Brad
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.22.3 log created on 03262011_144815

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  13. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Whenever ready....
     
  14. Vesp08

    Vesp08 TS Rookie Topic Starter

    My computer seems to be running great again, haven't had any misdirections since malwarebyte first quarantined those files, bitdefender is no longer identifying the virus it was before, everything seems to be good; I downloaded and ran the processes you recommended and am defragging atm, hopefully all will continue to be well; Thank you very much for the help this redirection virus really had me at a loss so I really appreciate the help.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...