Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google is blocked on IE8 and Firefox 3.6.3.


  • Please log in to reply

#1
transigo

transigo

    New Member

  • Member
  • Pip
  • 5 posts
Very strange. About 3 days ago, both browsers stopped connecting to Google.com or Google.com.au. This includes using Google as a home page, direct URL typing or via search bar. Bing works slowly and intermittently as does Yahoo. This has happened on two computers going via a single router. This post relates to the Win7 x64 as this is used for the important stuff.

MBAM found and removed Funweb but the problem is still there after reboot. Paid AVG runs each morning but has failed to detect anything.
AD Aware didn;t find anything. I've checked my router an firewall but can't see any changes.


Logs:

GMER: No log - says "C\windows\system32\config\system - the system cannot find the file specified" on starting the program. Then when I click Scan it says 'C\windows\system32\config\system - the process cannot access the file because it is buing used by another process' Then the scan starts and appears to run and says no system modifications have been detected.

------------------------------------

MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4096

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13/05/2010 9:41:38 PM
mbam-log-2010-05-13 (21-41-38).txt

Scan type: Quick scan
Objects scanned: 127491
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
-------------------------------------------------------------------

OTL:

OTL logfile created on: 5/13/2010 9:55:48 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\MBC\Downloads\Malware Removal Tools
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.16 Gb Total Space | 907.57 Gb Free Space | 64.96% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 387.61 Gb Free Space | 20.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 61.82 Mb Free Space | 61.83% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MBC-PC
Current User Name: MBC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/13 21:55:03 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\MBC\Downloads\Malware Removal Tools\OTL.exe
PRC - [2010/04/20 09:19:09 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 22:57:56 | 000,554,640 | ---- | M] () -- C:\Program Files (x86)\TwonkyMedia\bgtrans.exe
PRC - [2010/04/01 22:57:54 | 000,214,672 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\TwonkyMedia\twonkymediaserverconfig.exe
PRC - [2010/04/01 22:57:54 | 000,149,136 | ---- | M] () -- C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe
PRC - [2010/04/01 22:57:52 | 001,164,944 | ---- | M] () -- C:\Program Files (x86)\TwonkyMedia\twonkymediaserver.exe
PRC - [2010/03/05 07:15:14 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/05 07:15:12 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2010/02/10 18:20:00 | 001,363,456 | ---- | M] (Angus Johnson) -- C:\Program Files (x86)\Internode\mum.exe
PRC - [2010/01/27 10:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/09/24 22:29:06 | 000,070,144 | ---- | M] (Entriq, Inc.) -- C:\Program Files (x86)\FOXTEL\Download Player\Download Control\DCBin\DCService.exe
PRC - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2010/05/13 21:55:03 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\MBC\Downloads\Malware Removal Tools\OTL.exe
MOD - [2009/07/14 11:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 11:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/27 20:44:05 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/09/24 08:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 11:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 11:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 11:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 11:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 11:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 11:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 11:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 11:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 11:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 11:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 11:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 11:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 11:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 11:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/14 11:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 11:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 11:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 11:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 11:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 11:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 11:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 11:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 11:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 11:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/05/12 19:19:27 | 001,291,544 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/16 19:43:28 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 22:57:54 | 000,149,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe -- (TwonkyMedia)
SRV - [2010/03/13 04:33:04 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2010/03/05 07:15:14 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/24 22:29:06 | 000,070,144 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files (x86)\FOXTEL\Download Player\Download Control\DCBin\DCService.exe -- (Foxtel)
SRV - [2009/07/14 13:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 13:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/14 11:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 11:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 06:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/11 06:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2008/04/10 13:49:10 | 000,018,944 | ---- | M] (CL) [Auto | Running] -- C:\Program Files (x86)\SteamWatch\SteamWatch.exe -- (SteamWatch)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/20 09:19:09 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/03/05 07:15:16 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/03/05 07:15:13 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/03/05 07:15:13 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2010/02/05 01:53:02 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/12/11 20:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/24 09:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 16:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/14 11:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 11:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/14 11:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/14 11:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/14 11:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 11:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 11:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/14 11:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 11:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/14 11:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/14 11:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/14 11:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/14 10:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/14 10:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/14 10:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/14 10:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/14 10:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/14 10:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/14 10:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/14 10:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/14 10:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/14 10:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/07/14 10:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/14 10:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/14 10:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/14 10:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/14 10:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/14 10:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/14 09:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/14 09:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/14 09:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 09:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 09:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/14 09:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/14 09:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/14 09:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/14 09:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/14 09:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/11 06:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2010/05/06 20:14:57 | 000,222,160 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/09/27 09:55:32 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 11:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/14 11:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/11 07:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/11 07:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 6D 2F 19 79 3E CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/04/20 12:18:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/24 16:00:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/26 07:00:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/04/30 19:24:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/04/30 19:24:44 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\Mozilla\Extensions
[2010/04/30 19:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MBC\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/31 07:34:59 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\Mozilla\Firefox\Profiles\zukge6or.default\extensions
[2010/04/20 12:18:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/20 12:18:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/12 19:17:26 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 19:17:26 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 19:17:26 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 19:17:26 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKCU..\Run: [InternodeUsage] C:\Program Files (x86)\Internode\mum.exe (Angus Johnson)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Playlist - C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll (PacketVideo)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: TwonkyBeam to - C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll (PacketVideo)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Playlist - C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll (PacketVideo)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: TwonkyBeam to - C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll (PacketVideo)
O9 - Extra Button: TwonkyBeam - {339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C} - C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll (PacketVideo)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3f3f6ece-af99-11de-a8b7-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{3f3f6ece-af99-11de-a8b7-00241d1e0a2f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{43ffb729-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb729-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb789-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb789-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb79d-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb79d-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7a1-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7a1-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7c0-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7c0-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7c4-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7c4-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7e4-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7e4-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7e9-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7e9-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7f5-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7f5-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{43ffb7f9-395a-11df-9249-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{43ffb7f9-395a-11df-9249-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{96c0b913-3d65-11df-ac6c-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{96c0b913-3d65-11df-ac6c-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{96c0b917-3d65-11df-ac6c-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{96c0b917-3d65-11df-ac6c-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{caec0a83-3d68-11df-8574-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{caec0a83-3d68-11df-8574-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{caec0a86-3d68-11df-8574-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{caec0a86-3d68-11df-8574-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{d8d0cd1c-3d29-11df-a8bd-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{d8d0cd1c-3d29-11df-a8bd-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{f624c2eb-393e-11df-bf20-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{f624c2eb-393e-11df-bf20-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{f624c2f0-393e-11df-bf20-00241d1e0a2f}\Shell - "" = AutoRun
O33 - MountPoints2\{f624c2f0-393e-11df-bf20-00241d1e0a2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/14 13:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/13 21:36:59 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Roaming\Malwarebytes
[2010/05/13 21:36:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/13 21:36:53 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/13 21:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/13 21:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/13 21:34:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/13 21:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/05/12 19:20:14 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/05/12 19:17:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/06 20:16:18 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Roaming\TrueCrypt
[2010/05/06 20:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010/05/06 20:14:57 | 000,222,160 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010/05/06 20:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt
[2010/05/06 20:02:05 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/05/03 15:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TwonkyMedia
[2010/05/02 18:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PacketVideo
[2010/05/02 18:18:01 | 000,000,000 | ---D | C] -- C:\Users\MBC\Documents\twonkymedia-server-uploaded-data
[2010/05/02 18:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TwonkyMedia
[2010/05/01 13:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/01 13:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/01 13:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/05/01 13:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/01 13:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/04/30 21:32:25 | 000,000,000 | ---D | C] -- C:\Users\MBC\Documents\downloads
[2010/04/30 21:25:51 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Local\sabnzbd
[2010/04/30 21:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SABnzbd
[2010/04/30 19:24:42 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Roaming\Thunderbird
[2010/04/30 19:24:42 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Local\Thunderbird
[2010/04/30 19:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010/04/25 16:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/04/25 16:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/04/24 16:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/24 16:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/23 13:41:40 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Local\DA_CharGenMorphCompiler
[2010/04/17 06:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/17 06:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/08 18:39:20 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Local\Conceiva
[2010/04/03 18:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/01 17:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Huawei technologies
[2010/04/01 17:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/03/27 20:44:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/03/27 20:44:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/03/27 14:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optus Wireless Broadband
[2010/03/19 19:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010/03/13 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/03/13 14:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2010/03/13 14:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2010/03/13 14:01:36 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Local\Downloaded Installations
[2010/03/13 14:01:31 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/03/12 18:33:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/09 17:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/03/05 07:15:16 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/03/04 17:56:21 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Roaming\Leadertech
[2010/02/21 14:23:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/02/17 22:02:54 | 000,000,000 | ---D | C] -- C:\Windows\SQLTools9_KB970892_ENU
[2010/02/17 22:02:04 | 000,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2010/02/16 18:37:07 | 000,000,000 | ---D | C] -- C:\Users\MBC\AppData\Roaming\Dragon Age Toolset
[2010/02/16 17:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/02/16 17:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2010/02/16 17:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAODB
[2010/02/15 08:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/02/14 22:25:03 | 000,000,000 | ---D | C] -- C:\Users\MBC\Desktop\7-Zip
[2010/02/14 19:29:07 | 000,000,000 | ---D | C] -- C:\Users\MBC\Documents\DAModder

========== Files - Modified Within 90 Days ==========

[2010/05/13 21:58:19 | 002,621,440 | -HS- | M] () -- C:\Users\MBC\ntuser.dat
[2010/05/13 21:50:26 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 21:50:26 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 21:43:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/13 21:43:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/13 21:43:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/13 21:43:06 | 535,535,615 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/13 21:41:50 | 010,477,958 | -H-- | M] () -- C:\Users\MBC\AppData\Local\IconCache.db
[2010/05/13 21:36:56 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/13 21:33:31 | 000,000,936 | ---- | M] () -- C:\Users\MBC\Desktop\NTREGOPT.lnk
[2010/05/13 21:33:31 | 000,000,917 | ---- | M] () -- C:\Users\MBC\Desktop\ERUNT.lnk
[2010/05/13 21:09:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/13 21:01:42 | 000,271,360 | ---- | M] () -- C:\Users\MBC\Documents\INBOX.pst
[2010/05/13 20:50:01 | 000,000,000 | ---- | M] () -- C:\Users\MBC\AppData\Local\prvlcl.dat
[2010/05/13 20:38:42 | 059,932,514 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/05/13 20:10:12 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/05/13 20:10:12 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/05/12 20:22:15 | 000,007,675 | ---- | M] () -- C:\Users\MBC\AppData\Local\Resmon.ResmonCfg
[2010/05/12 19:20:13 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/05/12 19:20:06 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/12 19:17:16 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/11 18:49:54 | 000,779,758 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/11 18:49:54 | 000,665,914 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/11 18:49:54 | 000,125,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/09 07:18:28 | 000,170,436 | ---- | M] () -- C:\Users\MBC\Desktop\mothersdaycd1.jpg
[2010/05/06 20:14:57 | 000,222,160 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010/05/03 15:19:09 | 000,001,133 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyMedia Tray Control.lnk
[2010/05/02 18:18:49 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\TwonkyMedia Manager.lnk
[2010/05/02 18:18:06 | 000,000,011 | ---- | M] () -- C:\ProgramData\.tv5
[2010/05/02 13:35:23 | 000,162,816 | ---- | M] () -- C:\Users\MBC\Documents\Laura's party.doc
[2010/05/02 06:59:21 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI
[2010/05/01 13:02:11 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/30 21:25:43 | 000,001,003 | ---- | M] () -- C:\Users\MBC\Desktop\SABnzbd.lnk
[2010/04/30 19:24:38 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/04/29 22:27:19 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{36454236-5303-11df-ad94-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/29 22:27:19 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{36454236-5303-11df-ad94-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/29 22:27:19 | 000,065,536 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{36454236-5303-11df-ad94-00241d1e0a2f}.TM.blf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/24 16:00:40 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/22 19:37:50 | 000,360,308 | ---- | M] () -- C:\Users\MBC\Desktop\billion7404-set-up-guide-update-feb09.pdf
[2010/04/20 12:45:01 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{97915573-4c21-11df-a23e-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/20 12:45:01 | 000,065,536 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{97915573-4c21-11df-a23e-00241d1e0a2f}.TM.blf
[2010/04/20 12:45:00 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{97915573-4c21-11df-a23e-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 12:16:55 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{ff8f6e37-4c18-11df-a92c-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/20 12:16:55 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{ff8f6e37-4c18-11df-a92c-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 12:16:55 | 000,065,536 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{ff8f6e37-4c18-11df-a92c-00241d1e0a2f}.TM.blf
[2010/04/20 11:05:31 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/20 09:19:09 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/04/17 13:22:50 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{f266ad16-4998-11df-9827-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/17 13:22:50 | 000,524,288 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{f266ad16-4998-11df-9827-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/17 13:22:50 | 000,065,536 | -HS- | M] () -- C:\Users\MBC\ntuser.dat{f266ad16-4998-11df-9827-00241d1e0a2f}.TM.blf
[2010/04/08 19:32:39 | 000,001,794 | ---- | M] () -- C:\Users\MBC\Desktop\Mezzmo.lnk
[2010/04/08 14:26:30 | 000,025,088 | ---- | M] () -- C:\Users\MBC\Documents\fan fict.doc
[2010/04/06 16:34:42 | 000,004,096 | -H-- | M] () -- C:\Users\MBC\AppData\Local\keyfile3.drm
[2010/04/03 17:42:19 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010/04/01 17:53:13 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Connect.lnk
[2010/03/27 20:16:22 | 000,284,832 | ---- | M] () -- C:\Users\MBC\Documents\bookmarks.html
[2010/03/19 10:53:26 | 000,001,885 | ---- | M] () -- C:\Users\MBC\Desktop\Dragon Age Origins - Awakening.lnk
[2010/03/18 19:17:11 | 000,001,510 | ---- | M] () -- C:\Users\MBC\Desktop\SteamWatchTray - Shortcut.lnk
[2010/03/14 14:27:09 | 000,001,648 | ---- | M] () -- C:\Users\MBC\Desktop\RealTemp - Shortcut.lnk
[2010/03/12 18:39:05 | 000,000,499 | ---- | M] () -- C:\Windows\win.ini
[2010/03/12 18:33:43 | 264,453,550 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/05 07:15:16 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/03/05 07:15:16 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/03/05 07:15:13 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/03/05 07:15:13 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/02/17 22:02:27 | 000,722,382 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/13 15:39:12 | 000,001,351 | ---- | M] () -- C:\Users\MBC\Desktop\Sticky Notes.lnk

========== Files Created - No Company Name ==========

[2010/05/13 21:36:56 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/13 21:33:31 | 000,000,936 | ---- | C] () -- C:\Users\MBC\Desktop\NTREGOPT.lnk
[2010/05/13 21:33:31 | 000,000,917 | ---- | C] () -- C:\Users\MBC\Desktop\ERUNT.lnk
[2010/05/12 19:17:16 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/12 19:15:17 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/09 07:18:52 | 000,170,436 | ---- | C] () -- C:\Users\MBC\Desktop\mothersdaycd1.jpg
[2010/05/03 15:19:09 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyMedia Tray Control.lnk
[2010/05/02 18:18:49 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\TwonkyMedia Manager.lnk
[2010/05/02 18:18:06 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv5
[2010/05/02 13:35:23 | 000,162,816 | ---- | C] () -- C:\Users\MBC\Documents\Laura's party.doc
[2010/05/01 13:02:11 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/30 21:25:43 | 000,001,003 | ---- | C] () -- C:\Users\MBC\Desktop\SABnzbd.lnk
[2010/04/30 19:24:38 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/04/29 06:19:46 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{36454236-5303-11df-ad94-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/29 06:19:46 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{36454236-5303-11df-ad94-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/29 06:19:46 | 000,065,536 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{36454236-5303-11df-ad94-00241d1e0a2f}.TM.blf
[2010/04/25 16:59:47 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/25 16:59:46 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 16:00:40 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/22 19:37:50 | 000,360,308 | ---- | C] () -- C:\Users\MBC\Desktop\billion7404-set-up-guide-update-feb09.pdf
[2010/04/20 12:20:48 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{97915573-4c21-11df-a23e-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/20 12:20:48 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{97915573-4c21-11df-a23e-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 12:20:48 | 000,065,536 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{97915573-4c21-11df-a23e-00241d1e0a2f}.TM.blf
[2010/04/20 12:08:50 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{ff8f6e37-4c18-11df-a92c-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/20 12:08:49 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{ff8f6e37-4c18-11df-a92c-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 12:08:49 | 000,065,536 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{ff8f6e37-4c18-11df-a92c-00241d1e0a2f}.TM.blf
[2010/04/18 15:49:20 | 736,210,942 | ---- | C] () -- C:\Users\MBC\Desktop\Cars.avi
[2010/04/17 06:45:50 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{f266ad16-4998-11df-9827-00241d1e0a2f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/17 06:45:50 | 000,524,288 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{f266ad16-4998-11df-9827-00241d1e0a2f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/17 06:45:50 | 000,065,536 | -HS- | C] () -- C:\Users\MBC\ntuser.dat{f266ad16-4998-11df-9827-00241d1e0a2f}.TM.blf
[2010/04/08 19:32:39 | 000,001,794 | ---- | C] () -- C:\Users\MBC\Desktop\Mezzmo.lnk
[2010/04/08 18:40:41 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2010/04/08 14:21:00 | 000,025,088 | ---- | C] () -- C:\Users\MBC\Documents\fan fict.doc
[2010/04/06 16:34:42 | 000,004,096 | -H-- | C] () -- C:\Users\MBC\AppData\Local\keyfile3.drm
[2010/04/03 17:42:19 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010/04/01 17:53:13 | 000,002,241 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Connect.lnk
[2010/03/27 20:16:22 | 000,284,832 | ---- | C] () -- C:\Users\MBC\Documents\bookmarks.html
[2010/03/19 10:53:26 | 000,001,885 | ---- | C] () -- C:\Users\MBC\Desktop\Dragon Age Origins - Awakening.lnk
[2010/03/18 19:17:11 | 000,001,510 | ---- | C] () -- C:\Users\MBC\Desktop\SteamWatchTray - Shortcut.lnk
[2010/03/14 14:27:09 | 000,001,648 | ---- | C] () -- C:\Users\MBC\Desktop\RealTemp - Shortcut.lnk
[2010/03/12 18:33:43 | 264,453,550 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/09 17:59:10 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/02 18:08:01 | 000,000,000 | ---- | C] () -- C:\Users\MBC\AppData\Local\prvlcl.dat
[2010/02/16 17:06:54 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/13 15:39:12 | 000,001,351 | ---- | C] () -- C:\Users\MBC\Desktop\Sticky Notes.lnk
[2009/09/26 21:24:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2009/11/22 22:27:21 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\AVG9
[2010/02/16 18:37:07 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\Dragon Age Toolset
[2010/03/23 14:00:34 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\Internode
[2010/03/04 17:56:21 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\Leadertech
[2009/11/22 21:32:38 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\PMS
[2010/04/30 19:24:43 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\Thunderbird
[2010/05/06 20:18:57 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\TrueCrypt
[2010/04/25 19:23:41 | 000,000,000 | ---D | M] -- C:\Users\MBC\AppData\Roaming\uTorrent
[2010/03/27 06:17:12 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/13 21:43:05 | 000,000,892 | ---- | M] () -- C:\aaw7boot.log
[2010/05/13 21:43:06 | 535,535,615 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/05/13 21:43:06 | 2145,705,983 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 11:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/14 11:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
[2010/05/06 20:14:57 | 000,222,160 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysWOW64\drivers\truecrypt.sys
< End of report >

Extras:

OTL Extras logfile created on: 5/13/2010 9:55:48 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\MBC\Downloads\Malware Removal Tools
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.16 Gb Total Space | 907.57 Gb Free Space | 64.96% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 387.61 Gb Free Space | 20.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 61.82 Mb Free Space | 61.83% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MBC-PC
Current User Name: MBC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416019FF}" = Java™ 6 Update 19 (64-bit)
"{2C4FFF38-9FA5-C451-E79D-FAB3848C7F5A}" = ccc-utility64
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{5324EDAC-DED3-3A65-6881-84B4B8A8A7F9}" = ATI Catalyst Install Manager
"{591362D4-590B-457E-9BA3-F4D9508B88BA}" = MobileMe Control Panel
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{208232B9-98B0-40CD-96B5-1362534D3830}" = Cashflow Manager 7.1.0.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset
"{3EA20BCC-983E-E2FB-7655-F701160703AF}" = Catalyst Control Center HydraVision Full
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6FC943-504B-46DB-A53A-132EDFF4899D}" = Foxtel Download Manager 4.1.500.11
"{4DDF49C7-E23B-28E4-D899-DE1950411061}" = Catalyst Control Center Graphics Light
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{61814DD5-D192-7D9F-4070-08058E94C765}" = Catalyst Control Center Core Implementation
"{672017AB-BD22-FEED-D058-BC761279EF3D}" = Catalyst Control Center InstallProxy
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73AAEC5C-BA64-4655-A7B7-67874574530B}" = e-tax 2009
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F62F54-9CF5-480A-9BB4-2087B90A7A6B}_is1" = SteamWatch
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = TwonkyMedia Windows Components
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B251F4A-0B78-2045-B802-CDB67F594E53}" = Catalyst Control Center Graphics Previews Vista
"{8F808D5F-7635-EE62-F2B4-42D72D74443C}" = Catalyst Control Center Graphics Previews Common
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{BC4C00F4-3043-BA09-C401-A4728663ECCE}" = ccc-core-static
"{C27B2B08-B5BD-A210-73AF-83A740ECC32F}" = Catalyst Control Center Graphics Full New
"{C6AA63A6-3248-2D28-3BAA-AA9C6B8D84BE}" = CCC Help English
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F18EF558-2BCE-99DE-4021-46726B061BD2}" = Catalyst Control Center Graphics Full Existing
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG 9.0
"Common-Use Signing Interface" = Common-Use Signing Interface
"ERUNT_is1" = ERUNT 1.1j
"FOXTEL Download Player" = FOXTEL Download Player
"Internode Monthly Usage Meter_is1" = Internode Monthly Usage Meter 8.1a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Picasa 3" = Picasa 3
"SABnzbd" = SABnzbd (remove only)
"Steam App 17450" = Dragon Age: Origins
"Steam App 17460" = Mass Effect
"Steam App 47730" = Dragon Age: Origins - Awakening
"TrueCrypt" = TrueCrypt
"TwonkyBeam" = TwonkyBeam
"TwonkyMedia Manager" = TwonkyMedia Manager
"TwonkyMediaTwonkyMedia" = TwonkyMedia
"VLC media player" = VLC media player 1.0.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Thanks in advance.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Nothing obvious on your Win7 but I don't trust OTL to be able to read it completely especially with a 64bit system.

If you open IE and type in one of these numbers:

74.125.53.106
74.125.53.147
74.125.53.99
74.125.53.103
74.125.53.104
then hit Enter. Does it go to google.com?

Could be your router's DNS has been compromised.

Start, Programs, Accessories, then right click on Command Prompt and select Run As Administrator to bring up a Command window. Type with an Enter after each line in the code box (I use doubles spaces to show where a single space goes):

nslookup  google.com

(Does it give you a list similar to above?  Doesn't have to be all the same numbers. If not try: )

nslookup

server  4.2.2.1

google.com

(Does this work?  IF so reset your router to factory defaults - if you are using wireless you will need to go back in and put in your encryption)

exit

cd  \windows\system32\drivers\etc\


attrib  -r  -h  -s hosts

type  hosts

(Do you see:

# Copyright (c) 1993-2006 Microsoft Corp.
#
...
#	  102.54.94.97	 rhino.acme.com		  # source server
#	   38.25.63.10	 x.acme.com			  # x client host

127.0.0.1	   localhost
::1			 localhost
 
If you see any reference to google in the output then:


notepad  hosts

(and delete everything (# lines are comments and can be ignored) but:

127.0.0.1	   localhost
::1			 localhost

Then File, Save.)

route  print

(At the bottom it should say:

Persistent Routes:
  None

Does it?)


Ron
  • 0

#3
transigo

transigo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ron,

Typing in the Ip's into the browser gets to google.com each time.

Re: command prompt

1) nslookup returns Non-authoritative answer: google.com 66.102.11.104 which of course is not in the list you provided above.

2) re: 4.2.2.1: this returned the list you provided above except replace the 53 with 155 in each.

3) factory resetting now....
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Make sure you change the password on the router to something besides the default.

Ron
  • 0

#5
transigo

transigo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ok factory resetted.

worked through the rest of your instructions.

attrib -r -h -s hosts resulted in access denied but was still able to get to output of hosts. No reference to Google.

route print: Persistent routes - None.

Am I finished? If so: Thanks - and what happened? Can a virus/malware do this? I've not made any changes to the router in the period where this behaviour has occured.

Is there something I can/should do to prevent recurrence of this type of thing?

Transigo
  • 0

#6
transigo

transigo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
yep - put my password back on.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Mostly just changing the password on the router will do it if you make it something they can't guess. If you are really paranoid you can change the network from 192.168.0 or 192.168.1 to 192.168.27 or any number between 2 and 254.

I see you have µTorrent. P2P programs like µTorrent are dangerous. You never know where a file has been or what has been done to it. If you must use P2P always submit any files to http://virustotal.com before you open them.

You might want to run MBAM and OTL on the other computer to make sure it hasn't picked up something. They have to get on a computer in order to get to the router since most routers won't accept logons from the internet. Sometimes they erase the infection on the computer after they do the router so we may not find anything.

Ron
  • 0

#8
transigo

transigo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ron,

Your help is much appreciated. I'll keep an eye on things at this end.

Regards,

Transigo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP