Help With Malware/Virus [Closed]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

3 Pages

1 2 3 >

Help With Malware/Virus [Closed], Possibly WinPC Defender

Options

Dr. Cox View Member Profile	Jul 2 2009, 07:05 PM Post #1
Member Posts: 26 OS: Vista	Hi, Having some problems with my computer if anyone is able to help please? Running fine until this evening - got some kind of virus warning. But it wasn't from my usual anti-virus, windows firewall etc. It was from a program called WinPC Defender. Sussed it was malware/virus so downloaded spybot and ccleaner. Ran both, they both found a few things and got rid of them. Tried to run system restore but when i tried that it said there was no restore points whatsoever which shouldn't be the case. Usually have loads to pick from weekly. Tried to restart the computer in hope of spybot/ccleaner results fixing it but no luck there. Looked up WinPc Defender and tried some suggested programs to remove it Malwarebyte's Anti-Malware but that won't let me run the program at all. Everytime i try to run it i get a windows error straight away: "Malwarebyte's Anti-Malware has stopped working. A problem caused the program to stop working correctly" Every single time. Anyone able to help please? Thanks

Thunderbird1988 View Member Profile	Jul 3 2009, 01:42 AM Post #2
Trusted Helper Posts: 1,844 From: The Netherlands OS: Windows XP/Vista Dualboot	Hello Dr. Cox, Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Dr. Cox View Member Profile	Jul 3 2009, 07:45 AM Post #3
Member Posts: 26 OS: Vista	Thanks for the reply. The first log: OTL logfile created on: 03/07/2009 14:36:04 - Run 1 OTL by OldTimer - Version 3.0.6.3 Folder = C:\Users\Kev\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory \| 2.00 Gb Available Physical Memory \| 100.00% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 458.92 Gb Total Space \| 352.46 Gb Free Space \| 76.80% Space Free \| Partition Type: NTFS Drive D: \| 465.76 Gb Total Space \| 199.57 Gb Free Space \| 42.85% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KEV-PC Current User Name: Kev Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) PRC - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation) PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation) PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.) PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.) PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation) PRC - C:\Users\Kev\Downloads\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AVG Anti-Spyware Guard [Auto \| Running]) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.) SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ehRecvr [On_Demand \| Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [On_Demand \| Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (ehstart [Auto \| Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (Eventlog [Auto \| Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc [Unknown \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand \| Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Irmon [Auto \| Running]) -- C:\Windows\System32\irmon.dll (Microsoft Corporation) SRV - (msfwsvc [Auto \| Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (nvsvc [Auto \| Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) SRV - (OcHealthMon [Auto \| Running]) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation) SRV - (OneCareMP [Auto \| Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation) SRV - (RichVideo [Auto \| Stopped]) -- File not found SRV - (rpcapd [On_Demand \| Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (usnjsvc [On_Demand \| Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (WinDefend [Auto \| Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (winss [Auto \| Running]) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation) SRV - (WLSetupSvc [On_Demand \| Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand \| Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (3xHybrid [On_Demand \| Stopped]) -- C:\Windows\System32\DRIVERS\3xHybrid.sys (NXP Semiconductors Germany GmbH) DRV - (adp94xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (adpahci [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (adpu320 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (aic78xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (aliide [Disabled \| Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (arc [Disabled \| Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (arcsas [Disabled \| Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (AVG Anti-Spyware Driver [System \| Running]) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys () DRV - (AvgAsCln [System \| Running]) -- C:\Windows\System32\DRIVERS\AvgAsCln.sys (GRISOFT, s.r.o.) DRV - (BrFiltLo [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (Brserid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrSerWdm [Disabled \| Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm [Disabled \| Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (cmdide [Disabled \| Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (E1G60 [On_Demand \| Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation) DRV - (elxstor [Disabled \| Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (HpCISSs [Disabled \| Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (iaStorV [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (iirsp [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (IntcAzAudAddService [On_Demand \| Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (irsir [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\irsir.sys (Microsoft Corporation) DRV - (iteatapi [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (iteraid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (LSI_FC [Disabled \| Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (LSI_SAS [Disabled \| Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (LSI_SCSI [Disabled \| Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (megasas [Disabled \| Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR [Disabled \| Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (MpFilter [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\MpFilter.sys (Microsoft Corporation) DRV - (Mraid35x [Disabled \| Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (MSFWDrv [Auto \| Running]) -- C:\Windows\System32\DRIVERS\msfwdrv.sys (Microsoft Corporation) DRV - (MSFWHLPR [System \| Running]) -- C:\Windows\System32\DRIVERS\msfwhlpr.sys (Microsoft Corporation) DRV - (nfrd960 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (NPF [On_Demand \| Stopped]) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (ntrigdigi [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (nvlddmkm [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvraid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor [Disabled \| Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (pcouffin [On_Demand \| Running]) -- C:\Windows\System32\Drivers\pcouffin.sys (VSO Software) DRV - (PxHelp20 [Boot \| Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (PzWDM [Boot \| Running]) -- C:\Windows\system32\Drivers\PzWDM.sys (Prassi Technology) DRV - (ql2300 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (ql40xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (RTL8169 [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation ) DRV - (secdrv [Auto \| Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SiSRaid4 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (Symc8xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_hi [Disabled \| Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Sym_u3 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (uliahci [Disabled \| Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (UlSata [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (ulsata2 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (USBAAPL [On_Demand \| Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.) DRV - (UsbFltr [On_Demand \| Running]) -- C:\Windows\System32\Drivers\UsbFltr.sys (Waytech Development, Inc.) DRV - (viaide [Disabled \| Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (vsmraid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} [Auto \| Running]) -- C:\Program Files\CyberLink\PowerDVD8\000.fcl (Cyberlink Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.co.uk" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.2 FF - prefs.js..extensions.enabledItems: FindInTabs@mishac.com:0.4.0.3 FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:5.8 FF - prefs.js..extensions.enabledItems: {10187899-7ffe-4f9a-b9d2-35fdb3b49690}:0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.5 FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.11 FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.2.6 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.0.8 FF - prefs.js..extensions.enabledItems: thumbnailexpander@extensions.danwendorf.com:1.0 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/03/06 03:06:19 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/22 19:55:07 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/17 19:00:28 \| 00,000,000 \| ---D \| M] [2008/10/31 16:57:44 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Extensions [2008/10/31 16:57:44 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/07/02 16:15:47 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions [2009/06/01 00:02:47 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2008/11/11 23:15:47 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{10187899-7ffe-4f9a-b9d2-35fdb3b49690} [2009/03/25 02:44:55 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2008/10/31 17:02:50 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A} [2009/04/30 12:23:44 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84} [2009/06/13 19:35:38 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2009/04/04 10:54:44 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}(18) [2009/07/01 02:29:40 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009/04/17 14:46:56 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/05/05 12:39:52 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\FindInTabs@mishac.com [2009/05/04 02:46:43 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\foxmarks@kei.com [2009/02/19 12:27:14 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\thumbnailexpander@extensions.danwendorf.com [2009/02/19 12:27:14 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\thumbnailexpander@extensions.danwendorf.com [2009/02/19 12:27:14 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\thumbnailexpander@extensions.danwendorf.com\chrome [2009/02/19 12:27:14 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\thumbnailexpander@extensions.danwendorf.com\defaults [2008/12/01 21:31:06 \| 00,006,010 \| ---- \| M] () -- C:\Users\Kev\AppData\Roaming\Mozilla\FireFox\Profiles\1jl9dx14.default\searchplugins\allmusic.xml [2008/11/13 22:27:24 \| 00,001,922 \| ---- \| M] () -- C:\Users\Kev\AppData\Roaming\Mozilla\FireFox\Profiles\1jl9dx14.default\searchplugins\hmv-search.xml [2008/10/31 23:48:24 \| 00,001,504 \| ---- \| M] () -- C:\Users\Kev\AppData\Roaming\Mozilla\FireFox\Profiles\1jl9dx14.default\searchplugins\imdb.xml [2008/11/05 01:01:57 \| 00,001,826 \| ---- \| M] () -- C:\Users\Kev\AppData\Roaming\Mozilla\FireFox\Profiles\1jl9dx14.default\searchplugins\lyricwiki-english.xml [2009/06/29 02:23:30 \| 00,002,431 \| ---- \| M] () -- C:\Users\Kev\AppData\Roaming\Mozilla\FireFox\Profiles\1jl9dx14.default\searchplugins\youtube.xml [2009/07/02 16:15:47 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/06/13 15:06:49 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/05 15:22:31 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/03/27 15:18:07 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/06/13 15:06:47 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/06/13 15:06:47 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/04/10 18:21:08 \| 00,163,256 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2009/03/09 06:19:09 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/06/13 15:06:48 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009/02/27 12:13:42 \| 00,103,792 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008/01/04 16:36:50 \| 00,001,538 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2006/07/05 19:47:38 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2008/01/04 16:36:50 \| 00,000,947 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2008/03/08 10:35:22 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2008/11/15 05:12:26 \| 00,000,759 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2008/08/17 19:51:12 \| 00,004,849 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\F365.xml [2008/04/16 05:08:20 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008/03/28 19:11:14 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2008/01/04 16:36:50 \| 00,000,831 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (WinInet Class) - {39fc2065-c9c7-49cd-8942-44cc2dedc844} - C:\Windows\ieocx.dll () O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation) O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [sysav] C:\Users\Kev\AppData\Roaming\pcdefender.exe (Antivirus Software) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm () O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm () O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 \| 00,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found ========== Files/Folders - Created Within 30 Days ========== [1 C:\Users\Kev\AppData\Roaming\.tmp files] [2009/07/03 03:46:55 \| 01,498,281 \| -H-- \| C] () -- C:\Users\Kev\AppData\Local\IconCache.db [2009/07/03 03:14:23 \| 00,130,754 \| ---- \| C] () -- C:\Users\Kev\Desktop\viewerror.jpg [2009/07/03 02:24:56 \| 00,000,823 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/03 02:24:53 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/07/03 02:24:51 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/07/03 02:24:51 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/07/03 02:24:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/07/03 02:24:18 \| 03,561,744 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Users\Kev\Desktop\zztoy.exe [2009/07/03 01:05:14 \| 32,193,16736 \| -HS- \| C] () -- C:\hiberfil.sys [2009/07/03 01:01:16 \| 00,000,680 \| ---- \| C] () -- C:\Users\Kev\AppData\Local\d3d9caps.dat [2009/07/03 01:00:07 \| 00,000,000 \| ---D \| C] -- C:\Windows\Minidump [2009/07/03 00:59:46 \| 24,524,1589 \| ---- \| C] () -- C:\Windows\MEMORY.DMP [2009/07/03 00:58:31 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Enigma Software Group [2009/07/02 22:34:15 \| 00,812,344 \| ---- \| C] (Trend Micro Inc.) -- C:\Users\Kev\Desktop\HJTInstall.exe [2009/07/02 22:20:03 \| 03,561,752 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Users\Kev\Desktop\mbam-setup.com.exe [2009/07/02 22:05:00 \| 00,001,625 \| ---- \| C] () -- C:\Users\Kev\Desktop\WinPC Defender.LNK [2009/07/02 21:32:00 \| 00,113,842 \| ---- \| C] () -- C:\Users\Kev\Documents\cc_20090702_213157.reg [2009/07/02 21:26:55 \| 00,001,675 \| ---- \| C] () -- C:\Users\Kev\Desktop\CCleaner.lnk [2009/07/02 21:26:55 \| 00,000,000 \| ---D \| C] -- C:\Program Files\CCleaner [2009/07/02 20:56:42 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\AppData\Roaming\Grisoft [2009/07/02 20:56:28 \| 00,000,994 \| ---- \| C] () -- C:\Users\Public\Desktop\AVG Anti-Spyware.lnk [2009/07/02 20:56:25 \| 00,010,872 \| ---- \| C] (GRISOFT, s.r.o.) -- C:\Windows\System32\drivers\AvgAsCln.sys [2009/07/02 20:56:25 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Grisoft [2009/07/02 20:56:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Grisoft [2009/07/02 19:29:11 \| 00,000,000 \| RHS- \| C] () -- C:\MSDOS.SYS [2009/07/02 19:29:11 \| 00,000,000 \| RHS- \| C] () -- C:\IO.SYS [2009/07/02 19:24:53 \| 00,237,568 \| ---- \| C] () -- C:\Windows\System32\rmc_rtspdl.dll [2009/07/02 19:24:53 \| 00,156,672 \| ---- \| C] (Radioactive) -- C:\Windows\System32\rmc_fixasf.exe [2009/07/02 19:24:52 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\Documents\My Recordings [2009/07/02 19:24:17 \| 00,028,672 \| ---- \| C] () -- C:\Windows\ieocx.dll [2009/07/02 19:22:50 \| 00,323,584 \| ---- \| C] (Stefan Toengi) -- C:\Windows\System32\AUDIOGENIE2.DLL [2009/07/02 19:22:15 \| 00,000,000 \| ---D \| C] -- C:\Windows\Replay Media Catcher [2009/07/02 19:22:15 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Replay Media Catcher [2009/07/02 19:06:07 \| 00,000,000 \| ---D \| C] -- C:\Program Files\WinPcap [2009/07/02 19:01:40 \| 00,000,000 \| ---D \| C] -- C:\Program Files\WMR11 [2009/07/02 18:06:43 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\Desktop\Brilliant Things [2009/07/02 16:53:39 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\AppData\Roaming\Thinstall [2009/07/02 16:53:39 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\AppData\Local\Thinstall [2009/07/01 11:45:56 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\Desktop\2009-06-30 - Barcelona, Spain - Camp Nou [2009/07/01 10:40:14 \| 00,041,906 \| ---- \| C] () -- C:\Users\Kev\Desktop\14988676.jpg [2009/07/01 01:23:47 \| 13,160,6567 \| ---- \| C] () -- C:\Users\Kev\Desktop\Sutton Impact.mp4 [2009/06/30 23:27:16 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\Desktop\iPhone June 09 [2009/06/29 17:36:52 \| 00,000,000 \| ---D \| C] -- C:\Notebook [2009/06/29 17:32:14 \| 00,000,000 \| ---D \| C] -- C:\Drag Me To [bleep] [2009/06/28 22:22:03 \| 00,051,255 \| ---- \| C] () -- C:\Users\Kev\AppData\Local\Failed Copy [2009/06/28 22:04:20 \| 00,001,232 \| ---- \| C] () -- C:\Users\Kev\AppData\Local\iTunesPrefs [2009/06/28 22:04:20 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\AppData\Local\tcbackup [2009/06/26 22:10:36 \| 61,834,061 \| ---- \| C] () -- C:\Users\Kev\Desktop\CBCR3_2009-06-26.mp3 [2009/06/18 02:54:32 \| 00,089,328 \| -H-- \| C] () -- C:\Windows\System32\mlfcache.dat [2009/06/17 21:29:16 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\Desktop\Hours [2009/06/17 19:04:17 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Safari [2009/06/17 19:03:14 \| 00,107,368 \| ---- \| C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2009/06/17 19:03:14 \| 00,023,400 \| ---- \| C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys [2009/06/17 19:02:55 \| 00,000,000 \| ---D \| C] -- C:\Program Files\iPod [2009/06/17 19:02:53 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/06/17 19:01:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Bonjour [2009/06/17 18:59:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\QuickTime [2009/06/17 18:57:10 \| 00,000,000 \| -HSD \| C] -- C:\Config.Msi [2009/06/14 19:26:10 \| 00,428,544 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2009/06/14 19:26:10 \| 00,293,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2009/06/14 19:26:10 \| 00,217,088 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2009/06/14 19:26:09 \| 00,177,664 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2009/06/14 19:26:09 \| 00,080,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2009/06/10 23:44:37 \| 24,811,907 \| ---- \| C] () -- C:\Users\Kev\Desktop\theroad_h.640.mov [2009/06/10 19:46:54 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\Documents\IdealDVD2AVI [2009/06/10 19:46:47 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\AppData\Local\IdealSoftware [2009/06/10 19:46:45 \| 00,000,000 \| ---D \| C] -- C:\Program Files\IdealDVD2AVI [2009/06/10 18:45:04 \| 02,033,152 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2009/06/10 18:45:03 \| 00,636,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll [2009/06/10 18:45:01 \| 00,784,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll [2009/06/10 18:44:57 \| 03,581,952 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/06/10 18:44:55 \| 06,069,248 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll [2009/06/10 18:44:55 \| 01,166,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll [2009/06/10 18:44:54 \| 00,827,904 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll [2009/06/10 18:44:54 \| 00,458,240 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009/06/10 18:44:54 \| 00,389,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009/06/10 18:44:54 \| 00,270,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll [2009/06/10 18:44:53 \| 00,389,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009/06/10 18:44:53 \| 00,230,400 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009/06/10 18:44:53 \| 00,102,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll [2009/06/10 18:44:53 \| 00,078,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2009/06/10 18:44:53 \| 00,026,624 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009/06/10 18:44:52 \| 00,671,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009/06/10 18:44:51 \| 01,383,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009/06/10 18:44:51 \| 00,028,160 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009/06/05 11:42:38 \| 02,060,288 \| ---- \| C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll [2009/06/05 11:42:38 \| 00,039,424 \| ---- \| C] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys [2009/03/20 10:37:06 \| 00,000,118 \| ---- \| C] () -- C:\Windows\System32\MRT.INI [2009/01/31 19:06:11 \| 00,000,079 \| ---- \| C] () -- C:\Windows\AceDVDAudioExtractor.ini [2008/09/19 22:57:34 \| 03,596,288 \| ---- \| C] () -- C:\Windows\System32\qt-dx331.dll [2008/09/19 22:55:10 \| 00,000,416 \| ---- \| C] () -- C:\Windows\System32\dtu100.dll.manifest [2008/09/19 22:55:10 \| 00,000,416 \| ---- \| C] () -- C:\Windows\System32\dpl100.dll.manifest [2008/09/19 22:54:18 \| 00,012,288 \| ---- \| C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008/09/09 00:08:58 \| 00,009,760 \| ---- \| C] () -- C:\Windows\System32\34CoInstaller.dll [2008/09/08 17:19:13 \| 00,001,324 \| ---- \| C] () -- C:\Windows\TVP3XDrv.ini [2008/06/11 09:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008/06/11 09:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008/06/11 09:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008/06/11 09:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008/06/11 09:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008/06/11 09:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008/06/11 09:02:32 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008/06/11 09:02:32 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008/06/11 09:02:32 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008/06/05 08:58:26 \| 00,197,912 \| ---- \| C] () -- C:\Windows\System32\physxcudart_20.dll [2007/01/25 18:31:36 \| 00,053,299 \| ---- \| C] () -- C:\Windows\System32\pthreadVC.dll [2006/11/02 13:35:32 \| 00,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 11:23:31 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 11:23:31 \| 00,000,144 \| ---- \| C] () -- C:\Windows\win.ini [2006/11/02 08:40:29 \| 00,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini ========== Files - Modified Within 30 Days ========== [1 C:\Users\Kev\AppData\Roaming\.tmp files] [2009/07/03 14:18:03 \| 00,690,960 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/07/03 14:18:03 \| 00,599,942 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2009/07/03 14:18:03 \| 00,105,448 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2009/07/03 14:14:32 \| 00,000,521 \| ---- \| M] () -- C:\Users\Kev\Documents\My Sharing Folders.lnk [2009/07/03 14:14:31 \| 00,000,414 \| -H-- \| M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4D33FA7D-F983-42F3-B525-344510B57AA7}.job [2009/07/03 14:13:35 \| 00,001,625 \| ---- \| M] () -- C:\Users\Kev\Desktop\WinPC Defender.LNK [2009/07/03 14:13:12 \| 00,003,664 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/07/03 14:13:12 \| 00,003,664 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/07/03 14:13:11 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/07/03 14:13:03 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/07/03 14:13:00 \| 32,193,16736 \| -HS- \| M] () -- C:\hiberfil.sys [2009/07/03 03:46:59 \| 00,000,012 \| ---- \| M] () -- C:\Windows\bthservsdp.dat [2009/07/03 03:46:55 \| 01,498,281 \| -H-- \| M] () -- C:\Users\Kev\AppData\Local\IconCache.db [2009/07/03 03:14:24 \| 00,130,754 \| ---- \| M] () -- C:\Users\Kev\Desktop\viewerror.jpg [2009/07/03 03:07:00 \| 00,000,270 \| ---- \| M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job [2009/07/03 02:24:56 \| 00,000,823 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/03 02:24:27 \| 03,561,744 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Users\Kev\Desktop\zztoy.exe [2009/07/03 01:02:02 \| 00,000,680 \| ---- \| M] () -- C:\Users\Kev\AppData\Local\d3d9caps.dat [2009/07/03 01:01:03 \| 00,125,952 \| ---- \| M] () -- C:\Users\Kev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/03 01:00:07 \| 24,524,1589 \| ---- \| M] () -- C:\Windows\MEMORY.DMP [2009/07/02 22:34:17 \| 00,812,344 \| ---- \| M] (Trend Micro Inc.) -- C:\Users\Kev\Desktop\HJTInstall.exe [2009/07/02 22:20:06 \| 03,561,752 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Users\Kev\Desktop\mbam-setup.com.exe [2009/07/02 21:32:11 \| 00,113,842 \| ---- \| M] () -- C:\Users\Kev\Documents\cc_20090702_213157.reg [2009/07/02 21:26:55 \| 00,001,675 \| ---- \| M] () -- C:\Users\Kev\Desktop\CCleaner.lnk [2009/07/02 20:56:28 \| 00,000,994 \| ---- \| M] () -- C:\Users\Public\Desktop\AVG Anti-Spyware.lnk [2009/07/02 19:29:11 \| 00,000,000 \| RHS- \| M] () -- C:\MSDOS.SYS [2009/07/02 19:29:11 \| 00,000,000 \| RHS- \| M] () -- C:\IO.SYS [2009/07/02 19:24:53 \| 00,237,568 \| ---- \| M] () -- C:\Windows\System32\rmc_rtspdl.dll [2009/07/02 19:24:53 \| 00,156,672 \| ---- \| M] (Radioactive) -- C:\Windows\System32\rmc_fixasf.exe [2009/07/02 19:24:17 \| 00,028,672 \| ---- \| M] () -- C:\Windows\ieocx.dll [2009/07/02 19:22:50 \| 00,323,584 \| ---- \| M] (Stefan Toengi) -- C:\Windows\System32\AUDIOGENIE2.DLL [2009/07/01 10:40:15 \| 00,041,906 \| ---- \| M] () -- C:\Users\Kev\Desktop\14988676.jpg [2009/07/01 01:47:46 \| 00,000,008 \| -HS- \| M] () -- C:\Users\Kev\AppData\Local\systemCurUses [2009/06/28 22:22:03 \| 00,051,255 \| ---- \| M] () -- C:\Users\Kev\AppData\Local\Failed Copy [2009/06/28 22:04:21 \| 00,001,232 \| ---- \| M] () -- C:\Users\Kev\AppData\Local\iTunesPrefs [2009/06/26 22:11:10 \| 61,834,061 \| ---- \| M] () -- C:\Users\Kev\Desktop\CBCR3_2009-06-26.mp3 [2009/06/18 02:54:32 \| 00,089,328 \| -H-- \| M] () -- C:\Windows\System32\mlfcache.dat [2009/06/17 11:27:56 \| 00,038,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/06/17 11:27:44 \| 00,019,096 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/06/11 03:15:22 \| 00,230,120 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2009/06/10 23:44:39 \| 24,811,907 \| ---- \| M] () -- C:\Users\Kev\Desktop\theroad_h.640.mov [2009/06/05 11:42:38 \| 02,060,288 \| ---- \| M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll [2009/06/05 11:42:38 \| 00,039,424 \| ---- \| M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys < End of report >

Dr. Cox View Member Profile	Jul 3 2009, 07:47 AM Post #4
Member Posts: 26 OS: Vista	The 2nd log: OTL Extras logfile created on: 03/07/2009 14:36:04 - Run 1 OTL by OldTimer - Version 3.0.6.3 Folder = C:\Users\Kev\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory \| 2.00 Gb Available Physical Memory \| 100.00% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 458.92 Gb Total Space \| 352.46 Gb Free Space \| 76.80% Space Free \| Partition Type: NTFS Drive D: \| 465.76 Gb Total Space \| 199.57 Gb Free Space \| 42.85% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KEV-PC Current User Name: Kev Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AntiVirusDisableNotify" = 1 "UpdatesDisableNotify" = 1 "FirewallDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 Reg Error: Unknown registry data type File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = OSCAR Editor "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13 "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery "{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install "{463BCF51-FAB2-4900-B8A1-12EE7E37AE49}" = TouchCopy "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger "{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.20 "{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes "{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare "{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1 "{AFD5ED58-271A-4907-96C2-2745C83BB035}" = NVIDIA PhysX v8.08.18 "{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.20 "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar "{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}" = Microsoft Protection Service "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AVGAntiSpyware75" = AVG Anti-Spyware 7.5 "CCleaner" = CCleaner (remove only) "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "coverXP" = coverXP (remove only) "dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec "dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec "dBpoweramp AAC Encoder" = dBpoweramp AAC Encoder "dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec "dBpoweramp DSP Effects" = dBpoweramp DSP Effects "dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec "dBpoweramp m4a Codec" = dBpoweramp m4a Codec "dBpoweramp m4a Utilities" = dBpoweramp m4a Utilities "dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec "dBpoweramp Mp2 and BwfMp2 codec" = dBpoweramp Mp2 and BwfMp2 codec "dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec "dBpoweramp Musepack Codec" = dBpoweramp Musepack Codec "dBpoweramp Music Converter" = dBpoweramp Music Converter "dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec "dBpoweramp Real Audio (Helix) Encoder" = dBpoweramp Real Audio (Helix) Encoder "dBPoweramp tooLame MP2 codec" = dBPoweramp tooLame MP2 codec "dBpoweramp Wave64 Codec" = dBpoweramp Wave64 Codec "dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec "dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec "Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2008-2009) "DVD Decrypter" = DVD Decrypter (Remove Only) "FairStars Audio Converter_is1" = FairStars Audio Converter 1.76 "Football Manager 2009" = Football Manager 2009 "iArt_is1" = iArt 3 "Ideal DVD to AVI Converter_is1" = Ideal DVD to AVI Converter V2.0.1 "ImgBurn" = ImgBurn "InstallShield_{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = OSCAR Editor "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "Internet Download Manager" = Internet Download Manager "IrfanView" = IrfanView (remove only) "LastFM_is1" = Last.fm 1.5.4.24567 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Media Convert Master_is1" = Media Convert Master 8.1.1.64 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11) "NVIDIA Drivers" = NVIDIA Drivers "ONES(E)" = ONES (E) "Spotify" = Spotify "Stanza" = Stanza "SystemRequirementsLab" = System Requirements Lab "Tag&Rename_is1" = Tag&Rename 3.5 rc 1 "Total Video Converter 3.21_is1" = Total Video Converter 3.21 090220 "TVP3XDrv" = KWorld TV713X BDA Driver "VLC media player" = VLC media player 0.9.8a "Winamp" = Winamp "Windows Live Toolbar" = Windows Live Toolbar "WinPcapInst" = WinPcap 4.0 "WinRAR archiver" = WinRAR archiver "WinSS" = Windows Live OneCare ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = �Torrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 29/06/2009 13:35:04 \| Computer Name = Kev-PC \| Source = WinMgmt \| ID = 10 Description = Error - 29/06/2009 13:36:13 \| Computer Name = Kev-PC \| Source = Application Error \| ID = 1000 Description = Faulting application ONES.exe, version 2.1.0.358, time stamp 0x456cfd2e, faulting module ONES.exe, version 2.1.0.358, time stamp 0x456cfd2e, exception code 0xc0000005, fault offset 0x00048e1d, process id 0xd40, application start time 0x01c9f8e0098e5e77. Error - 30/06/2009 19:00:04 \| Computer Name = Kev-PC \| Source = Application Error \| ID = 1000 Description = Faulting application TAGREN~1.EXE, version 3.5.238.447, time stamp 0x2a425e19, faulting module TAGREN~1.EXE, version 3.5.238.447, time stamp 0x2a425e19, exception code 0xc0000005, fault offset 0x002894d1, process id 0x49a4, application start time 0x01c9f9d59a23cac8. Error - 30/06/2009 19:03:54 \| Computer Name = Kev-PC \| Source = Windows Search Service \| ID = 3013 Description = Error - 30/06/2009 19:03:54 \| Computer Name = Kev-PC \| Source = Windows Search Service \| ID = 3013 Description = Error - 30/06/2009 19:03:54 \| Computer Name = Kev-PC \| Source = Windows Search Service \| ID = 3013 Description = Error - 30/06/2009 21:28:37 \| Computer Name = Kev-PC \| Source = WinMgmt \| ID = 10 Description = Error - 30/06/2009 21:30:11 \| Computer Name = Kev-PC \| Source = Windows Search Service \| ID = 3013 Description = Error - 01/07/2009 17:37:30 \| Computer Name = Kev-PC \| Source = WinMgmt \| ID = 10 Description = Error - 02/07/2009 08:15:42 \| Computer Name = Kev-PC \| Source = WinMgmt \| ID = 10 Description = [ System Events ] Error - 10/06/2009 15:19:04 \| Computer Name = Kev-PC \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 10/06/2009 15:19:53 \| Computer Name = Kev-PC \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 10/06/2009 15:20:15 \| Computer Name = Kev-PC \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 10/06/2009 15:20:19 \| Computer Name = Kev-PC \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 10/06/2009 15:20:23 \| Computer Name = Kev-PC \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 10/06/2009 15:20:26 \| Computer Name = Kev-PC \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 10/06/2009 15:20:30 \| Computer Name = Kev-PC \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 10/06/2009 15:20:31 \| Computer Name = Kev-PC \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 10/06/2009 15:20:34 \| Computer Name = Kev-PC \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 10/06/2009 15:20:35 \| Computer Name = Kev-PC \| Source = cdrom \| ID = 262151 Description = The device, \Device\CdRom0, has a bad block. [ Windows OneCare Events ] Error - 31/10/2008 17:17:16 \| Computer Name = Kev-PC \| Source = WinSS \| ID = 7001 Description = Failed executing wireless security check process. Error Code = 0x80070004. Error - 18/12/2008 15:45:49 \| Computer Name = Kev-PC \| Source = WinSS \| ID = 7001 Description = Failed executing wireless security check process. Error Code = 0x80070004. Error - 01/03/2009 21:37:44 \| Computer Name = Kev-PC \| Source = WinSS \| ID = 1011 Description = Could not update WMI to communicate to WSC. Error - 02/05/2009 07:25:47 \| Computer Name = Kev-PC \| Source = WinSS \| ID = 7001 Description = Failed executing wireless security check process. Error Code = 0x8a190107. Error - 02/07/2009 16:36:18 \| Computer Name = Kev-PC \| Source = WinSS \| ID = 7001 Description = Failed executing wireless security check process. Error Code = 0x80070004. < End of report >

Thunderbird1988 View Member Profile	Jul 3 2009, 08:15 AM Post #5
Trusted Helper Posts: 1,844 From: The Netherlands OS: Windows XP/Vista Dualboot	We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review.

Dr. Cox View Member Profile	Jul 3 2009, 08:38 AM Post #6
Member Posts: 26 OS: Vista	QUOTE (Thunderbird1988 @ Jul 3 2009, 02:15 PM) We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. ComboFix won't run for me. Everytime i try to open it i get the 'combofix.exe has stopped working' error and the only option is to close the program.

Thunderbird1988 View Member Profile	Jul 3 2009, 12:44 PM Post #7
Trusted Helper Posts: 1,844 From: The Netherlands OS: Windows XP/Vista Dualboot	Lets try this way. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 Link 3 -------------------------------------------------------------------- Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system. Thunderbird1988

Dr. Cox View Member Profile	Jul 3 2009, 01:22 PM Post #8
Member Posts: 26 OS: Vista	QUOTE (Thunderbird1988 @ Jul 3 2009, 06:44 PM) Lets try this way. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 Link 3 -------------------------------------------------------------------- Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system. Thunderbird1988 Combo Fix started to run after i renamed it before saving but gave me this error before it could do anything: HiJackThis won't let me install - i double click the installer to open but absolutely nothing happens - as if i didn't click it at all.

Thunderbird1988 View Member Profile	Jul 3 2009, 02:34 PM Post #9
Trusted Helper Posts: 1,844 From: The Netherlands OS: Windows XP/Vista Dualboot	Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "*Configuration and Preferences", click the Preferences* button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen. Back on the main screen, under "*Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose Perform Complete Scan. Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab.* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. Thunderbird1988

Dr. Cox View Member Profile	Jul 3 2009, 06:39 PM Post #10
Member Posts: 26 OS: Vista	QUOTE (Thunderbird1988 @ Jul 3 2009, 08:34 PM) Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "*Configuration and Preferences", click the Preferences* button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen. Back on the main screen, under "*Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose Perform Complete Scan. Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab.* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. Thunderbird1988 Problems with that also now. Try to run it and it gets halfway through then a blue screen flashes up and the computer restarts. Sorry, it seems like i'm being so akward here but nothing seems to be working!

Thunderbird1988 View Member Profile	Jul 4 2009, 01:41 AM Post #11
Trusted Helper Posts: 1,844 From: The Netherlands OS: Windows XP/Vista Dualboot	Hello Dr. Cox, QUOTE Sorry, it seems like i'm being so akward here but nothing seems to be working! You are not awkward, just the viruses on your computer are awkward. Download RootRepeal.zip and unzip it to your Desktop. Double click RootRepeal.exe to start the program Click on the Report tab at the bottom of the program window Click the Scan button In the Select Scan dialog, check: Drivers Files Processes SSDT Stealth Objects Hidden Services Click the OK button In the next dialog, select all drives showing Click OK to start the scan Note: The scan can take some time. DO NOT* run any other programs while the scan is running* When the scan is complete, the Save Report button will become available Click this and save the report to your Desktop as RootRepeal.txt Go to File, then Exit to close the program If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post Thunderbird1988

Dr. Cox View Member Profile	Jul 4 2009, 09:09 AM Post #12
Member Posts: 26 OS: Vista	Report: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Time: 2009/07/04 16:02 Program Version: Version 1.3.0.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x8E9CF000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8E9C4000 Size: 45056 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x9A283000 Size: 49152 File Visible: No Signed: - Status: - Name: UACxvmylbqnbcxkisi.sys Image Path: C:\Windows\system32\drivers\UACxvmylbqnbcxkisi.sys Address: 0x8E801000 Size: 81920 File Visible: - Signed: - Status: Hidden from Windows API! Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\Windows\Prefetch\ROOTREPEAL.EXE-517E342B.pf Status: Visible to the Windows API, but not on disk. Path: C:\Windows\System32\uacinit.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\UACmyeiicusnvwuaet.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\UACpwfxombeippvtpo.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\UACryrerbwqibfktwr.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\UACvugysntfoxrqfpp.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\UACvvpeufduseqmsov.dat Status: Invisible to the Windows API! Path: C:\Windows\Temp\UAC2358.tmp Status: Invisible to the Windows API! Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\System32\drivers\UACxvmylbqnbcxkisi.sys Status: Invisible to the Windows API! Path: C:\Windows\System32\wbem\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_none_2be9bd5af4bd3b16\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.16720_none_a54ef540d05f91fc\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.20883_none_8e870be4ea01d6ef\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.18111_none_a529d9f6d0b19e9d\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.22230_none_8e5e4a92ea5717b0\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b 887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.16720_none_38b929534b68462d\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.20883_none_21f13ff7650a8b20\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.18111_none_38940e094bba52ce\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.22230_none_21c87ea5655fcbe1\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_48d018cce81ec9cb\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_48d018cce81ec9cb\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_32082f7101c10ebe\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_32082f7101c10ebe\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_48aafd82e870d66c\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_48aafd82e870d66c\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_31df6e1f02164f7f\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_31df6e1f02164f7f\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_b898612ecd927be5\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_a1d077d2e734c0d8\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_b87345e4cde48886\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_a1a7b680e78a0199\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.16720_none_0bca521ee450d037\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.20883_none_0c16103ffd9c63ac\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.18111_none_0dbc60fae16e5e8e\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.22230_none_0e2f5da3fa9d1ce3\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_6d8c18ba50aebc1f\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_56c42f5e6a510112\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_6d66fd705100c8c0\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_569b6e0c6aa641d3\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.18111_none_9b0ca09d90c9622c\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.22230_none_84411139aa6edb3f\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Users\Kev\AppData\Local\Temp\UAC6e43.tmp Status: Invisible to the Windows API! Path: C:\Users\Kev\AppData\Roaming\Sports Interactive\Installer Launcher Status: Locked to the Windows API! Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PRESEN~1.CON Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Status: Locked to the Windows API! Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.230.gthr Status: Allocation size mismatch (API: 163840, Raw: 135168) Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1312 Status: Locked to the Windows API! Stealth Objects ------------------- Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: wininit.exe (PID: 532) Address: 0x00300000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: wininit.exe (PID: 532) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: services.exe (PID: 580) Address: 0x01850000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: services.exe (PID: 580) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: lsass.exe (PID: 592) Address: 0x00ae0000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: lsass.exe (PID: 592) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: lsm.exe (PID: 604) Address: 0x00970000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: lsm.exe (PID: 604) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: winlogon.exe (PID: 704) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: winlogon.exe (PID: 704) Address: 0x008e0000 Size: 49152 Object: Hidden Module [Name: UAC2358.tmpombeippvtpo.dll] Process: svchost.exe (PID: 792) Address: 0x10000000 Size: 196608 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: svchost.exe (PID: 792) Address: 0x00220000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: svchost.exe (PID: 792) Address: 0x00950000 Size: 49152 Object: Hidden Module [Name: UACryrerbwqibfktwr.dll] Process: svchost.exe (PID: 792) Address: 0x00d90000 Size: 73728 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: svchost.exe (PID: 792) Address: 0x01cf0000 Size: 45056 Object: Hidden Module [Name: UACpwfxombeippvtpo.dll] Process: svchost.exe (PID: 792) Address: 0x01d90000 Size: 196608 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: svchost.exe (PID: 792) Address: 0x02110000 Size: 49152 Object: Hidden Module [Name: UAC2358.tmpombeippvtpo.dll] Process: svchost.exe (PID: 872) Address: 0x10000000 Size: 196608 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: svchost.exe (PID: 872) Address: 0x008c0000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: svchost.exe (PID: 872) Address: 0x00d20000 Size: 49152 Object: Hidden Module [Name: UAC2358.tmpombeippvtpo.dll] Process: svchost.exe (PID: 1008) Address: 0x10000000 Size: 196608 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: svchost.exe (PID: 1008) Address: 0x001c0000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: svchost.exe (PID: 1008) Address: 0x00950000 Size: 49152 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: nvvsvc.exe (PID: 1024) Address: 0x00dd0000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: nvvsvc.exe (PID: 1024) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: MsMpEng.exe (PID: 1060) Address: 0x00ac0000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: MsMpEng.exe (PID: 1060) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UAC2358.tmpombeippvtpo.dll] Process: svchost.exe (PID: 1140) Address: 0x10000000 Size: 196608 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: svchost.exe (PID: 1140) Address: 0x00340000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: svchost.exe (PID: 1140) Address: 0x00ce0000 Size: 49152 Object: Hidden Module [Name: RacAgent.exe] Process: svchost.exe (PID: 1140) Address: 0x01080000 Size: 28672 Object: Hidden Module [Name: WinMgmtR.dll] Process: svchost.exe (PID: 1140) Address: 0x01960000 Size: 8192 Object: Hidden Module [Name: winlogon.exe] Process: svchost.exe (PID: 1140) Address: 0x02cf0000 Size: 323584 Object: Hidden Module [Name: winlogon.exe] Process: svchost.exe (PID: 1140) Address: 0x02dd0000 Size: 323584 Object: Hidden Module [Name: WinMgmtR.dll] Process: svchost.exe (PID: 1140) Address: 0x6f970000 Size: 8192 Object: Hidden Module [Name: adtschema.dll] Process: svchost.exe (PID: 1140) Address: 0x69a10000 Size: 606208 Object: Hidden Module [Name: ci.dll] Process: svchost.exe (PID: 1140) Address: 0x32f10000 Size: 913408 Object: Hidden Module [Name: tquery.dll] Process: svchost.exe (PID: 1140) Address: 0x6fbe0000 Size: 1589248 Object: Hidden Module [Name: profsvc.dll] Process: svchost.exe (PID: 1140) Address: 0x739c0000 Size: 163840 Object: Hidden Module [Name: schedsvc.dll] Process: svchost.exe (PID: 1140) Address: 0x744b0000 Size: 606208 Object: Hidden Module [Name: wevtapi.dll] Process: svchost.exe (PID: 1140) Address: 0x754f0000 Size: 258048 Object: Hidden Module [Name: UAC2358.tmpombeippvtpo.dll] Process: svchost.exe (PID: 1184) Address: 0x10000000 Size: 196608 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: svchost.exe (PID: 1184) Address: 0x008c0000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: svchost.exe (PID: 1184) Address: 0x00ce0000 Size: 49152 Object: Hidden Module [Name: UAC2358.tmpombeippvtpo.dll] Process: svchost.exe (PID: 1220) Address: 0x10000000 Size: 196608 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: svchost.exe (PID: 1220) Address: 0x00330000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: svchost.exe (PID: 1220) Address: 0x00950000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: SLsvc.exe (PID: 1392) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: SLsvc.exe (PID: 1392) Address: 0x00be0000 Size: 49152 Object: Hidden Module [Name: UAC2358.tmpombeippvtpo.dll] Process: svchost.exe (PID: 1460) Address: 0x10000000 Size: 196608 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: svchost.exe (PID: 1460) Address: 0x00260000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: svchost.exe (PID: 1460) Address: 0x00ce0000 Size: 49152 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: rundll32.exe (PID: 1492) Address: 0x00900000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: rundll32.exe (PID: 1492) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: spoolsv.exe (PID: 1844) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: spoolsv.exe (PID: 1844) Address: 0x008b0000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: svchost.exe (PID: 1884) Address: 0x002c0000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: svchost.exe (PID: 1884) Address: 0x00ce0000 Size: 49152 Object: Hidden Module [Name: UAC2358.tmpombeippvtpo.dll] Process: svchost.exe (PID: 1884) Address: 0x10000000 Size: 196608 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: taskeng.exe (PID: 960) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: taskeng.exe (PID: 960) Address: 0x00550000 Size: 49152 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: Dwm.exe (PID: 1112) Address: 0x01ff0000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: Dwm.exe (PID: 1112) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: Explorer.EXE (PID: 1604) Address: 0x00900000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: Explorer.EXE (PID: 1604) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: taskeng.exe (PID: 2064) Address: 0x009b0000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: taskeng.exe (PID: 2064) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: RtHDVCpl.exe (PID: 2100) Address: 0x00b20000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: RtHDVCpl.exe (PID: 2100) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: winssnotify.exe (PID: 2124) Address: 0x007a0000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: winssnotify.exe (PID: 2124) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: rundll32.exe (PID: 2196) Address: 0x00a00000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: rundll32.exe (PID: 2196) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: jusched.exe (PID: 2224) Address: 0x015c0000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: jusched.exe (PID: 2224) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: iTunesHelper.exe (PID: 2260) Address: 0x00a10000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: iTunesHelper.exe (PID: 2260) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: AppleMobileDeviceService.exe (PID: 2272) Address: 0x00a30000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: AppleMobileDeviceService.exe (PID: 2272) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: guard.exe (PID: 2296) Address: 0x00940000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: guard.exe (PID: 2296) Address: 0x00fa0000 Size: 49152 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: mDNSResponder.exe (PID: 2332) Address: 0x00af0000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: mDNSResponder.exe (PID: 2332) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: avgas.exe (PID: 2340) Address: 0x003c0000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: avgas.exe (PID: 2340) Address: 0x020c0000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: svchost.exe (PID: 2360) Address: 0x001e0000 Size: 45056 Object: Hidden Module [Name: UAC2358.tmpombeippvtpo.dll] Process: svchost.exe (PID: 2360) Address: 0x10000000 Size: 196608 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: svchost.exe (PID: 2360) Address: 0x00950000 Size: 49152 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: sidebar.exe (PID: 2368) Address: 0x01af0000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: sidebar.exe (PID: 2368) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: IDMan.exe (PID: 2428) Address: 0x01d10000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: IDMan.exe (PID: 2428) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: OcHealthMon.exe (PID: 2452) Address: 0x01070000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: OcHealthMon.exe (PID: 2452) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: msnmsgr.exe (PID: 2616) Address: 0x02000000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: msnmsgr.exe (PID: 2616) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UAC2358.tmpombeippvtpo.dll] Process: svchost.exe (PID: 2628) Address: 0x10000000 Size: 196608 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: svchost.exe (PID: 2628) Address: 0x002b0000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: svchost.exe (PID: 2628) Address: 0x00950000 Size: 49152 Object: Hidden Module [Name: UAC2358.tmpombeippvtpo.dll] Process: svchost.exe (PID: 2688) Address: 0x10000000 Size: 196608 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: svchost.exe (PID: 2688) Address: 0x00330000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: svchost.exe (PID: 2688) Address: 0x00950000 Size: 49152 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: ehtray.exe (PID: 2720) Address: 0x01880000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: ehtray.exe (PID: 2720) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UAC2358.tmpombeippvtpo.dll] Process: svchost.exe (PID: 2744) Address: 0x10000000 Size: 196608 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: svchost.exe (PID: 2744) Address: 0x001c0000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: svchost.exe (PID: 2744) Address: 0x00950000 Size: 49152 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: SearchIndexer.exe (PID: 2840) Address: 0x00ec0000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: SearchIndexer.exe (PID: 2840) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: wmpnscfg.exe (PID: 2900) Address: 0x00540000 Size: 49152 Object: Hidden Module [Name: UACvugysntfoxrqfpp.dll] Process: wmpnscfg.exe (PID: 2900) Address: 0x10000000 Size: 45056 Object: Hidden Module [Name: UACmyeiicusnvwuaet.dll] Process: msfwsvc.exe (PID: 2932) Address: 0x009f0000Hidden Services ------------------- Service Name: UACd.sys Image Path: C:\Windows\system32\drivers\UACxvmylbqnbcxkisi.sys ==EOF==

Thunderbird1988 View Member Profile	Jul 4 2009, 10:09 AM Post #13
Trusted Helper Posts: 1,844 From: The Netherlands OS: Windows XP/Vista Dualboot	hello Dr. Cox, 1. Please download The Avenger by Swandog46 to your Desktop. Right click on the Avenger.zip folder and select "Extract All..." Follow the prompts and extract the avenger folder to your desktop 2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C): CODE Begin copying here: Drivers to delete: UACd.sys Files to delete: C:\Windows\system32\drivers\UACxvmylbqnbcxkisi.sys C:\Windows\System32\uacinit.dll C:\Windows\System32\UACmyeiicusnvwuaet.dll C:\Windows\System32\UACpwfxombeippvtpo.dll C:\Windows\System32\UACryrerbwqibfktwr.dll C:\Windows\System32\UACvugysntfoxrqfpp.dll C:\Windows\System32\UACvvpeufduseqmsov.dat C:\Windows\Temp\UAC2358.tmp Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. 3. Now, open the avenger folder and start The Avenger program by clicking on its icon. Right click on the window under Input script here:, and select Paste. You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard. Click on Execute Answer "Yes" twice when prompted. 4. The Avenger will automatically do the following: It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.) After the restart, it creates a log file that should open with the results of Avenger�s actions. This log file will be located at C:\avenger.txt The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip. After that, please try if MBAM works, and post a new log of OTL. Thunderbird1988

Dr. Cox View Member Profile	Jul 4 2009, 10:58 AM Post #14
Member Posts: 26 OS: Vista	Used the Avenger but i don't think everything worked - the log from avenger is below a bit. Anti-Malware still had the same problem failing to run. New log from OTL is below the Avenger one. Avenger log: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! Driver "UACd.sys" deleted successfully. Error: could not open file "C:\Windows\system32\drivers\UACxvmylbqnbcxkisi.sys" Deletion of file "C:\Windows\system32\drivers\UACxvmylbqnbcxkisi.sys" failed! Status: 0xc0000043 (STATUS_SHARING_VIOLATION) Error: could not delete file "C:\Windows\System32\uacinit.dll" Deletion of file "C:\Windows\System32\uacinit.dll" failed! Status: 0xc0000156 Error: could not delete file "C:\Windows\System32\UACmyeiicusnvwuaet.dll" Deletion of file "C:\Windows\System32\UACmyeiicusnvwuaet.dll" failed! Status: 0xc0000156 Error: could not delete file "C:\Windows\System32\UACpwfxombeippvtpo.dll" Deletion of file "C:\Windows\System32\UACpwfxombeippvtpo.dll" failed! Status: 0xc0000156 Error: could not open file "C:\Windows\System32\UACryrerbwqibfktwr.dll" Deletion of file "C:\Windows\System32\UACryrerbwqibfktwr.dll" failed! Status: 0xc0000043 (STATUS_SHARING_VIOLATION) Error: could not delete file "C:\Windows\System32\UACvugysntfoxrqfpp.dll" Deletion of file "C:\Windows\System32\UACvugysntfoxrqfpp.dll" failed! Status: 0xc0000156 Error: could not delete file "C:\Windows\System32\UACvvpeufduseqmsov.dat" Deletion of file "C:\Windows\System32\UACvvpeufduseqmsov.dat" failed! Status: 0xc0000156 Error: file "C:\Windows\Temp\UAC2358.tmp" not found! Deletion of file "C:\Windows\Temp\UAC2358.tmp" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ***************** Finished! Terminate. OTL Log: OTL logfile created on: 04/07/2009 17:55:39 - Run 2 OTL by OldTimer - Version 3.0.6.4 Folder = C:\Users\Kev\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory \| 1.77 Gb Available Physical Memory \| 88.69% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 458.92 Gb Total Space \| 352.17 Gb Free Space \| 76.74% Space Free \| Partition Type: NTFS Drive D: \| 465.76 Gb Total Space \| 179.46 Gb Free Space \| 38.53% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KEV-PC Current User Name: Kev Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) PRC - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation) PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation) PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation) PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.) PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.) PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) PRC - C:\Users\Kev\Downloads\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AVG Anti-Spyware Guard [Auto \| Running]) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.) SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ehRecvr [On_Demand \| Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [On_Demand \| Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (ehstart [Auto \| Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (Eventlog [Auto \| Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc [Unknown \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand \| Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Irmon [Auto \| Running]) -- C:\Windows\System32\irmon.dll (Microsoft Corporation) SRV - (msfwsvc [Auto \| Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (nvsvc [Auto \| Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) SRV - (OcHealthMon [Auto \| Running]) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation) SRV - (OneCareMP [Auto \| Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation) SRV - (RichVideo [Auto \| Stopped]) -- File not found SRV - (rpcapd [On_Demand \| Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (usnjsvc [On_Demand \| Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (WinDefend [Auto \| Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (winss [Auto \| Running]) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation) SRV - (WLSetupSvc [On_Demand \| Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand \| Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (3xHybrid [On_Demand \| Stopped]) -- C:\Windows\System32\DRIVERS\3xHybrid.sys (NXP Semiconductors Germany GmbH) DRV - (adp94xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (adpahci [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (adpu320 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (aic78xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (aliide [Disabled \| Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (arc [Disabled \| Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (arcsas [Disabled \| Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (AVG Anti-Spyware Driver [System \| Running]) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys () DRV - (AvgAsCln [System \| Running]) -- C:\Windows\System32\DRIVERS\AvgAsCln.sys (GRISOFT, s.r.o.) DRV - (BrFiltLo [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (Brserid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrSerWdm [Disabled \| Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm [Disabled \| Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (cmdide [Disabled \| Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (E1G60 [On_Demand \| Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation) DRV - (elxstor [Disabled \| Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (HpCISSs [Disabled \| Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (iaStorV [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (iirsp [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (IntcAzAudAddService [On_Demand \| Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (irsir [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\irsir.sys (Microsoft Corporation) DRV - (iteatapi [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (iteraid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (LSI_FC [Disabled \| Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (LSI_SAS [Disabled \| Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (LSI_SCSI [Disabled \| Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (megasas [Disabled \| Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR [Disabled \| Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (MpFilter [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\MpFilter.sys (Microsoft Corporation) DRV - (Mraid35x [Disabled \| Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (MSFWDrv [Auto \| Running]) -- C:\Windows\System32\DRIVERS\msfwdrv.sys (Microsoft Corporation) DRV - (MSFWHLPR [System \| Running]) -- C:\Windows\System32\DRIVERS\msfwhlpr.sys (Microsoft Corporation) DRV - (nfrd960 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (NPF [On_Demand \| Stopped]) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (ntrigdigi [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (nvlddmkm [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvraid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor [Disabled \| Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (pcouffin [On_Demand \| Running]) -- C:\Windows\System32\Drivers\pcouffin.sys (VSO Software) DRV - (pjfav [Unknown \| Running]) -- Service key not found. File not found DRV - (PxHelp20 [Boot \| Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (PzWDM [Boot \| Running]) -- C:\Windows\system32\Drivers\PzWDM.sys (Prassi Technology) DRV - (ql2300 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (ql40xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (RTL8169 [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation ) DRV - (secdrv [Auto \| Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SiSRaid4 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (Symc8xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_hi [Disabled \| Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Sym_u3 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (uliahci [Disabled \| Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (UlSata [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (ulsata2 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (USBAAPL [On_Demand \| Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.) DRV - (UsbFltr [On_Demand \| Running]) -- C:\Windows\System32\Drivers\UsbFltr.sys (Waytech Development, Inc.) DRV - (viaide [Disabled \| Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (vsmraid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} [Auto \| Running]) -- C:\Program Files\CyberLink\PowerDVD8\000.fcl (Cyberlink Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.co.uk" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.2 FF - prefs.js..extensions.enabledItems: FindInTabs@mishac.com:0.4.0.3 FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:5.8 FF - prefs.js..extensions.enabledItems: {10187899-7ffe-4f9a-b9d2-35fdb3b49690}:0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.5 FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.11 FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.2.6 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.0.8 FF - prefs.js..extensions.enabledItems: thumbnailexpander@extensions.danwendorf.com:1.0 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/03/06 03:06:19 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/22 19:55:07 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/17 19:00:28 \| 00,000,000 \| ---D \| M] [2008/10/31 16:57:44 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Extensions [2008/10/31 16:57:44 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/07/04 16:37:59 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions [2009/06/01 00:02:47 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2008/11/11 23:15:47 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{10187899-7ffe-4f9a-b9d2-35fdb3b49690} [2009/03/25 02:44:55 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2008/10/31 17:02:50 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A} [2009/04/30 12:23:44 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84} [2009/06/13 19:35:38 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2009/04/04 10:54:44 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}(18) [2009/07/01 02:29:40 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009/04/17 14:46:56 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/05/05 12:39:52 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\FindInTabs@mishac.com [2009/05/04 02:46:43 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\foxmarks@kei.com [2009/02/19 12:27:14 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\thumbnailexpander@extensions.danwendorf.com [2009/02/19 12:27:14 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\thumbnailexpander@extensions.danwendorf.com [2009/02/19 12:27:14 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\thumbnailexpander@extensions.danwendorf.com\chrome [2009/02/19 12:27:14 \| 00,000,000 \| ---D \| M] -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\1jl9dx14.default\extensions\thumbnailexpander@extensions.danwendorf.com\defaults [2008/12/01 21:31:06 \| 00,006,010 \| ---- \| M] () -- C:\Users\Kev\AppData\Roaming\Mozilla\FireFox\Profiles\1jl9dx14.default\searchplugins\allmusic.xml [2008/11/13 22:27:24 \| 00,001,922 \| ---- \| M] () -- C:\Users\Kev\AppData\Roaming\Mozilla\FireFox\Profiles\1jl9dx14.default\searchplugins\hmv-search.xml [2008/10/31 23:48:24 \| 00,001,504 \| ---- \| M] () -- C:\Users\Kev\AppData\Roaming\Mozilla\FireFox\Profiles\1jl9dx14.default\searchplugins\imdb.xml [2008/11/05 01:01:57 \| 00,001,826 \| ---- \| M] () -- C:\Users\Kev\AppData\Roaming\Mozilla\FireFox\Profiles\1jl9dx14.default\searchplugins\lyricwiki-english.xml [2009/06/29 02:23:30 \| 00,002,431 \| ---- \| M] () -- C:\Users\Kev\AppData\Roaming\Mozilla\FireFox\Profiles\1jl9dx14.default\searchplugins\youtube.xml [2009/07/04 16:37:59 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/06/13 15:06:49 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/05 15:22:31 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/03/27 15:18:07 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/06/13 15:06:47 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/06/13 15:06:47 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/04/10 18:21:08 \| 00,163,256 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2009/03/09 06:19:09 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/06/13 15:06:48 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009/02/27 12:13:42 \| 00,103,792 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/06/17 19:00:27 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008/01/04 16:36:50 \| 00,001,538 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2006/07/05 19:47:38 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2008/01/04 16:36:50 \| 00,000,947 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2008/03/08 10:35:22 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2008/11/15 05:12:26 \| 00,000,759 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2008/08/17 19:51:12 \| 00,004,849 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\F365.xml [2008/04/16 05:08:20 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008/03/28 19:11:14 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2008/01/04 16:36:50 \| 00,000,831 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (WinInet Class) - {39fc2065-c9c7-49cd-8942-44cc2dedc844} - C:\Windows\ieocx.dll () O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation) O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [sysav] C:\Users\Kev\AppData\Roaming\pcdefender.exe (Antivirus Software) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm () O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm () O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 \| 00,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found ========== Files/Folders - Created Within 30 Days ========== [1 C:\Users\Kev\AppData\Roaming\.tmp files] [2009/07/04 17:33:16 \| 00,000,000 \| ---D \| C] -- C:\Avenger [2009/07/04 16:30:34 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\Desktop\2009-07-02 - Barcelona [2009/07/04 01:32:52 \| 00,001,625 \| ---- \| C] () -- C:\Users\Kev\Desktop\WinPC Defender.LNK [2009/07/04 01:25:49 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\AppData\Roaming\SUPERAntiSpyware.com [2009/07/04 01:25:49 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2009/07/03 20:15:41 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/07/03 03:46:55 \| 01,697,975 \| -H-- \| C] () -- C:\Users\Kev\AppData\Local\IconCache.db [2009/07/03 02:24:56 \| 00,000,823 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/03 02:24:53 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/07/03 02:24:51 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/07/03 02:24:51 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/07/03 02:24:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/07/03 01:05:14 \| 32,172,35968 \| -HS- \| C] () -- C:\hiberfil.sys [2009/07/03 01:01:16 \| 00,000,680 \| ---- \| C] () -- C:\Users\Kev\AppData\Local\d3d9caps.dat [2009/07/03 01:00:07 \| 00,000,000 \| ---D \| C] -- C:\Windows\Minidump [2009/07/03 00:59:46 \| 20,709,1445 \| ---- \| C] () -- C:\Windows\MEMORY.DMP [2009/07/03 00:58:31 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Enigma Software Group [2009/07/02 22:34:15 \| 00,812,344 \| ---- \| C] (Trend Micro Inc.) -- C:\Users\Kev\Desktop\HJTInstall.exe [2009/07/02 22:20:03 \| 03,561,752 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Users\Kev\Desktop\mbam-setup.com.exe [2009/07/02 21:32:00 \| 00,113,842 \| ---- \| C] () -- C:\Users\Kev\Documents\cc_20090702_213157.reg [2009/07/02 21:26:55 \| 00,000,000 \| ---D \| C] -- C:\Program Files\CCleaner [2009/07/02 20:56:42 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\AppData\Roaming\Grisoft [2009/07/02 20:56:25 \| 00,010,872 \| ---- \| C] (GRISOFT, s.r.o.) -- C:\Windows\System32\drivers\AvgAsCln.sys [2009/07/02 20:56:25 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Grisoft [2009/07/02 20:56:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Grisoft [2009/07/02 19:29:11 \| 00,000,000 \| RHS- \| C] () -- C:\MSDOS.SYS [2009/07/02 19:29:11 \| 00,000,000 \| RHS- \| C] () -- C:\IO.SYS [2009/07/02 19:24:53 \| 00,237,568 \| ---- \| C] () -- C:\Windows\System32\rmc_rtspdl.dll [2009/07/02 19:24:53 \| 00,156,672 \| ---- \| C] (Radioactive) -- C:\Windows\System32\rmc_fixasf.exe [2009/07/02 19:24:52 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\Documents\My Recordings [2009/07/02 19:24:17 \| 00,028,672 \| ---- \| C] () -- C:\Windows\ieocx.dll [2009/07/02 19:22:50 \| 00,323,584 \| ---- \| C] (Stefan Toengi) -- C:\Windows\System32\AUDIOGENIE2.DLL [2009/07/02 19:22:15 \| 00,000,000 \| ---D \| C] -- C:\Windows\Replay Media Catcher [2009/07/02 19:22:15 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Replay Media Catcher [2009/07/02 19:06:07 \| 00,000,000 \| ---D \| C] -- C:\Program Files\WinPcap [2009/07/02 19:01:40 \| 00,000,000 \| ---D \| C] -- C:\Program Files\WMR11 [2009/07/02 18:06:43 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\Desktop\Brilliant Things [2009/07/02 16:53:39 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\AppData\Roaming\Thinstall [2009/07/02 16:53:39 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\AppData\Local\Thinstall [2009/07/01 11:45:56 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\Desktop\2009-06-30 - Barcelona, Spain - Camp Nou [2009/07/01 10:40:14 \| 00,041,906 \| ---- \| C] () -- C:\Users\Kev\Desktop\14988676.jpg [2009/07/01 01:23:47 \| 13,160,6567 \| ---- \| C] () -- C:\Users\Kev\Desktop\Sutton Impact.mp4 [2009/06/30 23:27:16 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\Desktop\iPhone June 09 [2009/06/29 17:36:52 \| 00,000,000 \| ---D \| C] -- C:\Notebook [2009/06/29 17:32:14 \| 00,000,000 \| ---D \| C] -- C:\Drag Me To [bleep] [2009/06/28 22:22:03 \| 00,051,255 \| ---- \| C] () -- C:\Users\Kev\AppData\Local\Failed Copy [2009/06/28 22:04:20 \| 00,001,232 \| ---- \| C] () -- C:\Users\Kev\AppData\Local\iTunesPrefs [2009/06/28 22:04:20 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\AppData\Local\tcbackup [2009/06/26 22:10:36 \| 61,834,061 \| ---- \| C] () -- C:\Users\Kev\Desktop\CBCR3_2009-06-26.mp3 [2009/06/18 02:54:32 \| 00,089,328 \| -H-- \| C] () -- C:\Windows\System32\mlfcache.dat [2009/06/17 21:29:16 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\Desktop\Hours [2009/06/17 19:04:17 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Safari [2009/06/17 19:03:14 \| 00,107,368 \| ---- \| C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2009/06/17 19:03:14 \| 00,023,400 \| ---- \| C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys [2009/06/17 19:02:55 \| 00,000,000 \| ---D \| C] -- C:\Program Files\iPod [2009/06/17 19:02:53 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/06/17 19:01:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Bonjour [2009/06/17 18:59:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\QuickTime [2009/06/17 18:57:10 \| 00,000,000 \| -HSD \| C] -- C:\Config.Msi [2009/06/14 19:26:10 \| 00,428,544 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2009/06/14 19:26:10 \| 00,293,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2009/06/14 19:26:10 \| 00,217,088 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2009/06/14 19:26:09 \| 00,177,664 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2009/06/14 19:26:09 \| 00,080,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2009/06/10 23:44:37 \| 24,811,907 \| ---- \| C] () -- C:\Users\Kev\Desktop\theroad_h.640.mov [2009/06/10 19:46:54 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\Documents\IdealDVD2AVI [2009/06/10 19:46:47 \| 00,000,000 \| ---D \| C] -- C:\Users\Kev\AppData\Local\IdealSoftware [2009/06/10 19:46:45 \| 00,000,000 \| ---D \| C] -- C:\Program Files\IdealDVD2AVI [2009/06/10 18:45:04 \| 02,033,152 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2009/06/10 18:45:03 \| 00,636,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll [2009/06/10 18:45:01 \| 00,784,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll [2009/06/10 18:44:57 \| 03,581,952 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/06/10 18:44:55 \| 06,069,248 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll [2009/06/10 18:44:55 \| 01,166,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll [2009/06/10 18:44:54 \| 00,827,904 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll [2009/06/10 18:44:54 \| 00,458,240 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009/06/10 18:44:54 \| 00,389,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009/06/10 18:44:54 \| 00,270,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll [2009/06/10 18:44:53 \| 00,389,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009/06/10 18:44:53 \| 00,230,400 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009/06/10 18:44:53 \| 00,102,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll [2009/06/10 18:44:53 \| 00,078,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2009/06/10 18:44:53 \| 00,026,624 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009/06/10 18:44:52 \| 00,671,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009/06/10 18:44:51 \| 01,383,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009/06/10 18:44:51 \| 00,028,160 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009/06/05 11:42:38 \| 02,060,288 \| ---- \| C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll [2009/06/05 11:42:38 \| 00,039,424 \| ---- \| C] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys [2009/03/20 10:37:06 \| 00,000,118 \| ---- \| C] () -- C:\Windows\System32\MRT.INI [2009/01/31 19:06:11 \| 00,000,079 \| ---- \| C] () -- C:\Windows\AceDVDAudioExtractor.ini [2008/09/19 22:57:34 \| 03,596,288 \| ---- \| C] () -- C:\Windows\System32\qt-dx331.dll [2008/09/19 22:55:10 \| 00,000,416 \| ---- \| C] () -- C:\Windows\System32\dtu100.dll.manifest [2008/09/19 22:55:10 \| 00,000,416 \| ---- \| C] () -- C:\Windows\System32\dpl100.dll.manifest [2008/09/19 22:54:18 \| 00,012,288 \| ---- \| C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008/09/09 00:08:58 \| 00,009,760 \| ---- \| C] () -- C:\Windows\System32\34CoInstaller.dll [2008/09/08 17:19:13 \| 00,001,324 \| ---- \| C] () -- C:\Windows\TVP3XDrv.ini [2008/06/11 09:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008/06/11 09:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008/06/11 09:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008/06/11 09:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008/06/11 09:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008/06/11 09:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008/06/11 09:02:32 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008/06/11 09:02:32 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008/06/11 09:02:32 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008/06/05 08:58:26 \| 00,197,912 \| ---- \| C] () -- C:\Windows\System32\physxcudart_20.dll [2007/01/25 18:31:36 \| 00,053,299 \| ---- \| C] () -- C:\Windows\System32\pthreadVC.dll [2006/11/02 13:35:32 \| 00,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 11:23:31 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 11:23:31 \| 00,000,144 \| ---- \| C] () -- C:\Windows\win.ini [2006/11/02 08:40:29 \| 00,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini ========== Files - Modified Within 30 Days ========== [1 C:\Users\Kev\AppData\Roaming\.tmp files] [2009/07/04 17:44:21 \| 00,000,521 \| ---- \| M] () -- C:\Users\Kev\Documents\My Sharing Folders.lnk [2009/07/04 17:43:43 \| 00,001,625 \| ---- \| M] () -- C:\Users\Kev\Desktop\WinPC Defender.LNK [2009/07/04 17:37:38 \| 00,690,960 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/07/04 17:37:38 \| 00,599,942 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2009/07/04 17:37:38 \| 00,105,448 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2009/07/04 17:33:19 \| 00,003,664 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/07/04 17:33:19 \| 00,003,664 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/07/04 17:33:17 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/07/04 17:33:12 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/07/04 17:33:08 \| 32,172,35968 \| -HS- \| M] () -- C:\hiberfil.sys [2009/07/04 17:29:42 \| 00,000,012 \| ---- \| M] () -- C:\Windows\bthservsdp.dat [2009/07/04 17:29:38 \| 01,697,975 \| -H-- \| M] () -- C:\Users\Kev\AppData\Local\IconCache.db [2009/07/04 17:07:00 \| 00,000,270 \| ---- \| M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job [2009/07/04 16:37:49 \| 00,134,144 \| ---- \| M] () -- C:\Users\Kev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/04 14:50:24 \| 00,000,414 \| -H-- \| M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4D33FA7D-F983-42F3-B525-344510B57AA7}.job [2009/07/04 01:27:24 \| 20,709,1445 \| ---- \| M] () -- C:\Windows\MEMORY.DMP [2009/07/03 02:24:56 \| 00,000,823 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/03 01:02:02 \| 00,000,680 \| ---- \| M] () -- C:\Users\Kev\AppData\Local\d3d9caps.dat [2009/07/02 22:34:17 \| 00,812,344 \| ---- \| M] (Trend Micro Inc.) -- C:\Users\Kev\Desktop\HJTInstall.exe [2009/07/02 22:20:06 \| 03,561,752 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Users\Kev\Desktop\mbam-setup.com.exe [2009/07/02 21:32:11 \| 00,113,842 \| ---- \| M] () -- C:\Users\Kev\Documents\cc_20090702_213157.reg [2009/07/02 19:29:11 \| 00,000,000 \| RHS- \| M] () -- C:\MSDOS.SYS [2009/07/02 19:29:11 \| 00,000,000 \| RHS- \| M] () -- C:\IO.SYS [2009/07/02 19:24:53 \| 00,237,568 \| ---- \| M] () -- C:\Windows\System32\rmc_rtspdl.dll [2009/07/02 19:24:53 \| 00,156,672 \| ---- \| M] (Radioactive) -- C:\Windows\System32\rmc_fixasf.exe [2009/07/02 19:24:17 \| 00,028,672 \| ---- \| M] () -- C:\Windows\ieocx.dll [2009/07/02 19:22:50 \| 00,323,584 \| ---- \| M] (Stefan Toengi) -- C:\Windows\System32\AUDIOGENIE2.DLL [2009/07/01 10:40:15 \| 00,041,906 \| ---- \| M] () -- C:\Users\Kev\Desktop\14988676.jpg [2009/07/01 01:47:46 \| 00,000,008 \| -HS- \| M] () -- C:\Users\Kev\AppData\Local\systemCurUses [2009/06/28 22:22:03 \| 00,051,255 \| ---- \| M] () -- C:\Users\Kev\AppData\Local\Failed Copy [2009/06/28 22:04:21 \| 00,001,232 \| ---- \| M] () -- C:\Users\Kev\AppData\Local\iTunesPrefs [2009/06/26 22:11:10 \| 61,834,061 \| ---- \| M] () -- C:\Users\Kev\Desktop\CBCR3_2009-06-26.mp3 [2009/06/18 02:54:32 \| 00,089,328 \| -H-- \| M] () -- C:\Windows\System32\mlfcache.dat [2009/06/17 11:27:56 \| 00,038,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/06/17 11:27:44 \| 00,019,096 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/06/11 03:15:22 \| 00,230,120 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2009/06/10 23:44:39 \| 24,811,907 \| ---- \| M] () -- C:\Users\Kev\Desktop\theroad_h.640.mov [2009/06/05 11:42:38 \| 02,060,288 \| ---- \| M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll [2009/06/05 11:42:38 \| 00,039,424 \| ---- \| M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys < End of report >

Thunderbird1988 View Member Profile	Jul 4 2009, 11:20 AM Post #15
Trusted Helper Posts: 1,844 From: The Netherlands OS: Windows XP/Vista Dualboot	Hello Dr. Cox, Please delete your copy of Combofix and do the following: Download Combofix from any of the links below. You must rename it to Thunderbird1988.exe before saving it. Save it to your desktop. ------------------------------------------------------------ Double click on Thunderbird1988.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Need help with Identifing a virus [CLOSED]	5 / 258	22nd August 2008 - 06:44 PM quix034 started - last by andrewuk
Virus, Spyware and Trojan Removal Need Help With Malware/Virus Removal	0 / 202	10th November 2008 - 10:45 PM lsu07 started - last by lsu07
Virus, Spyware and Trojan Removal Hijack This Log - Please help with Malware problem [Closed]	9 / 501	26th January 2009 - 09:34 AM JorgeH started - last by Rorschach112
Virus, Spyware and Trojan Removal Help with some virus [Closed]	6 / 148	15th July 2009 - 04:44 PM aryfkogel started - last by Rorschach112