Solved C:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner)

H

hanz99

Posts: 14   +0
I have a PUP.BitMiner. I try to remove it use mbam, but it come back. Below are mbam . Can you help??

Hanz

Malwarebytes Anti-Malware 1.60.0.1600
www.malwarebytes.org

Database version: v2012.01.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TEST :: BOAT [limited]

1/15/2012 8:30:20 AM
mbam-log-2012-01-15 (08-30-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 669008
Time elapsed: 30 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.

(end)
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Step 1 completed: (avast)
Step 2 complete: log follows:

What next??

Hanz

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TEST :: BOAT [limited]

1/16/2012 6:04:14 AM
mbam-log-2012-01-16 (06-04-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181334
Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Step 3 complete: no log
Step 4 compete: logs follow:

Hanz

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by TEST at 6:21:27 on 2012-01-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8099.6517 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\vVX1000.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe
C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\ShopSafe\ShopSafe.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Windows\SysWOW64\obroker.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel Desktop Utilities\iptray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ShopSafeBrowserHelper Class: {333f6b96-3992-4d58-a499-145a10fe48c3} - C:\Program Files (x86)\ShopSafe\BhoSSafe.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [ShopSafe] C:\PROGRA~2\ShopSafe\ShopSafe.exe /dontopenmycards
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [RemoteControl11] "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ipTray.exe] "C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe"
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [DVDFab Passkey] "C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe"
StartupFolder: C:\Users\TEST\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CHECKF~1.LNK - C:\Jts\WiseUpdt.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 172.16.105.1
TCP: Interfaces\{797E6F32-F9AA-462F-97A4-4B2CD5BB8152} : DhcpNameServer = 172.16.105.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: ShopSafeBrowserHelper Class: {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\Program Files (x86)\ShopSafe\BhoSSafe.dll
BHO-X64: ShopSafe Shared Browser Helper Object - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [ShopSafe] C:\PROGRA~2\ShopSafe\ShopSafe.exe /dontopenmycards
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun-x64: [RemoteControl11] "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ipTray.exe] "C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe"
mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
AppInit_DLLs-X64: acaptuser32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\alxzbf1v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\ShopSafe\components\SlimOrbAddonShopSafe.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 Sahdad64;HDD Filter Driver;C:\Windows\system32\Drivers\Sahdad64.sys --> C:\Windows\system32\Drivers\Sahdad64.sys [?]
R0 Saibad64;Volume Filter Driver;C:\Windows\system32\Drivers\Saibad64.sys --> C:\Windows\system32\Drivers\Saibad64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\system32\Drivers\SaibVdAd64.sys --> C:\Windows\system32\Drivers\SaibVdAd64.sys [?]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/08/23 17:03:24];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-8-23 148976]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-16 44768]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-8-23 83240]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-8-23 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-8-23 312616]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R2 IduService;Intel(R) Desktop Utilities Service;C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe [2011-8-19 132808]
R2 Intel(R) Desktop Boards FSC Application Service;Intel(R) Desktop Boards FSC Application Service;C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe [2011-8-19 61440]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-8-23 75248]
R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2011-9-18 3271496]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-7-18 632792]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-25 2656536]
R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
R3 cpuio;CPUIO Service;C:\Windows\SysWOW64\drivers\cpuiox64.sys [2011-11-30 15384]
R3 dvdfab;dvdfab;C:\Windows\system32\drivers\dvdfab.sys --> C:\Windows\system32\drivers\dvdfab.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 USA49WG;USA49WG;C:\Windows\system32\DRIVERS\USA49WGx64.sys --> C:\Windows\system32\DRIVERS\USA49WGx64.sys [?]
R3 USA49WGP;USA49WGP;C:\Windows\system32\DRIVERS\USA49WGx64p.SYS --> C:\Windows\system32\DRIVERS\USA49WGx64p.SYS [?]
S1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;C:\Windows\System32\regw2.exe [2012-1-13 833342]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 ICDUSB3;ICDUSB3;C:\Windows\system32\Drivers\ICDUSB3.sys --> C:\Windows\system32\Drivers\ICDUSB3.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011c\RpcAgentSrv.exe [2011-7-4 93848]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-01-16 11:03:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-16 11:03:29 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-16 11:03:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-16 10:20:31 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-01-16 10:20:30 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-01-16 10:20:25 41184 ----a-w- C:\Windows\avastSS.scr
2012-01-16 02:43:18 -------- d-----w- C:\Users\TEST\AppData\Roaming\FixTDSS
2012-01-13 20:59:37 -------- d-----w- C:\Users\TEST\AppData\Roaming\Nuance
2012-01-13 20:59:37 -------- d-----w- C:\Users\TEST\AppData\Roaming\FLEXnet
2012-01-13 20:58:33 -------- d-----w- C:\Program Files (x86)\Common Files\IVA
2012-01-13 20:58:29 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance
2012-01-13 20:58:13 -------- d-----w- C:\ProgramData\Nuance
2012-01-13 20:58:13 -------- d-----w- C:\Program Files (x86)\Nuance
2012-01-13 20:55:36 833342 ----a-w- C:\Windows\SysWow64\regw2.exe
2012-01-11 00:25:05 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-11 00:25:05 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-11 00:25:05 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 00:25:04 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-07 17:39:09 -------- d-----w- C:\ProgramData\AVAST Software
2012-01-07 17:39:09 -------- d-----w- C:\Program Files\AVAST Software
2012-01-06 02:39:35 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-01-04 19:44:46 -------- d-----w- C:\Windows\System32\MpEngineStore
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-12-23 20:59:57 -------- d-----w- C:\ProgramData\PC Tools
2011-12-23 20:43:59 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-12-19 03:18:26 -------- d-----we C:\Windows\system64
2011-12-19 02:43:21 580096 ----a-w- C:\Windows\System32\ac3filter64.acm
2011-12-19 02:43:21 -------- d-----w- C:\Program Files (x86)\AC3Filter
2011-12-19 02:36:15 -------- d-----w- C:\Windows\SysWow64\custom matrices
2011-12-19 02:36:14 -------- d-----w- C:\Windows\SysWow64\QuickTime
2011-12-19 02:36:14 -------- d-----w- C:\Windows\SysWow64\C2MP
.
==================== Find3M ====================
.
2011-11-30 19:55:36 557056 ----a-w- C:\Windows\System32\LAVVideo.ax
2011-11-30 19:55:36 550912 ----a-w- C:\Windows\System32\LAVSplitter.ax
2011-11-30 19:55:32 241664 ----a-w- C:\Windows\System32\LAVAudio.ax
2011-11-30 19:55:30 200192 ----a-w- C:\Windows\System32\libbluray.dll
2011-11-30 19:55:24 951794 ----a-w- C:\Windows\System32\avformat-lav-53.dll
2011-11-30 19:55:24 362454 ----a-w- C:\Windows\System32\swscale-lav-2.dll
2011-11-30 19:55:24 200604 ----a-w- C:\Windows\System32\avutil-lav-51.dll
2011-11-30 19:55:24 115305 ----a-w- C:\Windows\System32\avfilter-lav-2.dll
2011-11-30 19:55:22 6433576 ----a-w- C:\Windows\System32\avcodec-lav-53.dll
2011-11-30 19:53:40 458752 ----a-w- C:\Windows\SysWow64\LAVSplitter.ax
2011-11-30 19:53:40 437248 ----a-w- C:\Windows\SysWow64\LAVVideo.ax
2011-11-30 19:53:36 211968 ----a-w- C:\Windows\SysWow64\LAVAudio.ax
2011-11-30 19:53:34 171008 ----a-w- C:\Windows\SysWow64\libbluray.dll
2011-11-30 19:53:26 957031 ----a-w- C:\Windows\SysWow64\avformat-lav-53.dll
2011-11-30 19:53:26 6244574 ----a-w- C:\Windows\SysWow64\avcodec-lav-53.dll
2011-11-30 19:53:26 337369 ----a-w- C:\Windows\SysWow64\swscale-lav-2.dll
2011-11-30 19:53:26 197696 ----a-w- C:\Windows\SysWow64\avutil-lav-51.dll
2011-11-30 19:53:26 127340 ----a-w- C:\Windows\SysWow64\avfilter-lav-2.dll
2011-11-30 09:54:05 76288 ----a-w- C:\Windows\SysWow64\EfiVar64.dll
2011-11-30 09:54:05 18200 ----a-w- C:\Windows\SysWow64\drivers\variable64.sys
2011-11-30 09:54:05 18200 ----a-w- C:\Windows\System32\drivers\variable64.sys
2011-11-30 09:54:05 15384 ----a-w- C:\Windows\SysWow64\drivers\cpuiox64.sys
2011-11-30 09:54:05 15384 ----a-w- C:\Windows\System32\drivers\cpuiox64.sys
2011-11-20 11:46:26 4480512 ----a-w- C:\Windows\System32\ffdshow.ax
2011-11-20 11:43:36 3563520 ----a-w- C:\Windows\SysWow64\ffdshow.ax
2011-11-20 11:36:10 4031488 ----a-w- C:\Windows\System32\ffmpeg.dll
2011-11-20 11:34:48 3900928 ----a-w- C:\Windows\SysWow64\ffmpeg.dll
2011-11-20 11:19:08 473600 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
2011-11-20 11:18:18 630272 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
2011-11-20 11:17:48 159232 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll
2011-11-20 11:17:46 358400 ----a-w- C:\Windows\System32\ff_libfaad2.dll
2011-11-20 11:17:46 183808 ----a-w- C:\Windows\System32\ff_unrar.dll
2011-11-20 11:17:46 155648 ----a-w- C:\Windows\System32\ff_libmad.dll
2011-11-20 11:17:46 112128 ----a-w- C:\Windows\System32\ff_wmv9.dll
2011-11-20 11:17:44 221696 ----a-w- C:\Windows\System32\ff_libdts.dll
2011-11-20 11:17:44 1531904 ----a-w- C:\Windows\System32\ff_samplerate.dll
2011-11-20 11:17:42 114688 ----a-w- C:\Windows\System32\ff_liba52.dll
2011-11-20 11:17:40 189440 ----a-w- C:\Windows\System32\libmpeg2_ff.dll
2011-11-20 11:09:44 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-11-20 11:07:24 259584 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll
2011-11-20 11:07:06 133632 ----a-w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
2011-11-20 11:07:04 97280 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll
2011-11-20 11:07:04 158720 ----a-w- C:\Windows\SysWow64\ff_unrar.dll
2011-11-20 11:07:02 211456 ----a-w- C:\Windows\SysWow64\ff_libdts.dll
2011-11-20 11:07:02 1524224 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll
2011-11-20 11:07:02 145920 ----a-w- C:\Windows\SysWow64\ff_libmad.dll
2011-11-20 11:07:02 113664 ----a-w- C:\Windows\SysWow64\ff_liba52.dll
2011-11-20 11:07:00 327680 ----a-w- C:\Windows\SysWow64\ff_libfaad2.dll
2011-11-20 11:06:58 136704 ----a-w- C:\Windows\SysWow64\libmpeg2_ff.dll
2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-22 20:42:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 6:23:21.31 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 6/25/2011 10:05:49 AM
System Uptime: 1/16/2012 5:56:30 AM (1 hours ago)
.
Motherboard: Intel Corporation | | DH67CF
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 195 GiB total, 115.668 GiB free.
D: is FIXED (NTFS) - 736 GiB total, 116.922 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 931 GiB total, 98.96 GiB free.
G: is FIXED (NTFS) - 0 GiB total, 0.068 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP110: 1/14/2012 5:14:36 PM - Scheduled Checkpoint
RP111: 1/14/2012 11:10:34 PM - Windows Backup
RP112: 1/14/2012 11:19:22 PM - Windows Backup
RP113: 1/14/2012 11:40:47 PM - Windows Backup
RP114: 1/16/2012 5:20:16 AM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
.
AC3Filter 1.63b
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Aimersoft DVD Creator(Build 2.5.2.15)
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.80
Ask Toolbar
avast! Free Antivirus
AXIS Media Control SDK 6.0.2
Canon MP Navigator EX 1.0
CinemaNow Media Manager
Coastal Explorer
CyberLink PowerDVD 11
Data Lifeguard Diagnostic for Windows 1.22
Digital Voice Editor 3
Directory Toolkit
Dragon NaturallySpeaking 11
dupeGuru
DVD Shrink 3.2
DVDFab Passkey 8.0.2.6 (17/03/2011)
EZ Viewer 3.0
Franson SerialTools RunTime
High-Definition Video Playback 10
HiJackThis
Intel(R) Control Center
Intel(R) Desktop Utilities
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 29
K-Lite Mega Codec Pack 7.1.0
Keyspan USB 2.0 4-Port Serial Adapter
Lan Lights
Malwarebytes Anti-Malware version 1.60.0.1800
Media Player Codec Pack 4.1.2
Microsoft Corporation
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Reader
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MozBackup 1.5.1
Mozilla Firefox 9.0.1 (x86 en-US)
Mozilla Thunderbird (8.0)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NavMonPc 1.10
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
PL-2303 USB-to-Serial
PokerStars.net
QuickTime
Reader Studio 1.5a
Realtek High Definition Audio Driver
RegCure
Registry Mechanic 10.0
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
ShopSafe
Skype™ 3.6
SmartSound Quicktracks Plugin
Snagit 10
Spybot - Search & Destroy
STG FolderPrint Plus 3.83
System Requirements Lab for Intel
Trader Workstation
Trader Workstation 4.0
Ugrib RC1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VLC media player 1.1.11
Winamp
WinRAR archiver
WinZip 12.0
WXTide32
Xilisoft Video Converter Ultimate
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 2:28:48 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.
1/9/2012 2:28:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
1/9/2012 10:54:28 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
1/16/2012 5:57:06 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
1/16/2012 5:57:00 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/16/2012 5:56:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bizVSerial SBRE
1/16/2012 5:56:58 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/16/2012 5:56:58 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/16/2012 5:56:57 AM, Error: Service Control Manager [7000] - The FLEXnet Licensing Manager for Adobe Products service failed to start due to the following error: The system cannot find the file specified.
1/16/2012 5:56:52 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
1/16/2012 5:56:41 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\bizVSerialNT.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/16/2012 5:56:41 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\drivers\SBREdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/16/2012 5:37:27 AM, Error: Service Control Manager [7022] - The Intel(R) Management and Security Application User Notification Service service hung on starting.
1/16/2012 5:37:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/16/2012 5:35:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
1/16/2012 5:35:22 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/16/2012 5:32:46 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
1/14/2012 3:20:09 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user BOAT\TEST SID (S-1-5-21-346988686-1374381299-2349832999-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 3:20:09 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user BOAT\TEST SID (S-1-5-21-346988686-1374381299-2349832999-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 12:09:03 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/14/2012 10:50:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/14/2012 10:50:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/14/2012 10:50:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/14/2012 10:50:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/14/2012 10:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/14/2012 10:50:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bizVSerial discache SaibVdAd64 SBRE spldr Wanarpv6
1/14/2012 10:50:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/14/2012 10:37:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
1/14/2012 10:37:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/13/2012 3:58:48 PM, Error: Service Control Manager [7030] - The Dragon Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Here is copy of aswmbr and bootkit.

Hanz

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-16 12:50:16
-----------------------------
12:50:16.648 OS Version: Windows x64 6.1.7601 Service Pack 1
12:50:16.648 Number of processors: 8 586 0x2A07
12:50:16.648 ComputerName: BOAT UserName: TEST
12:50:17.319 Initialize success
12:50:17.615 AVAST engine defs: 12011600
12:50:30.610 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:50:30.626 Disk 0 Vendor: Size: 0MB BusType: 0
12:50:30.626 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
12:50:30.626 Disk 1 Vendor: Size: 0MB BusType: 0
12:50:30.626 Disk 0 MBR read successfully
12:50:30.626 Disk 0 MBR scan
12:50:30.641 Disk 0 Windows 7 default MBR code
12:50:30.641 Disk 0 MBR hidden
12:50:30.641 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:50:30.641 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199900 MB offset 206848
12:50:30.657 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 753866 MB offset 409602048
12:50:30.657 Service scanning
12:50:31.936 Modules scanning
12:50:32.435 Disk 0 trace - called modules:
12:50:32.435 ntoskrnl.exe CLASSPNP.SYS disk.sys Sahdad64.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:50:32.435 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007786790]
12:50:32.451 3 CLASSPNP.SYS[fffff880019c143f] -> nt!IofCallDriver -> [0xfffffa800768ba20]
12:50:32.451 5 Sahdad64.sys[fffff8800194ce25] -> nt!IofCallDriver -> [0xfffffa80071a93a0]
12:50:32.451 7 ACPI.sys[fffff88000f527a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007423060]
12:50:32.966 AVAST engine scan C:\Windows
12:50:33.949 AVAST engine scan C:\Windows\system32
12:50:37.209 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
12:51:05.929 AVAST engine scan C:\Windows\system32\drivers
12:51:08.503 AVAST engine scan C:\Users\TEST
12:51:35.553 AVAST engine scan C:\ProgramData
12:52:02.479 Scan finished successfully
12:52:52.430 Disk 0 MBR has been saved successfully to "C:\Users\TEST\Desktop\MBR.dat"
12:52:52.430 The log file has been saved successfully to "C:\Users\TEST\Desktop\aswMBR.txt"


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64
-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix log..


Hanz

ComboFix 12-01-16.02 - TEST 01/16/2012 13:42:26.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8099.6205 [GMT -5:00]
Running from: c:\users\TEST\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml5394.tmp
c:\programdata\xml60BF.tmp
c:\programdata\xml62E2.tmp
c:\programdata\xmlDFC3.tmp
c:\programdata\xmlE215.tmp
c:\programdata\xmlE31F.tmp
c:\users\TEST\AppData\Local\assembly\tmp
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\assembly\temp\kwrd.dll
c:\windows\system32\consrv.dll
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\java.exe
c:\windows\System64
c:\windows\SysWow64\regw2.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2012-01-16 18:45 . 2012-01-16 18:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-16 16:35 . 2012-01-16 16:36 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2012-01-16 16:35 . 2012-01-16 16:35 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-01-16 16:29 . 2012-01-16 16:30 -------- d-----w- C:\00HOUSE
2012-01-16 15:56 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-16 15:56 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-16 15:56 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-16 15:56 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-16 15:56 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-16 15:56 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-16 15:56 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-16 15:56 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-01-16 15:56 . 2012-01-16 15:56 -------- d-----w- c:\programdata\AVAST Software
2012-01-16 15:56 . 2012-01-16 15:56 -------- d-----w- c:\program files\AVAST Software
2012-01-16 02:43 . 2012-01-16 02:43 -------- d-----w- c:\users\TEST\AppData\Roaming\FixTDSS
2012-01-13 20:59 . 2012-01-13 20:59 -------- d-----w- c:\users\TEST\AppData\Roaming\Nuance
2012-01-13 20:59 . 2012-01-13 20:59 -------- d-----w- c:\users\TEST\AppData\Roaming\FLEXnet
2012-01-13 20:58 . 2012-01-13 20:58 -------- d-----w- c:\program files (x86)\Common Files\IVA
2012-01-13 20:58 . 2012-01-16 05:53 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2012-01-13 20:58 . 2012-01-13 20:58 -------- d-----w- c:\programdata\Nuance
2012-01-13 20:58 . 2012-01-13 20:58 -------- d-----w- c:\program files (x86)\Nuance
2012-01-11 00:25 . 2012-01-11 00:25 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-11 00:25 . 2012-01-11 00:25 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-11 00:25 . 2012-01-11 00:25 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 00:25 . 2012-01-11 00:25 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-08 07:09 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-06 02:39 . 2012-01-06 02:39 -------- d-----w- c:\program files (x86)\Ask.com
2012-01-06 01:19 . 2012-01-16 17:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-06 01:19 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-04 19:44 . 2012-01-04 19:45 -------- d-----w- c:\windows\system32\MpEngineStore
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-12-23 20:59 . 2011-12-23 21:04 -------- d-----w- c:\programdata\PC Tools
2011-12-23 20:43 . 2011-12-24 04:06 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-12-19 02:43 . 2011-12-19 02:43 -------- d-----w- c:\program files (x86)\AC3Filter
2011-12-19 02:43 . 2009-08-12 02:22 580096 ----a-w- c:\windows\system32\ac3filter64.acm
2011-12-19 02:36 . 2011-12-19 02:36 -------- d-----w- c:\windows\SysWow64\custom matrices
2011-12-19 02:36 . 2011-12-19 02:37 -------- d-----w- c:\windows\SysWow64\C2MP
2011-12-19 02:36 . 2011-12-19 02:36 -------- d-----w- c:\windows\SysWow64\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 19:55 . 2011-11-30 19:55 557056 ----a-w- c:\windows\system32\LAVVideo.ax
2011-11-30 19:55 . 2011-11-30 19:55 550912 ----a-w- c:\windows\system32\LAVSplitter.ax
2011-11-30 19:55 . 2011-11-30 19:55 241664 ----a-w- c:\windows\system32\LAVAudio.ax
2011-11-30 19:55 . 2011-11-30 19:55 200192 ----a-w- c:\windows\system32\libbluray.dll
2011-11-30 19:55 . 2011-11-30 19:55 951794 ----a-w- c:\windows\system32\avformat-lav-53.dll
2011-11-30 19:55 . 2011-11-30 19:55 362454 ----a-w- c:\windows\system32\swscale-lav-2.dll
2011-11-30 19:55 . 2011-11-30 19:55 200604 ----a-w- c:\windows\system32\avutil-lav-51.dll
2011-11-30 19:55 . 2011-11-30 19:55 115305 ----a-w- c:\windows\system32\avfilter-lav-2.dll
2011-11-30 19:55 . 2011-11-30 19:55 6433576 ----a-w- c:\windows\system32\avcodec-lav-53.dll
2011-11-30 19:53 . 2011-11-30 19:53 458752 ----a-w- c:\windows\SysWow64\LAVSplitter.ax
2011-11-30 19:53 . 2011-11-30 19:53 437248 ----a-w- c:\windows\SysWow64\LAVVideo.ax
2011-11-30 19:53 . 2011-11-30 19:53 211968 ----a-w- c:\windows\SysWow64\LAVAudio.ax
2011-11-30 19:53 . 2011-11-30 19:53 171008 ----a-w- c:\windows\SysWow64\libbluray.dll
2011-11-30 19:53 . 2011-11-30 19:53 957031 ----a-w- c:\windows\SysWow64\avformat-lav-53.dll
2011-11-30 19:53 . 2011-11-30 19:53 6244574 ----a-w- c:\windows\SysWow64\avcodec-lav-53.dll
2011-11-30 19:53 . 2011-11-30 19:53 337369 ----a-w- c:\windows\SysWow64\swscale-lav-2.dll
2011-11-30 19:53 . 2011-11-30 19:53 197696 ----a-w- c:\windows\SysWow64\avutil-lav-51.dll
2011-11-30 19:53 . 2011-11-30 19:53 127340 ----a-w- c:\windows\SysWow64\avfilter-lav-2.dll
2011-11-30 09:54 . 2011-11-30 09:55 76288 ----a-w- c:\windows\SysWow64\EfiVar64.dll
2011-11-30 09:54 . 2011-11-30 09:55 18200 ----a-w- c:\windows\SysWow64\drivers\variable64.sys
2011-11-30 09:54 . 2011-11-30 09:55 18200 ----a-w- c:\windows\system32\drivers\variable64.sys
2011-11-30 09:54 . 2011-11-30 09:55 15384 ----a-w- c:\windows\SysWow64\drivers\cpuiox64.sys
2011-11-30 09:54 . 2011-11-30 09:55 15384 ----a-w- c:\windows\system32\drivers\cpuiox64.sys
2011-11-21 11:40 . 2011-12-14 17:25 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{357A26C0-2BBE-4E15-8991-48E81904AA7E}\mpengine.dll
2011-11-20 11:46 . 2011-11-20 11:46 4480512 ----a-w- c:\windows\system32\ffdshow.ax
2011-11-20 11:43 . 2011-11-20 11:43 3563520 ----a-w- c:\windows\SysWow64\ffdshow.ax
2011-11-20 11:36 . 2011-11-20 11:36 4031488 ----a-w- c:\windows\system32\ffmpeg.dll
2011-11-20 11:34 . 2011-11-20 11:34 3900928 ----a-w- c:\windows\SysWow64\ffmpeg.dll
2011-11-20 11:19 . 2011-11-20 11:19 473600 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2011-11-20 11:18 . 2011-11-20 11:18 630272 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2011-11-20 11:17 . 2011-11-20 11:17 159232 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll
2011-11-20 11:17 . 2011-11-20 11:17 358400 ----a-w- c:\windows\system32\ff_libfaad2.dll
2011-11-20 11:17 . 2011-11-20 11:17 183808 ----a-w- c:\windows\system32\ff_unrar.dll
2011-11-20 11:17 . 2011-11-20 11:17 155648 ----a-w- c:\windows\system32\ff_libmad.dll
2011-11-20 11:17 . 2011-11-20 11:17 112128 ----a-w- c:\windows\system32\ff_wmv9.dll
2011-11-20 11:17 . 2011-11-20 11:17 221696 ----a-w- c:\windows\system32\ff_libdts.dll
2011-11-20 11:17 . 2011-11-20 11:17 1531904 ----a-w- c:\windows\system32\ff_samplerate.dll
2011-11-20 11:17 . 2011-11-20 11:17 114688 ----a-w- c:\windows\system32\ff_liba52.dll
2011-11-20 11:17 . 2011-11-20 11:17 189440 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2011-11-20 11:09 . 2011-11-20 11:09 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-11-20 11:07 . 2011-11-20 11:07 259584 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll
2011-11-20 11:07 . 2011-11-20 11:07 133632 ----a-w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll
2011-11-20 11:07 . 2011-11-20 11:07 97280 ----a-w- c:\windows\SysWow64\ff_wmv9.dll
2011-11-20 11:07 . 2011-11-20 11:07 158720 ----a-w- c:\windows\SysWow64\ff_unrar.dll
2011-11-20 11:07 . 2011-11-20 11:07 211456 ----a-w- c:\windows\SysWow64\ff_libdts.dll
2011-11-20 11:07 . 2011-11-20 11:07 1524224 ----a-w- c:\windows\SysWow64\ff_samplerate.dll
2011-11-20 11:07 . 2011-11-20 11:07 145920 ----a-w- c:\windows\SysWow64\ff_libmad.dll
2011-11-20 11:07 . 2011-11-20 11:07 113664 ----a-w- c:\windows\SysWow64\ff_liba52.dll
2011-11-20 11:07 . 2011-11-20 11:07 327680 ----a-w- c:\windows\SysWow64\ff_libfaad2.dll
2011-11-20 11:06 . 2011-11-20 11:06 136704 ----a-w- c:\windows\SysWow64\libmpeg2_ff.dll
2011-11-15 19:29 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-22 20:42 . 2011-06-27 10:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"ShopSafe"="c:\progra~2\ShopSafe\ShopSafe.exe" [2010-10-13 371712]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-04-20 234792]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"ipTray.exe"="c:\program files (x86)\Intel\Intel Desktop Utilities\ipTray.exe" [2011-08-19 1631944]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DVDFab Passkey"="c:\program files (x86)\DVDFab Passkey\DVDFabPasskey.exe" [2011-03-17 1007608]
.
c:\users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2012-1-15 194775]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system32\regw2.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2011c\RpcAgentSrv.exe [2009-08-11 93848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/08/23 17:03];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 148976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-23 127352]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 IduService;Intel(R) Desktop Utilities Service;c:\program files (x86)\Intel\Intel Desktop Utilities\iduServ.exe [2011-08-19 132808]
S2 Intel(R) Desktop Boards FSC Application Service;Intel(R) Desktop Boards FSC Application Service;c:\program files (x86)\Intel\FSC\FSCAppServ.exe [2011-08-19 61440]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-04-20 75248]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-09-18 3271496]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-04 2656536]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
S3 cpuio;CPUIO Service;c:\windows\SysWOW64\Drivers\cpuiox64.sys [2011-11-30 15384]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 USA49WG;USA49WG;c:\windows\system32\DRIVERS\USA49WGx64.sys [x]
S3 USA49WGP;USA49WGP;c:\windows\system32\DRIVERS\USA49WGx64p.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 16:45]
.
2011-12-29 c:\windows\Tasks\RegCure.job
- c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-09-18 3993416]
"combofix"="c:\combofix\CF20179.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 172.16.105.1
FF - ProfilePath - c:\users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\alxzbf1v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="49F5DA201B91F53EDADB74B21820D696746A58DBF00605DEBCC3EF0E5D71632501A0A1C5C59E80F164CBFAA46F2D8B929D61DFD84DD3C31C46E4C955D1D50C59BB28205C55D50272077C19558CEB26EFE236A8F5901A1B0C4507883DF4816A52FD9CC538ECF0E7116A98641D02C38F97AD539533DD0E0B4A00EF76899A1439019243E282B09E4434F785D82A6611D10627D8E961DBD7BA89839B41501D26546B06132F37CB82CFD8DE5554FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6675D575E7D6A3B9808A6A0AC4980AC7933E7FC7C3EFE97C0AC2381A04A49F08312262163BAF296F2C88267ECB6A52F2E3B9CB4F48AA8597EA572684C05D157CCB9B8113ADD46D1E1CF403BA93487A282A62F4027955A374D3A89B0A91CEFF9712408CCB195ED54B30D4582B64136BCC233B18FDF1512D65C785B9F131F961D3F068D05D36BF0247100AF80E8FEEE65574A0517E0E3E02291D1327758414DCCB8FB96719A0A6E0DDB0F727D89B282C7DA37634F60FE6FC4051EA903BBD92FD5928544CC76C1939D640053C356C5D5D41D2E57B50A08F5300497B390F5E1EA4BB5078D56CB86A7A9B0006EA4FEC3E340A243C04BF946C31B8DDB94F12F794583C1C5BCCFF2F080C79C21337229DDB78220EF53134322BA7B57EDE37B88641497866FEC80B7BA8AD3B65561066EE9F35805119616EB2A5192C8B39087158743668911133259C5C7ECBF77923B5BDFCDC0ED696862EC9111DE00F7D9F35AEFD09185A073B40D15CAF43042B1EF705D0E00AF1E7587B42C9A254CE8D422D44BD27FE6F3275AF9D1BD15B2D5FA082423121FD0B6C31A26751DEF331A6977F2EBED5ACEC61DF8BCC5DA36A33803ED5E154BE98D22AAB39609E08C6B7FD65E18C95F909437176B6563738917D0B0897BBD3FEFD5B2D470CF2C3F0BE3F4ABC41B00F4D4BF4BAA1277BB6A81D36CBECDCE4907864C9B436F1141A6413C3A4D9A464D919B1068404C6B893B5454BABA2B1A08CFC5C8F649580B551A4847EEF4575A932EA074DA98842D27EEFD4650889C1AEF5A08D7448ED1E3942FFC8F1C2F73875AD4E01451C2229C9427BD0C265F1BF819FD6E37628F09B5D0108052AADB6DF8CCA69F48E0A5968D7598963D1849285940A1DD5B171B2E8F00FB38FC68324545B954E11EFEFA52C8910BCF24E7A3464F47437E6C0D557672BC43CDB6093803FE93A5725887D04C0956DA74BEB7A4FCE333F43BC4D0B51AD5C4CEADD623CB2E27F2F760EABA878180527753BF11CF59152B5A4574D38956A17A96886B309E56B41039FB01BA56ECD0BA66808E6182E8537D2F103E6BEEEA35622A55338E340C944BEBDBF58FC61493653F52447769C1049BBE549B51D99D6127AB"
"OODEFRAG15.00.00.01PROFESSIONAL"="0C921734BD2F6920645499DC1D3C92BAA1F793DA1C1A894CB289E091AA3646081B9AE02CE6460D939CE01836E661F8DE21E0A4BBCFC3D692FC330679C28CD30B804C2EA00D95775CD55E662A3CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5C1564E4A5C29E3D1D881D4046F814541E33A5E2BCB91C3A72B01EFBCBD20B27C8EE4F93B7D9726F0BFC2517A88905576673FA715AB1C8F29E703A3720329B9D3C92475F2E0E0CF7051DB892C105797BC015EBFC8C460B20517959C2F52E6F87A10C47722F117949D62743938D1EFEBC5DA26F41C14C8C62C04B9FD2D2D8EDCF51EAC117F1557FB71FDB22A099C75578C330F11CFE56ABC2F66AA33F4F88B048FAC21CBFC594947D52FD28E2093D7071C9D051105A40792D515AF38317590623A12B2D828B4964B7B8579AA991F9F8CD1F1F60467F293B7002298E416A2BF17B9CC0C317B7354EE7ECB433667D40CC1942BA6708AC71EABE8D6268B99D9F2A4C94A1A1D8D45CE673DFE69FAD2A947BBF88C220C3B7C0B4B1501A6956981F18F48A7279CB7E067423D44204BB0B414A151ADDB98D0580FC4375E66D24D9D35C3C505AF592E73F72A6E29F74EBA6D2AF4FF5B5D81C91DE565300E3C450EDAD47490D85B3F554D6120C76DBFA4216995A0A6AF612C9EC4D0CA3C5AE3331FBDEE128BB2344E49E62B5CB50D51762082CAA419D56F19439031B5E6F6B70BD3CDF64C9AAE6AB6EB239743C0375391940E1B35A0805F6A1AE7AB50EFCBEA890F86BBE82FB88634893F71B1E75A0485292D93F98F6BF943697704022BDD4FCEB937F138A2744D74BD47E288F66459DA0EA734AA98A44B13FD468546CD85B01320161387E7759EBF3A0F0CE196253883847550399B653A949D727BFA5C7063BEBC895B65E0B0BF2643437F722CF404AF5B968D0DAC532CA87A7380569D78B29C486E9CF1055A1375F61FE3E78E40419D5E759C9C4D3AA58D1E1E95837AC25BA8CEC6BF5D91CE7734F8CB5F0CCAD9B9E7A0D99BC12528A0923B4CC23F0B913D3B73D6ECCE87AAE5BC0AE9215368987F8AA775DA86085A409996237845FC996CBDCD18AB1CE5F481365D58B5F2DAD4CB9CD091F423205CCF5F7C2C5CC2EFAF76F39961933FE0E8DB39023DCBE0F20F368F2B81BF1EDBFDDE3A64253816C3F7F7F2D8A3A11D01DD848BCCB87CF1E3E09FDCC10D255DDF4B459AF5F84DC0C5A7EAEBA44D2C482768CD4069950E7FDB69DE7312D8BBBB13A34D1C02CBDCBE66946258A6986F7345A884CACE8BD0E390EC58918424EAA797840BB2F52AA6FB6572D7EE938C30868D93719172B1DFC3D9A1A38A296E8D82D6BC3FAEF0BB89E9BE68DCC4680B70989DC83984D"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-01-16 13:50:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-16 18:50
.
Pre-Run: 121,625,313,280 bytes free
Post-Run: 120,699,518,976 bytes free
.
- - End Of File - - 50A7E56FEAA9DA05271A525A34F08AAB
 
Looks good.

How is computer doing?

Uninstall Ask Toolbar, typical foistware.

Uninstall:
RegCure
Registry Mechanic 10.0
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


=============================================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
ask toolbar: gone
regcure:gone
registry mechanic 10.0: gone


otl.txt and extras (too big - more to follow)
Hanz

OTL logfile created on: 1/16/2012 2:32:11 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\00CDROM\OTL-Virus
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.45 Gb Available Physical Memory | 81.59% Memory free
15.82 Gb Paging File | 14.39 Gb Available in Paging File | 90.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.21 Gb Total Space | 112.55 Gb Free Space | 57.65% Space Free | Partition Type: NTFS
Drive D: | 736.20 Gb Total Space | 112.65 Gb Free Space | 15.30% Space Free | Partition Type: NTFS
Drive F: | 931.39 Gb Total Space | 98.96 Gb Free Space | 10.63% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 69.94 Mb Free Space | 69.94% Space Free | Partition Type: NTFS

Computer Name: BOAT | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/01/11 06:18:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\00CDROM\OTL-Virus\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/19 14:52:06 | 000,132,808 | ---- | M] (Intel(R) Corporation) -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe
PRC - [2011/08/19 14:52:04 | 001,631,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iptray.exe
PRC - [2011/08/19 14:47:50 | 000,061,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe
PRC - [2011/05/04 11:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/05/04 11:46:04 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/04/19 22:56:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
PRC - [2011/04/19 22:56:47 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/04/14 17:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/03/31 08:37:11 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/03/31 08:37:06 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010/11/14 17:30:49 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010/10/13 15:41:30 | 000,371,712 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\ShopSafe\ShopSafe.exe
PRC - [2010/10/13 15:40:04 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\obroker.exe
PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2010/05/20 14:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/06/23 16:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/13 15:37:30 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\ShopSafe\ShopSafe.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/09/18 18:18:54 | 003,271,496 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2011/04/11 13:44:46 | 000,171,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service)
SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/08/10 20:34:50 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/19 14:52:06 | 000,132,808 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe -- (IduService) Intel(R)
SRV - [2011/08/19 14:47:50 | 000,061,440 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe -- (Intel(R) Desktop Boards FSC Application Service) Intel(R)
SRV - [2011/06/25 19:44:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 11:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/05/04 11:46:04 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011/04/19 22:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/03/31 08:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/03/31 08:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/23 16:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/07/18 13:53:45 | 000,017,176 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\osaio.sys -- (osaio)
DRV:64bit: - [2011/06/29 05:18:49 | 000,093,360 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/05/10 23:32:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/05/10 23:32:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/04 16:19:06 | 000,340,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011/04/29 13:34:32 | 000,100,864 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2011/04/18 22:18:13 | 000,028,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV:64bit: - [2011/04/13 17:30:54 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/04/13 17:30:50 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/04/10 10:51:08 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/16 17:49:42 | 000,107,904 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvdfab.sys -- (dvdfab)
DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 00:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/06/24 12:46:14 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
DRV:64bit: - [2010/05/20 14:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011c\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 00:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 00:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 00:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2008/08/18 10:11:52 | 000,013,312 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ICDUSB3.sys -- (ICDUSB3)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/02/08 23:28:04 | 000,762,496 | ---- | M] (Keyspan) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USA49WGx64.sys -- (USA49WG)
DRV:64bit: - [2007/02/08 23:27:08 | 000,035,840 | ---- | M] (Keyspan) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USA49WGx64p.sys -- (USA49WGP)
DRV - [2011/11/30 04:54:05 | 000,015,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\cpuiox64.sys -- (cpuio)
DRV - [2011/04/19 22:56:48 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011/04/12 04:16:53 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/08/23 17:03:24] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/04/03 20:40:00 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\bizVSerialNT.sys -- (bizVSerial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: shopsafe@orbiscom:3.4.13.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\shopsafe@orbiscom: C:\Program Files (x86)\ShopSafe [2011/06/29 11:38:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/16 10:56:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/10 19:25:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/11 04:44:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/09 09:33:42 | 000,000,000 | ---D | M]

[2011/06/25 15:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEST\AppData\Roaming\Mozilla\Extensions
[2011/06/25 15:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEST\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/16 14:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\alxzbf1v.default\extensions
[2011/11/07 15:25:30 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\alxzbf1v.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/11/07 15:25:30 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\alxzbf1v.default\extensions\firebug@software.joehewitt.com
[2011/07/25 18:36:40 | 000,001,832 | ---- | M] () -- C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\alxzbf1v.default\searchplugins\bing.xml
[2012/01/10 19:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\TEST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ALXZBF1V.DEFAULT\EXTENSIONS\{FE0258AB-4F74-43A1-8781-BCDF340F9EE9}.XPI
[2012/01/10 19:25:04 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/16 13:47:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (ShopSafeBrowserHelper Class) - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\Program Files (x86)\ShopSafe\BhoSSafe.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\..\Toolbar\ShellBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ipTray.exe] C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShopSafe] C:\Program Files (x86)\ShopSafe\ShopSafe.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKU\.DEFAULT..\Run: [DVDFab Passkey] C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe (Fengtao Software Inc.)
O4 - HKU\S-1-5-18..\Run: [DVDFab Passkey] C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe (Fengtao Software Inc.)
O4 - HKU\S-1-5-21-346988686-1374381299-2349832999-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.105.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{797E6F32-F9AA-462F-97A4-4B2CD5BB8152}: DhcpNameServer = 172.16.105.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.pspgru - C:\Windows\SysWow64\PSPGRU.acm (Philips Austria GmbH - Speech Processing)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 13:47:08 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/16 13:41:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/16 13:41:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/16 13:41:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/16 13:41:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/16 13:41:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/16 13:10:43 | 004,385,658 | R--- | C] (Swearware) -- C:\Users\TEST\Desktop\ComboFix.exe
[2012/01/16 11:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/01/16 11:29:36 | 000,000,000 | ---D | C] -- C:\00HOUSE
[2012/01/16 10:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/16 10:56:38 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/01/16 10:56:38 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/01/16 10:56:37 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/01/16 10:56:37 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/01/16 10:56:37 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/01/16 10:56:36 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/01/16 10:56:30 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/01/16 10:56:30 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/16 10:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/16 10:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/15 21:43:18 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\FixTDSS
[2012/01/13 15:59:37 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Nuance
[2012/01/13 15:59:37 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\FLEXnet
[2012/01/13 15:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 11.0
[2012/01/13 15:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IVA
[2012/01/13 15:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
[2012/01/13 15:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012/01/13 15:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[2012/01/08 02:09:41 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/01/05 21:04:47 | 000,000,000 | R--D | C] -- C:\Users\TEST\Documents\Scanned Documents
[2012/01/05 21:04:47 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\Fax
[2012/01/05 20:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/05 20:19:47 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/05 20:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/04 14:44:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2011/12/26 04:53:58 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WXTide32
[2011/12/23 16:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/12/23 15:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/23 15:43:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/12/18 21:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2011/12/18 21:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2011/12/18 21:36:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\custom matrices
[2011/12/18 21:36:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2011/12/18 21:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
[2011/12/18 21:36:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 13:59:27 | 000,029,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 13:59:27 | 000,029,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 13:52:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 13:52:08 | 000,983,328 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/01/16 13:47:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/16 13:10:54 | 004,385,658 | R--- | M] (Swearware) -- C:\Users\TEST\Desktop\ComboFix.exe
[2012/01/16 12:52:52 | 000,000,512 | ---- | M] () -- C:\Users\TEST\Desktop\MBR.dat
[2012/01/16 11:24:08 | 000,000,684 | ---- | M] () -- C:\Users\TEST\Desktop\00CDROM - Shortcut.lnk
[2012/01/16 11:03:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/01/16 10:56:39 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/14 11:32:18 | 000,001,167 | ---- | M] () -- C:\Users\TEST\Desktop\SpaceSniffer.exe - Shortcut.lnk
[2012/01/13 16:32:28 | 000,001,834 | ---- | M] () -- C:\Users\TEST\AppData\Roaming\SAS7_000.DAT
[2012/01/13 15:58:36 | 000,002,799 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
[2012/01/13 05:58:50 | 000,001,200 | ---- | M] () -- C:\Users\Public\Desktop\Digital Voice Editor 3.lnk
[2012/01/11 09:48:37 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/11 09:48:37 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/11 09:48:37 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/10 19:25:08 | 000,002,059 | ---- | M] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/07 20:18:33 | 000,007,605 | ---- | M] () -- C:\Users\TEST\AppData\Local\Resmon.ResmonCfg
[2011/12/26 04:55:47 | 000,001,074 | ---- | M] () -- C:\Users\TEST\Desktop\wxtide32.exe - Shortcut.lnk
[2011/12/24 08:11:42 | 000,000,000 | ---- | M] () -- C:\ProgramData\v0Q7I02Hg.dat
[2011/12/19 07:01:37 | 000,000,550 | ---- | M] () -- C:\Windows\WININIT.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========

[2012/01/16 13:41:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/16 13:41:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/16 13:41:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/16 13:41:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/16 13:41:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/16 12:52:52 | 000,000,512 | ---- | C] () -- C:\Users\TEST\Desktop\MBR.dat
[2012/01/16 11:24:08 | 000,000,684 | ---- | C] () -- C:\Users\TEST\Desktop\00CDROM - Shortcut.lnk
[2012/01/16 10:56:39 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/14 11:32:18 | 000,001,167 | ---- | C] () -- C:\Users\TEST\Desktop\SpaceSniffer.exe - Shortcut.lnk
[2012/01/13 16:32:28 | 000,001,834 | ---- | C] () -- C:\Users\TEST\AppData\Roaming\SAS7_000.DAT
[2012/01/13 15:58:36 | 000,002,799 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
[2012/01/13 05:58:50 | 000,001,200 | ---- | C] () -- C:\Users\Public\Desktop\Digital Voice Editor 3.lnk
[2012/01/08 02:09:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/12/26 04:55:47 | 000,001,074 | ---- | C] () -- C:\Users\TEST\Desktop\wxtide32.exe - Shortcut.lnk
[2011/12/24 08:11:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\v0Q7I02Hg.dat
[2011/12/18 21:43:21 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2011/11/30 14:53:34 | 000,171,008 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2011/11/30 14:53:26 | 006,244,574 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2011/11/30 14:53:26 | 000,957,031 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2011/11/30 14:53:26 | 000,337,369 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2011/11/30 14:53:26 | 000,197,696 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2011/11/30 14:53:26 | 000,127,340 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/11/20 06:34:48 | 003,900,928 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/11/20 06:09:44 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/20 06:07:24 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/11/20 06:07:06 | 000,133,632 | ---- | C] () -- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
[2011/11/20 06:07:04 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/11/20 06:07:04 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/11/20 06:07:02 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/11/20 06:07:02 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/11/20 06:07:02 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/11/20 06:07:02 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/11/20 06:07:00 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/11/20 06:06:58 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/07/18 13:47:16 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2011/07/15 13:26:54 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2011/07/07 22:45:13 | 000,000,039 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/07/04 13:05:41 | 010,932,224 | ---- | C] () -- C:\ProgramData\sandra.mda
[2011/07/01 03:25:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2011/06/30 20:01:38 | 000,000,550 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/06/29 14:20:58 | 000,000,043 | ---- | C] () -- C:\Windows\ib.ini
[2011/06/29 14:20:57 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2011/06/29 05:09:41 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/29 05:09:41 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\statistics.dat
[2011/06/29 05:09:41 | 000,000,039 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/27 15:47:21 | 000,124,264 | R--- | C] () -- C:\Windows\SysWow64\mp3dec.dll
[2011/06/27 15:47:21 | 000,081,920 | R--- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
[2011/06/27 15:47:21 | 000,010,600 | R--- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
[2011/06/26 14:35:12 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
[2011/06/26 09:41:16 | 000,007,605 | ---- | C] () -- C:\Users\TEST\AppData\Local\Resmon.ResmonCfg
[2011/06/25 09:03:03 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/25 09:00:01 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/06/25 09:00:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/06/25 08:53:27 | 000,921,665 | ---- | C] () -- C:\Windows\SysWow64\msvcrt-ruby18.dll
[2011/06/25 08:53:27 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll
[2011/06/25 08:53:27 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2011/06/25 08:53:27 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\pythonw.exe
[2011/06/25 08:53:27 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\python.exe
[2011/06/25 08:53:27 | 000,020,537 | ---- | C] () -- C:\Windows\SysWow64\rubyw.exe
[2011/06/25 08:53:27 | 000,020,536 | ---- | C] () -- C:\Windows\SysWow64\ruby.exe
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/10 10:49:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/10 10:49:10 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/10 10:49:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/10 10:42:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/04/10 10:18:24 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/03/03 06:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 06:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/03/03 06:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/03/03 06:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/03/03 06:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/03/03 06:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 06:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/03/03 06:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/03/03 06:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/03/03 06:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2010/08/18 14:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009/08/11 16:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 16:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/03/03 23:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll
[2005/02/16 23:43:00 | 000,024,576 | ---- | C] () -- C:\Windows\FransonRegistryRestoration.exe
[2004/01/30 14:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\SysWow64\unicows.dll

========== LOP Check ==========

[2011/06/26 21:19:52 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Ashampoo
[2011/11/08 09:25:17 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Canon
[2012/01/15 21:43:18 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\FixTDSS
[2011/07/04 06:13:40 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\FolderPrint
[2011/10/28 03:11:12 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Hardcoded Software
[2011/07/04 10:34:54 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\ImgBurn
[2011/10/24 06:01:47 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\NavMonPc
[2012/01/13 15:59:37 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Nuance
[2011/09/09 03:37:51 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Registry Mechanic
[2011/06/27 13:29:34 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Replay Media Catcher 4
[2011/06/27 15:18:28 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Simple Star
[2011/06/25 15:31:58 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Thunderbird
[2012/01/16 11:33:22 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\uTorrent
[2011/12/13 05:57:18 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Xilisoft Corporation
[2012/01/14 22:31:10 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2012/01/16 13:50:09 | 000,029,996 | ---- | M] () -- C:\ComboFix.txt
[2011/11/09 08:14:57 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2012/01/16 13:52:09 | 4197,867,519 | -HS- | M] () -- C:\pagefile.sys
[2012/01/11 05:14:44 | 000,083,426 | ---- | M] () -- C:\TDSSKiller.2.7.0.0_11.01.2012_05.14.28_log.txt
[2012/01/15 21:41:22 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.0.0_15.01.2012_21.41.12_log.txt
[2012/01/15 21:42:21 | 000,083,426 | ---- | M] () -- C:\TDSSKiller.2.7.1.0_15.01.2012_21.42.01_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/25 13:38:10 | 000,000,221 | -HS- | M] () -- C:\Users\TEST\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/01/16 13:10:54 | 004,385,658 | R--- | M] (Swearware) -- C:\Users\TEST\Desktop\ComboFix.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/06/26 16:24:18 | 000,013,023 | ---- | M] () -- C:\Windows\VX1000.src
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/10/20 22:23:26 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/01/08 13:49:24 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/01/08 13:49:14 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2012/01/08 13:49:14 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb00001.log
[2011/11/09 21:35:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/11/09 21:35:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/01/08 13:49:14 | 000,000,000 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2012/01/08 13:49:13 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/06/29 14:27:17 | 000,000,402 | -HS- | M] () -- C:\Users\TEST\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/07/18 13:47:21 | 000,000,064 | ---- | M] () -- C:\ProgramData\sandra.ldb
[2011/07/06 23:05:18 | 010,932,224 | ---- | M] () -- C:\ProgramData\sandra.mda

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2011/08/24 21:15:57 | 000,000,000 | ---D | M](C:\Users\TEST\Favorites\??sorted Bookmarks) -- C:\Users\TEST\Favorites\遈dzsorted Bookmarks

========== Alternate Data Streams ==========

@Alternate Data Stream - 368 bytes -> C:\Users\TEST\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:0D6E9A34
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8

< End of report >
 
last of logs


Hanz

OTL Extras logfile created on: 1/11/2012 6:22:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\00CDROM\OTL-Virus
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.47 Gb Available Physical Memory | 69.17% Memory free
15.82 Gb Paging File | 13.48 Gb Available in Paging File | 85.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.21 Gb Total Space | 114.97 Gb Free Space | 58.90% Space Free | Partition Type: NTFS
Drive D: | 736.20 Gb Total Space | 113.86 Gb Free Space | 15.47% Space Free | Partition Type: NTFS
Drive F: | 931.39 Gb Total Space | 256.79 Gb Free Space | 27.57% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 69.94 Mb Free Space | 69.94% Space Free | Partition Type: NTFS

Computer Name: BOAT | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CE7326-01AA-44C5-A323-45E52C5D4D0D}" = O&O Defrag Professional
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{44663264-E108-4938-BF9E-A767315072C9}" = Intel(R) Network Connections 16.3.48.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7105B74C-1124-40BC-919D-1B9A8F4517C5}" = Replay Media Catcher 4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Professional Business 2011c
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3318836AD61238EBF9D3CA1B0500E56C2DF9465B" = Windows Driver Package - KSPN (USA49WG) USB (01/01/2007 3.7.0.0)
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
"54F242A9C8F5B27621DF232A7F75FA257F822819" = Windows Driver Package - KSPN (USA49WGP) PORTS (01/01/2007 3.7.0.0)
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSetDX" = Intel(R) Network Connections 16.3.48.0
"SMBus" = Intel(R) SMBus

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216024F0}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 29
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{31F10994-391D-4F39-A541-E4D30338BB42}" = Franson SerialTools RunTime
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{50A53344-212F-4CB9-B520-98ACA3D62342}" = dupeGuru
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73868DD9-CC9A-4F7F-B708-99F096DEAB6D}" = Adobe Shockwave Player 11.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87358FDB-7A27-4F53-9BFB-1566FA03A9C5}" = ShopSafe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{9437FF64-45F1-47C5-866A-04B432E6C306}" = Keyspan USB 2.0 4-Port Serial Adapter
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A31F749C-8ADF-44E4-AD33-E39286A96A1B}" = Intel(R) Desktop Utilities
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EEDE759C-14CC-4487-8A45-F0E8447E1227}" = ShopSafe
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aimersoft DVD Creator_is1" = Aimersoft DVD Creator(Build 2.5.2.15)
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"AXIS Media Control SDK_is1" = AXIS Media Control SDK 6.0.2
"Coastal Explorer" = Coastal Explorer
"Directory Toolkit (Shareware)_is1" = Directory Toolkit
"Directory Toolkit_is1" = Directory Toolkit
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.2.6 (17/03/2011)
"EZ Viewer 3.0_is1" = EZ Viewer 3.0
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A31F749C-8ADF-44E4-AD33-E39286A96A1B}" = Intel(R) Desktop Utilities
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Lan Lights" = Lan Lights
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1600
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.2
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NavMonPc_is1" = NavMonPc 1.10
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PokerStars.net" = PokerStars.net
"Reader Studio_is1" = Reader Studio 1.5a
"RegCure" = RegCure
"Registry Mechanic_is1" = Registry Mechanic 10.0
"STG FolderPrint Plus_is1" = STG FolderPrint Plus 3.83
"Trader Workstation 4.0" = Trader Workstation 4.0
"Ugrib_is1" = Ugrib RC1
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"WXTide32" = WXTide32
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Trader Workstation" = Trader Workstation

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/23/2011 12:26:58 AM | Computer Name = BOAT | Source = Application Error | ID = 1000
Description = Faulting application name: ExterminateIt.exe, version: 0.0.0.0, time
stamp: 0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x02b3d835 Faulting process id: 0x430 Faulting application
start time: 0x01ccc12b0cdd1923 Faulting application path: C:\Program Files (x86)\Exterminate
It!\ExterminateIt.exe Faulting module path: unknown Report Id: 59fdd30a-2d1e-11e1-b821-e069957328a1

Error - 12/23/2011 12:27:45 AM | Computer Name = BOAT | Source = Application Error | ID = 1000
Description = Faulting application name: ExterminateIt.exe, version: 0.0.0.0, time
stamp: 0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x008ed835 Faulting process id: 0x7a8 Faulting application
start time: 0x01ccc12b28c95d7a Faulting application path: C:\Program Files (x86)\Exterminate
It!\ExterminateIt.exe Faulting module path: unknown Report Id: 75c662bd-2d1e-11e1-b821-e069957328a1

Error - 12/23/2011 12:28:31 AM | Computer Name = BOAT | Source = Application Error | ID = 1000
Description = Faulting application name: ExterminateIt.exe, version: 0.0.0.0, time
stamp: 0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x02ccd835 Faulting process id: 0x60c Faulting application
start time: 0x01ccc12b3aefdb90 Faulting application path: C:\Program Files (x86)\Exterminate
It!\ExterminateIt.exe Faulting module path: unknown Report Id: 90d7a87b-2d1e-11e1-b821-e069957328a1

Error - 12/23/2011 12:50:34 AM | Computer Name = BOAT | Source = WinMgmt | ID = 10
Description =

Error - 12/23/2011 1:01:36 AM | Computer Name = BOAT | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x5256ff18 Faulting process id: 0x13c0 Faulting application
start time: 0x01ccc12f8cd114ad Faulting application path: C:\Windows\SysWOW64\ping.exe
Faulting
module path: unknown Report Id: 302ccb73-2d23-11e1-9692-e069957328a1

Error - 12/23/2011 6:18:04 AM | Computer Name = BOAT | Source = WinMgmt | ID = 10
Description =

Error - 12/23/2011 6:37:32 AM | Computer Name = BOAT | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: Flash10x.ocx, version: 10.3.183.10, time
stamp: 0x4e764622 Exception code: 0xc0000005 Fault offset: 0x001938de Faulting process
id: 0x10b0 Faulting application start time: 0x01ccc15e79094fde Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash10x.ocx
Report
Id: 1e0d4fb5-2d52-11e1-9f23-e069957328a1

Error - 12/23/2011 7:05:32 AM | Computer Name = BOAT | Source = WinMgmt | ID = 10
Description =

Error - 12/23/2011 7:46:10 AM | Computer Name = BOAT | Source = WinMgmt | ID = 10
Description =

Error - 12/23/2011 10:40:25 AM | Computer Name = BOAT | Source = WinMgmt | ID = 10
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
sorry:
the IE redirect seems to be gone.

cpu seems to be ok..


What cause the virus to enter the CPU?? (browers or download?)

How can I prevent it from happening again??( I will try Avast.)


Hanz
 
There is no way to trace any infections source.
I'll post some security hints later.
I'll check your OTL logs now....

Good news though :)
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O3 - HKU\S-1-5-21-346988686-1374381299-2349832999-1000\..\Toolbar\ShellBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 368 bytes -> C:\Users\TEST\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:0D6E9A34
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
following are:eek:lt.log checkup.txt,fss.txt,eset.log

Hanz

OLT

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-346988686-1374381299-2349832999-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\Users\TEST\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:0D6E9A34 deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
ADS C:\ProgramData\Temp:0FF263E8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEST
->Temp folder emptied: 1901053 bytes
->Temporary Internet Files folder emptied: 13929768 bytes
->Java cache emptied: 838315 bytes
->FireFox cache emptied: 75447120 bytes
->Flash cache emptied: 1414 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 131039 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: TEST
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: TEST
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01162012_155902

Files\Folders moved on Reboot...
C:\Users\TEST\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Java(TM) 6 Update 24
Java(TM) 6 Update 30
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````


Farbar Service Scanner
Ran by TEST (administrator) on 16-01-2012 at 16:19:14
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

eset log

C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\SysWOW64\regw2.exe.vir Win32/Agent.QTP trojan cleaned by deleting - quarantined
C:\Windows\assembly\temp\U\80000032.$ probably a variant of Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined
 
Uninstall: Java(TM) 6 Update 24

Your Windows firewall seems to be not working because of missing registry key.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on mpssvc.reg file and confirm the prompt.
Restart computer, check on Windows firewall and post new FSS log.
 
create new restore: done
mpssvc:done
fss log: follow

hanz


Farbar Service Scanner
Ran by TEST (administrator) on 16-01-2012 at 18:30:15
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Leave it alone.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEST
->Temp folder emptied: 55506 bytes
->Temporary Internet Files folder emptied: 1077579 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53799432 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2514 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 52.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: TEST
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: TEST
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01162012_185058

Files\Folders moved on Reboot...
C:\Users\TEST\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

D
New LogoFAIL exploit leaves Windows and Linux users vulnerable to remote attacks
Replies
1
Views
283
Gezzer
G
D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
400
Fastturtle
F
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back