Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus- findgala [Solved]


  • This topic is locked This topic is locked

#1
terencemag

terencemag

    Member

  • Member
  • PipPip
  • 25 posts
Hello everyone, I am Terence and I am a newbie here. Please don't laugh at my English because it's not my mother tongue.

I usually searched through the whole forum for solution before I start a new thread because I understand the frustration of answering others the same question again and again. But this malware problem seems to be unique for different people so to avoid trying different thing and spoil my computer into an irrecoverable manner, it's better for me to start a new thread.

My problem is that I can't access to Google.com homepage and all Google services like Gmail and Youtube. All don't work in Firefox, Opera and Internet Explorer. When I used Internet Explorer, the page redirects me to findgala.com. I have no problem accessing to all other sites and also www.google.com.my (Malaysia Google).

I have done the malware scanning via Malwarebyte, Superantispyware and AVG in safe mode but nothing was detected.

I need to solve this soonest possible because I am using Google services actively. Any help is highly appreciated :) :)
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


OTL Custom Scan
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /180

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.


NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 27 May 2010 - 11:03 AM.

  • 0

#3
terencemag

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OTL logfile created on: 28/5/2010 10:38:33 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\terencemagpie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 7.33 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive D: | 229.63 Gb Total Space | 209.23 Gb Free Space | 91.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 9.77 Gb Total Space | 4.53 Gb Free Space | 46.35% Space Free | Partition Type: NTFS

Computer Name: TERENCEMAGPI-PC
Current User Name: terencemagpie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/28 10:36:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\terencemagpie\Desktop\OTL.exe
PRC - [2010/05/25 17:25:56 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/05/19 01:26:23 | 002,397,424 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/04/21 08:11:48 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 08:11:42 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/02 13:31:08 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/02 01:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/17 08:29:27 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 08:29:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 08:28:14 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/17 08:28:14 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/05/12 19:24:00 | 000,450,652 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/05/12 19:20:00 | 000,217,170 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\stacsv.exe
PRC - [2009/05/12 19:13:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\AEstSrv.exe
PRC - [2009/04/28 03:32:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/28 03:32:28 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/04/16 06:21:58 | 000,550,184 | ---- | M] (Dell) -- C:\Program Files\Wireless Select Switch\WLSS.exe
PRC - [2009/04/09 16:29:00 | 001,762,032 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008/12/19 04:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2008/11/05 12:47:38 | 000,623,912 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/13 07:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe


========== Modules (SafeList) ==========

MOD - [2010/05/28 10:36:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\terencemagpie\Desktop\OTL.exe
MOD - [2010/03/17 08:29:27 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/21 10:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/21 10:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/17 08:29:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/17 08:28:14 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/06 17:26:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/13 22:43:50 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/20 18:35:59 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/05/12 19:20:00 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\stacsv.exe -- (STacSV)
SRV - [2009/05/12 19:13:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\AEstSrv.exe -- (AESTFilters)
SRV - [2009/04/28 03:32:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/01/30 15:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- c:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/12/19 04:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/13 07:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)


========== Driver Services (SafeList) ==========

DRV - [2010/05/11 02:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/21 08:11:42 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/17 08:29:27 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 08:28:14 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/18 02:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/07 17:03:00 | 000,272,256 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA012Vid.sys -- (OA012Vid)
DRV - [2009/05/23 08:15:54 | 000,058,016 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/05/12 19:25:00 | 000,400,896 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/05/08 08:45:40 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2009/05/07 16:14:42 | 004,740,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/04/28 03:03:42 | 000,329,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/03/20 07:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/03/13 02:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA012Ufd.sys -- (OA012Ufd)
DRV - [2008/12/30 11:57:52 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/12/13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/12/05 08:25:38 | 000,112,640 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/11/17 06:29:14 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/11/17 06:29:08 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/11/12 20:23:42 | 000,084,008 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/11/12 20:23:40 | 000,109,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/11/12 20:23:36 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/07/25 14:41:10 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/01/21 10:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 10:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 10:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 10:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 10:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 10:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 10:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 10:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 10:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 10:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 10:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 10:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 10:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 10:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 10:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 10:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 10:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 10:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 10:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 10:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 10:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 10:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 10:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 10:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 10:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/26 07:06:04 | 000,017,192 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2007/04/13 17:42:16 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2006/11/02 17:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 17:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 17:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 17:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 17:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 17:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 17:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 17:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 17:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 17:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 16:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 16:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 16:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 16:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 16:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 16:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 15:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.5.9
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {e26ba8db-a646-a44e-997c-2fafeadb50f2}:1.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/22 12:43:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/25 17:26:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/26 13:49:41 | 000,000,000 | ---D | M]

[2010/04/27 20:04:04 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Extensions
[2010/05/26 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions
[2010/04/27 21:47:09 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/04/27 20:12:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 21:47:08 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/04/27 21:47:09 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/28 00:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/04/29 14:13:54 | 000,000,000 | ---D | M] (OnlyWire) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2}
[2010/04/27 21:47:08 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/04/27 21:47:12 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\[email protected]
[2010/04/27 21:47:08 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\[email protected]
[2010/04/28 00:50:34 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\[email protected]
[2010/04/29 01:53:37 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\[email protected]
[2010/05/21 20:24:45 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\[email protected]
[2010/05/26 23:09:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/26 13:49:25 | 000,064,384 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2010/05/13 16:57:26 | 000,002,977 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.micronichetool.com
O1 - Hosts: 127.0.0.1 micronichetool.com
O1 - Hosts: 127.0.0.1 www.micronichefinder.com
O1 - Hosts: 127.0.0.1 www.keywordelite.com
O1 - Hosts: 127.0.0.1 keywordelite.com
O1 - Hosts: 127.0.0.1 www.marketsamurai.com
O1 - Hosts: 127.0.0.1 marketsamurai.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 217.23.15.139 www.google.com
O1 - Hosts: 45 more lines...
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: () - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\PROGRA~1\QVOD5\QvodEx.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CBBrowerBuddy Class) - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL (Copyright © Kingsoft Corporation Limited. All rights reserved.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe (Dell)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: ½ðɽ´Ê°Ôä¯ÀÀÆ÷À¸ - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL (Copyright © Kingsoft Corporation Limited. All rights reserved.)
O9 - Extra 'Tools' menuitem : ½ðɽ´Ê°Ôä¯ÀÀÆ÷À¸ - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL (Copyright © Kingsoft Corporation Limited. All rights reserved.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\terencemagpie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\terencemagpie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01b09d6f-ba71-11de-8e73-0024e8d6687f}\Shell\AutoRun\command - "" = E:\SysAnti.exe -- File not found
O33 - MountPoints2\{01b09d6f-ba71-11de-8e73-0024e8d6687f}\Shell\Explore\Command - "" = E:\SysAnti.exe -- File not found
O33 - MountPoints2\{01b09d6f-ba71-11de-8e73-0024e8d6687f}\Shell\Open\Command - "" = E:\SysAnti.exe -- File not found
O33 - MountPoints2\{66b00972-3b60-11df-8d80-0024e8d6687f}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe -- File not found
O33 - MountPoints2\{76950cac-52d4-11df-8499-0c60760beeb4}\Shell - "" = AutoRun
O33 - MountPoints2\{76950cac-52d4-11df-8499-0c60760beeb4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{76950cca-52d4-11df-8499-0024e8d6687f}\Shell - "" = AutoRun
O33 - MountPoints2\{76950cca-52d4-11df-8499-0024e8d6687f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{e70ef7c2-dfd4-11de-ad88-0c60760beeb4}\Shell - "" = AutoRun
O33 - MountPoints2\{e70ef7c2-dfd4-11de-ad88-0c60760beeb4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{e70ef7d1-dfd4-11de-ad88-0c60760beeb4}\Shell - "" = AutoRun
O33 - MountPoints2\{e70ef7d1-dfd4-11de-ad88-0c60760beeb4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 10:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/05/28 10:35:59 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\terencemagpie\Desktop\OTL.exe
[2010/05/27 23:21:22 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\Desktop\HostsXpert
[2010/05/27 23:09:14 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/27 23:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/27 23:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/27 20:01:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/27 00:55:19 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\Desktop\10adsense
[2010/05/26 14:06:52 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\Documents\Course Material-Google Analytics & AdWords for Beginners(572610300)
[2010/05/26 14:00:26 | 000,000,000 | -HSD | C] -- C:\Users\terencemagpie\Documents\cache
[2010/05/26 14:00:26 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\webex
[2010/05/26 13:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2010/05/25 17:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/05/25 17:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/05/25 17:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/05/25 17:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/05/24 00:28:54 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\DivX
[2010/05/24 00:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/05/24 00:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/05/24 00:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/05/23 11:38:43 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\Desktop\resell_pack
[2010/05/19 20:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadToolz
[2010/05/17 16:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/05/13 16:41:05 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\Malwarebytes
[2010/05/13 16:40:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/13 16:40:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/13 16:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/13 16:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/13 01:35:11 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/05/13 01:35:06 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/05/13 01:33:06 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/05/13 01:33:04 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/05/13 01:33:04 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/05/13 01:33:04 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/05/13 01:33:03 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/05/13 01:33:03 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/05/13 01:33:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/05/13 01:33:03 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/05/13 01:33:02 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/05/13 01:33:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/05/13 01:33:01 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/05/13 01:31:30 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/05/13 01:31:28 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/05/13 01:31:28 | 003,548,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/05/13 01:31:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/05/13 01:31:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/05/13 01:31:14 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/05/13 01:24:22 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/05/13 01:24:20 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/05/13 01:24:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/05/13 01:24:20 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/05/13 01:24:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/05/13 01:24:00 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/05/13 01:24:00 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/05/13 00:53:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\MSTNSRSXJGE
[2010/05/13 00:53:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\7911b85
[2010/05/12 18:04:38 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\Desktop\xammax.com.my
[2010/05/11 02:51:15 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\Desktop\Learn Programming
[2010/05/06 02:34:29 | 000,898,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys.do
[2010/05/06 02:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Funshion Online
[2010/05/06 02:34:18 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\funshion
[2010/05/05 20:58:19 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\Real
[2010/05/03 09:36:23 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\Octoshape
[2010/05/03 01:34:14 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/05/01 06:05:29 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\Acapela Group
[2010/05/01 06:05:26 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Local\Xtranormal
[2010/05/01 06:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Xtranormal
[2010/05/01 06:02:03 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\Xtranormal
[2010/04/30 22:40:20 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Roaming\ScrapeBox Link Checker Free Edition
[2010/04/29 00:02:03 | 000,000,000 | ---D | C] -- C:\Users\terencemagpie\AppData\Local\WinZip
[2010/04/28 23:46:24 | 000,621,056 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2010/04/28 23:46:24 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010/04/28 23:46:24 | 000,103,040 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbfake.sys
[2010/04/28 23:46:24 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010/04/28 23:46:24 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys

========== Files - Modified Within 30 Days ==========

[2010/05/28 10:36:58 | 003,670,016 | -HS- | M] () -- C:\Users\terencemagpie\ntuser.dat
[2010/05/28 10:36:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\terencemagpie\Desktop\OTL.exe
[2010/05/28 10:02:23 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{50924E06-01AF-492E-9855-FFE4755D3521}.job
[2010/05/28 09:56:29 | 000,002,289 | ---- | M] () -- C:\Users\terencemagpie\Desktop\AppLocale.lnk
[2010/05/28 09:54:40 | 060,450,392 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/28 09:51:21 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/28 09:51:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/28 09:49:47 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/28 09:49:47 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/28 09:49:47 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/28 09:45:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/28 09:45:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/28 09:45:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/28 09:44:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/28 09:44:49 | 2104,487,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/28 01:06:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/28 01:06:06 | 000,524,288 | -HS- | M] () -- C:\Users\terencemagpie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/28 01:06:06 | 000,065,536 | -HS- | M] () -- C:\Users\terencemagpie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/28 01:05:47 | 002,236,825 | -H-- | M] () -- C:\Users\terencemagpie\AppData\Local\IconCache.db
[2010/05/28 00:45:13 | 000,001,970 | ---- | M] () -- C:\Users\terencemagpie\funshion.ini
[2010/05/27 23:26:35 | 000,000,896 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.msn
[2010/05/27 23:09:09 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/27 20:50:55 | 000,000,411 | ---- | M] () -- C:\Users\terencemagpie\Desktop\regfix.reg
[2010/05/27 20:19:39 | 000,026,112 | ---- | M] () -- C:\Users\terencemagpie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 12:52:37 | 000,022,016 | ---- | M] () -- C:\Users\terencemagpie\Desktop\Qian Qian Purchase List.xls
[2010/05/26 23:21:54 | 000,016,896 | ---- | M] () -- C:\Users\terencemagpie\Desktop\DomainStryker.xls
[2010/05/26 15:14:48 | 000,124,614 | ---- | M] () -- C:\Users\terencemagpie\Desktop\connection problem.jpg
[2010/05/26 14:42:00 | 000,192,747 | ---- | M] () -- C:\Users\terencemagpie\Desktop\failed.jpg
[2010/05/25 17:26:56 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/05/25 17:26:45 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/05/25 17:26:45 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/05/25 17:26:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010/05/25 17:25:59 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/05/23 05:07:53 | 001,717,475 | ---- | M] () -- C:\Users\terencemagpie\Desktop\SneakyCPASecrets.pdf
[2010/05/22 18:01:13 | 000,057,216 | ---- | M] () -- C:\Users\terencemagpie\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/22 11:56:02 | 000,057,216 | ---- | M] () -- C:\Users\terencemagpie\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010/05/21 20:15:35 | 000,705,346 | ---- | M] () -- C:\Users\terencemagpie\Documents\Megaporn.com - hot tutor [bleep]ed.flv_
[2010/05/20 21:51:59 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/19 20:23:17 | 000,460,346 | ---- | M] () -- C:\Users\terencemagpie\Documents\Megaporn.com - http3A2F2Fsex520.net2F-323.flv_
[2010/05/19 17:21:14 | 000,224,430 | ---- | M] () -- C:\Users\terencemagpie\Desktop\plrprofits.pdf
[2010/05/13 16:57:26 | 000,002,977 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/13 16:40:55 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/13 00:54:00 | 000,000,004 | ---- | M] () -- C:\Windows\System32\drivers\cntnr0.sys
[2010/05/12 18:23:26 | 003,171,606 | ---- | M] () -- C:\Users\terencemagpie\Desktop\XAM-MAX Website.zip
[2010/05/11 13:43:22 | 000,000,162 | -H-- | M] () -- C:\Users\terencemagpie\Desktop\~$m-max draft.doc
[2010/05/08 18:09:53 | 000,002,469 | ---- | M] () -- C:\Users\terencemagpie\Desktop\Mass Article Creator.lnk
[2010/05/06 02:34:19 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Funshion.lnk
[2010/05/06 02:34:19 | 000,001,102 | ---- | M] () -- C:\Windows\System32\funshion.ini
[2010/05/05 20:59:21 | 000,000,794 | ---- | M] () -- C:\Users\terencemagpie\Desktop\KMPlayer.lnk
[2010/05/04 14:42:56 | 036,061,245 | ---- | M] () -- C:\Users\terencemagpie\Desktop\HypnoFocus.mp3
[2010/05/01 06:02:41 | 000,000,865 | ---- | M] () -- C:\Users\Public\Desktop\State.lnk
[2010/04/30 22:23:49 | 000,613,376 | ---- | M] () -- C:\Users\terencemagpie\Desktop\Scrapebox_Guide.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 23:46:28 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Maxis Broadband.lnk

========== Files Created - No Company Name ==========

[2010/05/27 23:09:09 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/27 22:56:24 | 2104,487,936 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/27 20:50:55 | 000,000,411 | ---- | C] () -- C:\Users\terencemagpie\Desktop\regfix.reg
[2010/05/27 12:42:09 | 000,022,016 | ---- | C] () -- C:\Users\terencemagpie\Desktop\Qian Qian Purchase List.xls
[2010/05/26 19:06:01 | 000,016,896 | ---- | C] () -- C:\Users\terencemagpie\Desktop\DomainStryker.xls
[2010/05/26 15:14:47 | 000,124,614 | ---- | C] () -- C:\Users\terencemagpie\Desktop\connection problem.jpg
[2010/05/26 14:41:59 | 000,192,747 | ---- | C] () -- C:\Users\terencemagpie\Desktop\failed.jpg
[2010/05/23 05:06:21 | 001,717,475 | ---- | C] () -- C:\Users\terencemagpie\Desktop\SneakyCPASecrets.pdf
[2010/05/21 20:13:24 | 000,705,346 | ---- | C] () -- C:\Users\terencemagpie\Documents\Megaporn.com - hot tutor [bleep]ed.flv_
[2010/05/20 21:51:59 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/19 20:03:30 | 000,460,346 | ---- | C] () -- C:\Users\terencemagpie\Documents\Megaporn.com - http3A2F2Fsex520.net2F-323.flv_
[2010/05/19 17:21:14 | 000,224,430 | ---- | C] () -- C:\Users\terencemagpie\Desktop\plrprofits.pdf
[2010/05/13 16:40:55 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/13 00:53:59 | 000,000,004 | ---- | C] () -- C:\Windows\System32\drivers\cntnr0.sys
[2010/05/11 23:08:41 | 003,171,606 | ---- | C] () -- C:\Users\terencemagpie\Desktop\XAM-MAX Website.zip
[2010/05/11 13:43:22 | 000,000,162 | -H-- | C] () -- C:\Users\terencemagpie\Desktop\~$m-max draft.doc
[2010/05/06 02:34:19 | 000,001,928 | ---- | C] () -- C:\Users\Public\Desktop\Funshion.lnk
[2010/05/05 20:59:21 | 000,000,794 | ---- | C] () -- C:\Users\terencemagpie\Desktop\KMPlayer.lnk
[2010/05/04 14:42:56 | 036,061,245 | ---- | C] () -- C:\Users\terencemagpie\Desktop\HypnoFocus.mp3
[2010/05/01 06:02:41 | 000,000,865 | ---- | C] () -- C:\Users\Public\Desktop\State.lnk
[2010/04/30 22:23:36 | 000,613,376 | ---- | C] () -- C:\Users\terencemagpie\Desktop\Scrapebox_Guide.pdf
[2010/04/28 23:46:28 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Maxis Broadband.lnk
[2010/04/12 15:54:26 | 000,001,102 | ---- | C] () -- C:\Windows\System32\funshion.ini
[2010/03/27 22:03:29 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LAME_MP3.dll
[2009/12/23 17:45:39 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/10/12 11:41:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/17 09:26:17 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/09/17 09:21:21 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/09/17 09:21:21 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/07/20 18:38:23 | 000,577,536 | ---- | C] () -- C:\Windows\System32\EMSC.DLL
[2009/07/20 18:34:53 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/20 18:34:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/12/20 11:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2001/11/15 03:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/05/01 06:05:29 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Acapela Group
[2010/03/22 05:33:33 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\acccore
[2010/04/06 05:35:47 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Affilorama
[2010/03/05 18:50:48 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\digiXMAS Submitter
[2010/05/25 06:26:58 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\FileZilla
[2010/01/18 17:28:09 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\FireShot
[2009/12/16 20:35:44 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\FlashGet
[2009/09/29 00:25:38 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Kingsoft
[2010/04/08 03:40:40 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/10/24 00:38:15 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\NJStar
[2010/05/03 09:36:23 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Octoshape
[2009/09/26 15:19:38 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Opera
[2009/10/23 13:07:45 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\QQ
[2009/10/23 13:07:23 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\QQUpdate
[2010/04/30 22:40:21 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\ScrapeBox Link Checker Free Edition
[2009/11/13 22:36:50 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Sports Interactive
[2009/10/12 18:01:20 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Tencent
[2010/05/27 17:50:50 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\uTorrent
[2010/05/26 14:09:30 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\webex
[2010/04/27 23:14:29 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\WinFF
[2010/05/01 06:05:35 | 000,000,000 | ---D | M] -- C:\Users\terencemagpie\AppData\Roaming\Xtranormal
[2010/05/28 01:06:22 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/28 10:02:23 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{50924E06-01AF-492E-9855-FFE4755D3521}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/05 18:12:39 | 000,003,072 | ---- | M] () -- C:\ads_err.adi
[2010/03/05 18:11:38 | 000,002,048 | ---- | M] () -- C:\ads_err.adm
[2010/03/05 18:23:53 | 000,005,656 | ---- | M] () -- C:\ads_err.adt
[2006/09/19 05:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 10:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/07/20 19:04:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 05:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/09/16 19:08:36 | 000,002,971 | RH-- | M] () -- C:\dell.sdr
[2010/05/28 09:44:49 | 2104,487,936 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/07 21:58:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/22 00:54:52 | 000,000,360 | -H-- | M] () -- C:\IPH.PH
[2009/12/07 21:58:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/28 09:44:48 | 2420,330,496 | -HS- | M] () -- C:\pagefile.sys
[2010/03/27 22:09:43 | 000,000,040 | ---- | M] () -- C:\SYSTEM.VER
[2010/03/27 22:09:43 | 000,011,032 | ---- | M] () -- C:\YP-U3.LOG

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/11/17 06:29:10 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2008/01/21 10:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 10:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 11:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 11:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 11:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 18:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 18:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /180 >
[2010/03/17 08:28:14 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/17 08:29:27 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/21 08:11:42 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/13 00:54:00 | 000,000,004 | ---- | M] () -- C:\Windows\System32\drivers\cntnr0.sys
[2010/02/21 05:18:40 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 19:32:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 19:32:36 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 19:32:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/12/11 20:07:30 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/12/11 20:07:11 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/02/18 22:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 19:52:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Files - Unicode (All) ==========
[2010/05/05 16:54:18 | 000,000,870 | ---- | M] ()(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\?????????.lnk) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\谷歌金山词霸合作版.lnk
[2010/05/05 16:54:18 | 000,000,870 | ---- | C] ()(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\?????????.lnk) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\谷歌金山词霸合作版.lnk
[2010/03/01 20:04:09 | 000,000,000 | ---D | M](C:\Users\terencemagpie\Documents\????) -- C:\Users\terencemagpie\Documents\美图图库
[2010/03/01 20:04:09 | 000,000,000 | ---D | C](C:\Users\terencemagpie\Documents\????) -- C:\Users\terencemagpie\Documents\美图图库
[2009/09/29 00:26:31 | 000,000,956 | ---- | M] ()(C:\Users\Public\Desktop\?????????.lnk) -- C:\Users\Public\Desktop\谷歌金山词霸合作版.lnk
[2009/09/29 00:26:31 | 000,000,956 | ---- | C] ()(C:\Users\Public\Desktop\?????????.lnk) -- C:\Users\Public\Desktop\谷歌金山词霸合作版.lnk
[2009/09/24 22:51:31 | 000,001,726 | ---- | M] ()(C:\Users\terencemagpie\Desktop\????.lnk) -- C:\Users\terencemagpie\Desktop\千千静听.lnk
[2009/09/24 22:51:31 | 000,001,726 | ---- | C] ()(C:\Users\terencemagpie\Desktop\????.lnk) -- C:\Users\terencemagpie\Desktop\千千静听.lnk
< End of report >
  • 0

#4
terencemag

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OTL Extras logfile created on: 28/5/2010 10:38:33 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\terencemagpie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 7.33 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive D: | 229.63 Gb Total Space | 209.23 Gb Free Space | 91.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 9.77 Gb Total Space | 4.53 Gb Free Space | 46.35% Space Free | Partition Type: NTFS

Computer Name: TERENCEMAGPI-PC
Current User Name: terencemagpie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Tencent\TT\bin\TTraveler.exe (Tencent)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Tencent\TT\bin\TTraveler.exe" "%1" (Tencent)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-839650790-1182488598-3075496029-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F7058F-0497-4CE4-8C42-DFF0CE675D12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B582D008-89EB-42E1-B17E-1E2029BC69CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F4F10385-79B0-4898-A775-C171508D3FB5}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EFF961-EFEE-431A-8DDD-45128059AEA7}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp\kankan\xmpboot.exe |
"{02F42BD4-B29D-4889-B7F7-71737391C00A}" = protocol=6 | dir=in | app=c:\programdata\7911b85\ms7911.exe |
"{0FA5632A-0F3B-4FD1-A5EA-BEBF1A3AB87F}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{126CA97C-043C-4F3D-8AF3-762CC74E5C6D}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{1F805B11-BBD0-41A2-A527-B74570AC35DF}" = protocol=17 | dir=in | app=c:\program files\gridservice\peer.exe |
"{26A61EE7-66A4-4961-8334-5BDE5C2AB57D}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{313F3FBD-7A37-4933-8704-6FB2D295CBA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35244928-B3F4-44B0-B6CF-994035436518}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{36FBB7DB-C644-47A5-A4FC-9ACF916315FC}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp\kankan\thunderliveud.exe |
"{3A3717E2-A964-43D4-A109-1400FE20F3AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{41458AEB-9BBC-4769-9ACC-101D633CAF76}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{4227E062-1627-48DF-8564-892D68652170}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{437F7B23-E7EC-4006-9ED0-7CFA2D8CD688}" = protocol=6 | dir=in | app=d:\terence\installer\utorrent.exe |
"{45648273-C6B4-4DE4-A85B-23A3C5F1CBD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47006882-5DC0-4394-843B-1C7C6F857BA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47C8C1A5-6A89-4632-A75D-BCCB133A445E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49B09EA1-D6C4-4312-8F00-B9D02FF32C1A}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{4ACDD1D4-ECF7-40D3-BD15-AF0730273931}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp\xmp.exe |
"{5217C426-001C-4140-A742-BA72F6506861}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp\xmp.exe |
"{6042460E-6F36-4A7E-A4AF-C10EA000D6DD}" = protocol=17 | dir=in | app=d:\terence\installer\utorrent.exe |
"{6110D99D-A50F-4775-97D4-3AA6FB1A25BD}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp\kankan\xmpboot.exe |
"{65AB4D39-10F2-4524-A506-44AAFF7790DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B791D59-13B2-4172-9747-55ED7DC813CF}" = protocol=6 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"{7CF43320-7D64-4D6A-BE43-1A427E40F025}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{7E239359-3C5A-4E05-B2AF-32F4A8DB0AA5}" = protocol=6 | dir=in | app=c:\program files\micro niche finder\microniche.exe |
"{81319563-C424-48E3-9B14-49DD461BE115}" = protocol=17 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"{820491DA-166B-42E7-BD68-B5DA5FCC764B}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp\xmp.exe |
"{8235FE0D-9099-48D1-8439-A1CF309F0B2F}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp\xmp.exe |
"{86BCE9D0-9579-460A-9D0A-26938729636D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8ACA8DF0-CE55-4C2C-9550-ECC41E7AB2B1}" = protocol=17 | dir=in | app=d:\terence\installer\utorrent.exe |
"{8E4C3C99-C2E8-4F10-9BE1-98D0C126E4B0}" = protocol=17 | dir=in | app=c:\programdata\7911b85\ms7911.exe |
"{8EC521A3-CE66-42DD-91E3-E182FF2188DE}" = protocol=6 | dir=in | app=c:\program files\gridservice\peer.exe |
"{8FF7B775-2B26-4B7E-8745-26C22A268377}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9212A0D0-D656-40EA-B5CB-1B64F9D36917}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A42B696-E3C0-49E9-8585-C55FF3C9D5E4}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp\thunderliveud.exe |
"{9C94DBCE-0826-435C-9657-EF35C1034CE2}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp\kankan\thunderliveud.exe |
"{A9FC55E7-0C7D-4FA3-8CEF-456CEF4F98C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABE6BBF6-0A61-4B33-936A-7D1C95C0F143}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B027AF97-305D-4F59-B2FD-9B2B4B6E8B6C}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{B27FB28F-A717-444B-9C9D-9EBDF417EF76}" = protocol=17 | dir=in | app=c:\program files\micro niche finder\microniche.exe |
"{B663E705-7FCD-4716-A23E-3A152245CEAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6B1824E-CC2E-4B7D-846C-2DF92ECE7F29}" = protocol=17 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"{BA6EEC72-DE4E-4EB1-A269-3A29AD8F094D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3162CB6-8174-4A03-AB27-24E322924FB4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C6EC7F82-E3E6-424C-8B34-12680ED5886D}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{C77E8FA8-A061-428F-A5D2-F94DEA20D3A7}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{C8E3A6DF-640E-49C8-B642-E557F60859BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA03F95F-C663-40ED-A36B-9A87F903EF84}" = protocol=6 | dir=in | app=d:\terence\installer\utorrent.exe |
"{CAE91A59-9326-46D7-AAC7-3CC3F1699480}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBB3EBC0-F6DB-4C98-B0C7-9111FF03CCBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC7E1A81-2367-4843-A774-CA10287D148D}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp\thunderliveud.exe |
"{DD55ECC7-D769-421F-BB2B-3FD150D70A41}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp\thunderliveud.exe |
"{DF6ACFEC-39AE-414D-BBA2-31F10BFE3F55}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp\thunderliveud.exe |
"{E1359FC9-0253-45ED-AEEB-06F79700D399}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6472885-0E2B-4A89-B8C8-36C80E89A5E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8FB1706-EFBA-4B14-BA99-951AC0C50C68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EDA58D98-78F7-434A-A0A5-98A4F872DF6B}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\thunders\thunders.exe |
"{EE70B5FE-4000-43D5-9485-FFE28301ECE5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EF4C285E-741F-4209-9B71-A6B1C093C2CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFB1CD8D-ED76-4338-9BCA-9535A0A9DE9E}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\thunders\thunders.exe |
"{FB343514-0187-42EE-8C82-7F5EF7B30287}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{FE8913F1-240F-44E9-A088-7CED5CE27270}" = protocol=6 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"TCP Query User{346E309B-1385-4D07-A1CD-B2E96082F871}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{4E00BDC7-6772-4EB5-BEFE-55DF8AE1CBCC}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{5F2B96C1-4F07-44F0-B3E1-1CB16F1DDC8A}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{96F87BA3-959B-4C7C-9252-1493FC5E8E37}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{A2551C40-A731-4C02-B12B-FB160E380097}C:\program files\tencent\qq\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq\qq.exe |
"TCP Query User{B2601FB7-9557-4530-9B19-D4EE1E79623C}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"TCP Query User{C66F4027-044D-495A-972A-82F5D2C2193E}C:\program files\tencent\qq\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq\qq.exe |
"TCP Query User{C70E7F57-CD7F-49D1-A399-CE65BF868478}D:\new folder\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\new folder\left 4 dead 2\left4dead2.exe |
"UDP Query User{0BE5F320-3FCE-4AEC-AD7F-38B66F7DB8A5}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{645E999B-F7BA-4B8E-96A9-D3DE1F64BC65}C:\program files\tencent\qq\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq\qq.exe |
"UDP Query User{A26EFC0A-0502-427E-962C-AF14B4AA5052}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"UDP Query User{B180BD20-75A8-4BEF-BF74-02C40C694001}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{B1878AB7-77C5-42B5-BA99-C6C923BE6661}C:\program files\tencent\qq\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq\qq.exe |
"UDP Query User{CF9BCD9D-672C-4DB8-A9E7-60769775139C}D:\new folder\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\new folder\left 4 dead 2\left4dead2.exe |
"UDP Query User{D31F90D0-8DA5-4C0A-934F-220EC895CADB}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{F0EA32FC-51FB-4A9B-9C60-0173C4419477}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1696C54E-599A-4BA2-9941-BB70C4727887}" = Xtranormal State - Voicepack-English-UK-Daniel
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D0859C7-4C5D-40BA-A3EA-698BA820E7A7}" = MassArticleCreator
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{467A3BF8-4C87-4E68-835C-CE5318C157C2}" = Xtranormal State - Voicepack-English-US-Tom
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{808B53B5-9E5F-4F99-A6B9-BDDF323EF229}" = ODD Eject
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838A22DF-81CA-4452-9BDD-A1745224D960}" = Xtranormal State - Voicepack-English-UK-Serena
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EC4F64D-92E4-4274-9495-4C887D49DEC3}" = Xtranormal State
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{912536C4-273C-416F-B42C-BBC5B72114D7}" = Xtranormal State - Voicepack-English-US-Samantha
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B066A843-8978-4501-A900-A28C5EFE148B}" = O2Micro Flash Memory Card Windows Driver
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4D79216-306A-400B-858B-00C05F0B0E80}" = Adobe Flash Player 9 ActiveX
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.6600
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1B1BB41-2494-4FC2-BEF7-9C282B6815A8}" = Image Resizer Powertoy Clone for Windows
"{F312B2F8-A700-46D2-A2DD-BB758313EA2F}" = Macromedia Extension Manager
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"ÃÀͼÐãÐã" = ÃÀͼÐãÐã 2.1.7 °²È«°æ
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AVG9Uninstall" = AVG Free 9.0
"Banner Generator 2.0" = Banner Generator 2.0
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA012" = Integrated Webcam Driver (1.05.01.0820)
"Dell Webcam Central" = Dell Webcam Central
"FileZilla Client" = FileZilla Client 3.3.0.1
"FlashGet" = FlashGet 1.9.6.1073
"Funshion" = Funshion
"GooglePinyin2" = 谷歌拼音输入法 2.0
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"InstallShield_{808B53B5-9E5F-4F99-A6B9-BDDF323EF229}" = ODD Eject
"InstallShield_{B066A843-8978-4501-A900-A28C5EFE148B}" = O2Micro Flash Memory Card Windows Driver
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maxis Broadband" = Maxis Broadband
"Megaporn Video Downloader_is1" = Megaporn Video Downloader 3.21
"Micro Niche Finder_is1" = Micro Niche Finder
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PowerWord Lite" = 谷歌金山词霸合作版
"QQ2008IIBeta1" = QQ2008II Beta1
"RealAlt_is1" = Real Alternative 2.0.1
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Traffic Travis_is1" = Traffic Travis 3.2.1
"TTPlayer" = 千千静听 5.5.2
"TVWiz" = Intel® TV Wizard
"UltraISO_is1" = UltraISO Premium V8.63
"WampServer 2_is1" = WampServer 2.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"XviD_is1" = XviD MPEG-4 Video Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/5/2010 7:34:43 AM | Computer Name = terencemagpi-PC | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream()

at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName,
Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetCountries(GetCountriesRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetCountryList()

Error - 19/5/2010 10:16:26 PM | Computer Name = terencemagpi-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/5/2010 10:16:33 PM | Computer Name = terencemagpi-PC | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream()

at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName,
Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetCountries(GetCountriesRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetCountryList()

Error - 20/5/2010 4:20:36 AM | Computer Name = terencemagpi-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, time stamp 0x4bb4be02,
faulting module ole32.dll, version 6.0.6001.18000, time stamp 0x4791a74c, exception
code 0xc0000005, fault offset 0x00038922, process id 0x21c, application start time
0x01caf7c2c8d724c7.

Error - 20/5/2010 7:21:19 AM | Computer Name = terencemagpi-PC | Source = WinMgmt | ID = 10
Description =

Error - 20/5/2010 7:21:27 AM | Computer Name = terencemagpi-PC | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream()

at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName,
Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetCountries(GetCountriesRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetCountryList()

Error - 20/5/2010 8:46:08 AM | Computer Name = terencemagpi-PC | Source = Google Update | ID = 20
Description =

Error - 20/5/2010 9:42:56 PM | Computer Name = terencemagpi-PC | Source = WinMgmt | ID = 10
Description =

Error - 20/5/2010 9:43:00 PM | Computer Name = terencemagpi-PC | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream()

at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName,
Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetCountries(GetCountriesRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetCountryList()

Error - 21/5/2010 6:03:16 AM | Computer Name = terencemagpi-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/12/2009 4:00:14 AM | Computer Name = terencemagpi-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.101 for the Network Card with network
address 0C60760BEEB4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/12/2009 4:00:37 AM | Computer Name = terencemagpi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/12/2009 4:00:37 AM | Computer Name = terencemagpi-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 4/12/2009 1:02:44 AM | Computer Name = terencemagpi-PC | Source = HTTP | ID = 15016
Description =

Error - 4/12/2009 1:04:18 AM | Computer Name = terencemagpi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/12/2009 1:04:18 AM | Computer Name = terencemagpi-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/12/2009 3:06:50 AM | Computer Name = terencemagpi-PC | Source = HTTP | ID = 15016
Description =

Error - 5/12/2009 3:08:24 AM | Computer Name = terencemagpi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/12/2009 3:08:24 AM | Computer Name = terencemagpi-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/12/2009 3:14:09 AM | Computer Name = terencemagpi-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.101 for the Network Card with network
address 0C60760BEEB4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
  • 0

#5
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Do you have the GMER log for me?
  • 0

#6
terencemag

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Do you have the GMER log for me?


Sorry for the delay. The program is still running.

I will probably post it by tomorrow morning(about 9 hours time from this post) since it's midnight here and I am going to bed soon.

Really appreciate your help and millions of thanks =)
  • 0

#7
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. Thanks for letting me know.
  • 0

#8
terencemag

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-29 15:19:43
Windows 6.0.6001 Service Pack 1
Running: xkstz1d2.exe; Driver: C:\Users\TERENC~1\AppData\Local\Temp\fwkcykod.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74BE88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74C298A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74BEB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74BDFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74BE7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74BDEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74C1B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74BEBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74BE074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74BE06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74BD71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74C6D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74C07379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74BDE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74BD697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74BD69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74BE2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54
c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \FileSystem\fastfat \Fat 8C518A7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00265edf46ab
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\00265edf46ab (not active ControlSet)

---- EOF - GMER 1.0.15 ----
  • 0

#9
terencemag

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Gmer result posted. I hope I was doing it correctly. The first time it failed because my laptop turned into sleeping mode after more than 10 hours of running. The second time was stopped half way and I did the last one in safe mode, and surprisingly it was completed within several hours.
  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    O2 - BHO: () - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\PROGRA~1\QVOD5\QvodEx.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{01b09d6f-ba71-11de-8e73-0024e8d6687f}\Shell\AutoRun\command - "" = E:\SysAnti.exe -- File not found
    O33 - MountPoints2\{01b09d6f-ba71-11de-8e73-0024e8d6687f}\Shell\Explore\Command - "" = E:\SysAnti.exe -- File not found
    O33 - MountPoints2\{01b09d6f-ba71-11de-8e73-0024e8d6687f}\Shell\Open\Command - "" = E:\SysAnti.exe -- File not found
    O33 - MountPoints2\{66b00972-3b60-11df-8d80-0024e8d6687f}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe -- File not found
    O33 - MountPoints2\{76950cac-52d4-11df-8499-0c60760beeb4}\Shell - "" = AutoRun
    O33 - MountPoints2\{76950cac-52d4-11df-8499-0c60760beeb4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{76950cca-52d4-11df-8499-0024e8d6687f}\Shell - "" = AutoRun
    O33 - MountPoints2\{76950cca-52d4-11df-8499-0024e8d6687f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e70ef7c2-dfd4-11de-ad88-0c60760beeb4}\Shell - "" = AutoRun
    O33 - MountPoints2\{e70ef7c2-dfd4-11de-ad88-0c60760beeb4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e70ef7d1-dfd4-11de-ad88-0c60760beeb4}\Shell - "" = AutoRun
    O33 - MountPoints2\{e70ef7d1-dfd4-11de-ad88-0c60760beeb4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    [2010/05/13 00:53:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\MSTNSRSXJGE
    [2010/05/13 00:53:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\7911b85
    [2010/05/21 20:13:24 | 000,705,346 | ---- | C] () -- C:\Users\terencemagpie\Documents\Megaporn.com - hot tutor [bleep]ed.flv_
    [2010/05/19 20:03:30 | 000,460,346 | ---- | C] () -- C:\Users\terencemagpie\Documents\Megaporn.com - http3A2F2Fsex520.net2F-323.flv_
    [2010/05/13 00:53:59 | 000,000,004 | ---- | C] () -- C:\Windows\System32\drivers\cntnr0.sys
    [2010/05/13 00:54:00 | 000,000,004 | ---- | M] () -- C:\Windows\System32\drivers\cntnr0.sys
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [start explorer]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:




Extract the file and run it.


If TDSSKiller asks you to close all programs please allow it to do so.


Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)


If TDSSKiller asks to reboot your computer please allow it to do so.

Please post the content of that log TDSSKiller



NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

Advertisements


#11
terencemag

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53AC8551-0DE0-4606-8A1E-A51AF20ADD60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53AC8551-0DE0-4606-8A1E-A51AF20ADD60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01b09d6f-ba71-11de-8e73-0024e8d6687f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01b09d6f-ba71-11de-8e73-0024e8d6687f}\ not found.
File E:\SysAnti.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01b09d6f-ba71-11de-8e73-0024e8d6687f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01b09d6f-ba71-11de-8e73-0024e8d6687f}\ not found.
File E:\SysAnti.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01b09d6f-ba71-11de-8e73-0024e8d6687f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01b09d6f-ba71-11de-8e73-0024e8d6687f}\ not found.
File E:\SysAnti.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66b00972-3b60-11df-8d80-0024e8d6687f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66b00972-3b60-11df-8d80-0024e8d6687f}\ not found.
File H:\PMBP_Win.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76950cac-52d4-11df-8499-0c60760beeb4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76950cac-52d4-11df-8499-0c60760beeb4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76950cac-52d4-11df-8499-0c60760beeb4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76950cac-52d4-11df-8499-0c60760beeb4}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76950cca-52d4-11df-8499-0024e8d6687f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76950cca-52d4-11df-8499-0024e8d6687f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76950cca-52d4-11df-8499-0024e8d6687f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76950cca-52d4-11df-8499-0024e8d6687f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e70ef7c2-dfd4-11de-ad88-0c60760beeb4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e70ef7c2-dfd4-11de-ad88-0c60760beeb4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e70ef7c2-dfd4-11de-ad88-0c60760beeb4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e70ef7c2-dfd4-11de-ad88-0c60760beeb4}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e70ef7d1-dfd4-11de-ad88-0c60760beeb4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e70ef7d1-dfd4-11de-ad88-0c60760beeb4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e70ef7d1-dfd4-11de-ad88-0c60760beeb4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e70ef7d1-dfd4-11de-ad88-0c60760beeb4}\ not found.
File E:\AutoRun.exe not found.
C:\ProgramData\MSTNSRSXJGE folder moved successfully.
C:\ProgramData\7911b85\Quarantine Items folder moved successfully.
C:\ProgramData\7911b85\MSESys folder moved successfully.
C:\ProgramData\7911b85\BackUp folder moved successfully.
C:\ProgramData\7911b85 folder moved successfully.
File C:\Users\terencemagpie\Documents\Megaporn.com - hot tutor [bleep]ed.flv_ not found.
File C:\Users\terencemagpie\Documents\Megaporn.com - http3A2F2Fsex520.net2F-323.flv_ not found.
C:\Windows\System32\drivers\cntnr0.sys moved successfully.
File C:\Windows\System32\drivers\cntnr0.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: terencemagpie
->Temp folder emptied: 1336139968 bytes
->Temporary Internet Files folder emptied: 30147589 bytes
->Java cache emptied: 81351002 bytes
->FireFox cache emptied: 90556502 bytes
->Flash cache emptied: 2030402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 151549825 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,613.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: terencemagpie
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.5.0 log created on 05292010_230240

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#12
terencemag

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
23:16:00:108 5368 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
23:16:00:108 5368 ================================================================================
23:16:00:108 5368 SystemInfo:

23:16:00:108 5368 OS Version: 6.0.6001 ServicePack: 1.0
23:16:00:108 5368 Product type: Workstation
23:16:00:108 5368 ComputerName: TERENCEMAGPI-PC
23:16:00:108 5368 UserName: terencemagpie
23:16:00:108 5368 Windows directory: C:\Windows
23:16:00:108 5368 Processor architecture: Intel x86
23:16:00:108 5368 Number of processors: 2
23:16:00:108 5368 Page size: 0x1000
23:16:00:108 5368 Boot type: Normal boot
23:16:00:108 5368 ================================================================================
23:16:06:956 5368 Initialize success
23:16:06:956 5368
23:16:06:956 5368 Scanning Services ...
23:16:07:658 5368 Raw services enum returned 441 services
23:16:07:658 5368
23:16:07:658 5368 Scanning Drivers ...
23:16:07:986 5368 ACPI (c7c7606b37c77632949bf55e7fde494e) C:\Windows\system32\drivers\acpi.sys
23:16:08:033 5368 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:16:08:048 5368 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:16:08:079 5368 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:16:08:095 5368 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:16:08:142 5368 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
23:16:08:173 5368 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:16:08:189 5368 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:16:08:204 5368 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:16:08:235 5368 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:16:08:267 5368 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:16:08:298 5368 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:16:08:313 5368 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
23:16:08:345 5368 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:16:08:376 5368 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:16:08:376 5368 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:16:08:423 5368 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
23:16:08:469 5368 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\Windows\System32\Drivers\avgldx86.sys
23:16:08:516 5368 AvgMfx86 (f9caeec3ff1545991f490264429724c5) C:\Windows\System32\Drivers\avgmfx86.sys
23:16:08:579 5368 AvgTdiX (cf9ac576490bb6c547cd16ef0b782358) C:\Windows\System32\Drivers\avgtdix.sys
23:16:08:610 5368 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
23:16:08:672 5368 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
23:16:08:719 5368 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:16:08:735 5368 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:16:08:766 5368 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
23:16:08:797 5368 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:16:08:813 5368 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:16:08:828 5368 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:16:08:859 5368 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:16:08:891 5368 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:16:08:906 5368 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:16:08:937 5368 BthEnum (c7065fa296c91bf054f421b0ebf93461) C:\Windows\system32\DRIVERS\BthEnum.sys
23:16:08:953 5368 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:16:08:969 5368 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
23:16:09:000 5368 BthPort (1712d956e5a96f866d6791869e99b1d6) C:\Windows\system32\Drivers\BTHport.sys
23:16:09:031 5368 BTHUSB (66088e161e769d11c3134bc23d0e6144) C:\Windows\system32\Drivers\BTHUSB.sys
23:16:09:047 5368 btwaudio (489727ea3dceba3bac3215f94bfbcaa1) C:\Windows\system32\drivers\btwaudio.sys
23:16:09:078 5368 btwavdt (dead0e02e2efdb03209c9237e93a619c) C:\Windows\system32\drivers\btwavdt.sys
23:16:09:109 5368 btwl2cap (b9920fb30bcaff10c111654909b275c9) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:16:09:125 5368 btwrchid (280e088046dcac249bb08505e296db86) C:\Windows\system32\DRIVERS\btwrchid.sys
23:16:09:156 5368 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:16:09:171 5368 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
23:16:09:187 5368 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:16:09:218 5368 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
23:16:09:249 5368 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:16:09:265 5368 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:16:09:296 5368 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\DRIVERS\compbatt.sys
23:16:09:312 5368 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:16:09:327 5368 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:16:09:359 5368 CtClsFlt (b27d15c551a6678137c6b751b160756d) C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:16:09:374 5368 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
23:16:09:390 5368 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
23:16:09:421 5368 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
23:16:09:483 5368 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
23:16:09:530 5368 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:16:09:577 5368 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
23:16:09:608 5368 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:16:09:639 5368 EMSC (f41bd011c5e304e99076f6893e46eee4) C:\Windows\system32\DRIVERS\EMSC.SYS
23:16:09:671 5368 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:16:09:702 5368 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
23:16:09:717 5368 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
23:16:09:749 5368 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:16:09:764 5368 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:16:09:795 5368 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:16:09:811 5368 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:16:09:827 5368 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
23:16:09:842 5368 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:16:09:873 5368 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:16:09:920 5368 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:16:09:936 5368 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:16:09:951 5368 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:16:09:983 5368 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:16:09:998 5368 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
23:16:10:014 5368 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:16:10:061 5368 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
23:16:10:107 5368 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:16:10:154 5368 hwusbfake (1d4d6d24256f61e6b08a3cf8184a78b8) C:\Windows\system32\DRIVERS\ewusbfake.sys
23:16:10:201 5368 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:16:10:217 5368 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:16:10:248 5368 iaStor (6c554f5638be4b8d0ecf8b5c00b13eec) C:\Windows\system32\DRIVERS\iaStor.sys
23:16:10:263 5368 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:16:10:404 5368 igfx (b3e013a169539f894c103293391ed404) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:16:10:544 5368 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:16:10:575 5368 IntcHdmiAddService (362b19109f9b6f68c8e2a35efc9144a0) C:\Windows\system32\drivers\IntcHdmi.sys
23:16:10:575 5368 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:16:10:622 5368 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:16:10:653 5368 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:16:10:700 5368 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:16:10:716 5368 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:16:10:731 5368 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:16:10:763 5368 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:16:10:778 5368 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
23:16:10:856 5368 ISODrive (3ff410ccffcc6a25f33080b8f6e345cd) C:\Program Files\UltraISO\drivers\ISODrive.sys
23:16:10:872 5368 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:16:10:887 5368 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:16:10:903 5368 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:16:10:934 5368 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
23:16:10:965 5368 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\Windows\system32\drivers\klmd.sys
23:16:11:012 5368 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
23:16:11:059 5368 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:16:11:075 5368 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:16:11:106 5368 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:16:11:121 5368 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:16:11:137 5368 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:16:11:153 5368 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:16:11:184 5368 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:16:11:215 5368 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:16:11:246 5368 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:16:11:262 5368 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:16:11:293 5368 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:16:11:309 5368 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:16:11:340 5368 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:16:11:355 5368 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:16:11:371 5368 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:16:11:387 5368 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
23:16:11:433 5368 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:16:11:465 5368 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:16:11:496 5368 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:16:11:527 5368 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
23:16:11:543 5368 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:16:11:574 5368 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:16:11:589 5368 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:16:11:605 5368 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:16:11:621 5368 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:16:11:636 5368 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:16:11:652 5368 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
23:16:11:667 5368 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:16:11:683 5368 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:16:11:699 5368 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
23:16:11:730 5368 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
23:16:11:777 5368 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
23:16:11:792 5368 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:16:11:823 5368 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:16:11:839 5368 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
23:16:11:855 5368 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:16:11:870 5368 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:16:11:886 5368 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
23:16:11:917 5368 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:16:11:933 5368 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
23:16:11:948 5368 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:16:11:979 5368 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
23:16:12:026 5368 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:16:12:026 5368 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:16:12:042 5368 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:16:12:073 5368 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:16:12:089 5368 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:16:12:135 5368 O2MDGRDR (f2d06e3c56cc5523bbe524771c68422b) C:\Windows\system32\DRIVERS\o2mdg.sys
23:16:12:151 5368 O2SDGRDR (81b9914963b7d57ec7871447340b2408) C:\Windows\system32\DRIVERS\o2sdg.sys
23:16:12:198 5368 OA012Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA012Ufd.sys
23:16:12:213 5368 OA012Vid (8ece0772d94d52cc1bb6686df60a2254) C:\Windows\system32\DRIVERS\OA012Vid.sys
23:16:12:245 5368 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
23:16:12:260 5368 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:16:12:291 5368 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
23:16:12:307 5368 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:16:12:323 5368 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
23:16:12:338 5368 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
23:16:12:369 5368 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:16:12:401 5368 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:16:12:447 5368 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:16:12:463 5368 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:16:12:510 5368 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
23:16:12:557 5368 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:16:12:603 5368 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:16:12:635 5368 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:16:12:650 5368 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:16:12:666 5368 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:16:12:681 5368 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
23:16:12:713 5368 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
23:16:12:728 5368 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
23:16:12:759 5368 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:16:12:791 5368 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:16:12:806 5368 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:16:12:837 5368 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
23:16:12:869 5368 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
23:16:12:900 5368 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:16:12:931 5368 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
23:16:12:962 5368 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:16:12:978 5368 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
23:16:13:009 5368 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:16:13:025 5368 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:16:13:056 5368 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:16:13:071 5368 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:16:13:103 5368 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:16:13:118 5368 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:16:13:134 5368 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:16:13:149 5368 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:16:13:165 5368 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:16:13:181 5368 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:16:13:212 5368 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:16:13:227 5368 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
23:16:13:243 5368 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:16:13:274 5368 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
23:16:13:321 5368 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
23:16:13:337 5368 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
23:16:13:383 5368 STHDA (036518b63b5461d102e40681e8dcb50e) C:\Windows\system32\DRIVERS\stwrt.sys
23:16:13:446 5368 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:16:13:461 5368 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:16:13:477 5368 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:16:13:493 5368 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:16:13:539 5368 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
23:16:13:602 5368 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
23:16:13:633 5368 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
23:16:13:649 5368 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
23:16:13:664 5368 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:16:13:680 5368 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:16:13:711 5368 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
23:16:13:727 5368 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
23:16:13:742 5368 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:16:13:758 5368 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:16:13:789 5368 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
23:16:13:805 5368 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:16:13:836 5368 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
23:16:13:851 5368 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:16:13:867 5368 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:16:13:883 5368 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:16:13:914 5368 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:16:13:929 5368 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:16:13:961 5368 usbccgp (5e41e1c8a51c5808f9a83eac167123a6) C:\Windows\system32\DRIVERS\usbccgp.sys
23:16:13:992 5368 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:16:14:007 5368 usbehci (145581b8ca4ad9c9c26fb89b178d1de6) C:\Windows\system32\DRIVERS\usbehci.sys
23:16:14:039 5368 usbhub (3b319e0792536573e78adb28d97a8cec) C:\Windows\system32\DRIVERS\usbhub.sys
23:16:14:054 5368 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:16:14:070 5368 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
23:16:14:101 5368 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:16:14:132 5368 usbuhci (12174cf4b1b513c90c34cf74a18fbbd4) C:\Windows\system32\DRIVERS\usbuhci.sys
23:16:14:148 5368 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:16:14:179 5368 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:16:14:195 5368 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:16:14:226 5368 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:16:14:241 5368 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:16:14:257 5368 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:16:14:288 5368 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:16:14:319 5368 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
23:16:14:335 5368 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
23:16:14:366 5368 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:16:14:382 5368 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:16:14:397 5368 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:16:14:413 5368 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:16:14:429 5368 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:16:14:444 5368 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:16:14:491 5368 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:16:14:522 5368 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
23:16:14:538 5368 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:16:14:569 5368 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:16:14:569 5368
23:16:14:569 5368 Completed
23:16:14:569 5368
23:16:14:569 5368 Results:
23:16:14:569 5368 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
23:16:14:569 5368 File objects infected / cured / cured on reboot: 0 / 0 / 0
23:16:14:569 5368
23:16:14:585 5368 KLMD(ARK) unloaded successfully
  • 0

#13
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Are you working on the ComboFix scan now?
  • 0

#14
terencemag

terencemag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ComboFix 10-05-28.08 - terencemagpie 29/05/2010 23:23:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.60.1033.18.2008.884 [GMT 8:00]
Running from: c:\users\terencemagpie\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\TERENC~1\FAVORI~1\¾«Æ·ÍøÖ·µ¼º½.url
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\?°? ?????? ?°? - Powered by Discuz!.url
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.tmp
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\terencemagpie\Favorites\¾«Æ·ÍøÖ·µ¼º½.url
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\ime\SPTIPIME.ini
c:\windows\ime\SPTIPIMERS.ini
c:\windows\system32\st326195.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.

2010-05-29 15:30 . 2010-05-29 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-29 15:02 . 2010-05-29 15:02 -------- d-----w- C:\_OTL
2010-05-27 12:01 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-26 06:02 . 2010-05-26 06:02 733184 ----a-w- c:\programdata\WebEx\WebEx\926\atastrm.dll
2010-05-26 06:01 . 2010-05-26 06:01 630784 ----a-w- c:\programdata\WebEx\WebEx\926\mutiltpd.dll
2010-05-26 06:01 . 2010-05-26 06:01 77824 ----a-w- c:\programdata\WebEx\WebEx\926\mticket.dll
2010-05-26 06:00 . 2010-05-26 06:00 237568 ----a-w- c:\programdata\WebEx\WebEx\926\strsess.dll
2010-05-26 06:00 . 2010-05-26 06:09 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\webex
2010-05-26 06:00 . 2010-05-26 06:00 81408 ----a-w- c:\programdata\WebEx\WebEx\926\atjpeg60.dll
2010-05-26 06:00 . 2010-05-26 06:00 65536 ----a-w- c:\programdata\WebEx\WebEx\926\atnetext.dll
2010-05-26 06:00 . 2010-05-26 06:00 45056 ----a-w- c:\programdata\WebEx\WebEx\926\atdocvu.dll
2010-05-26 06:00 . 2010-05-26 06:00 5702 ----a-w- c:\programdata\WebEx\WebEx\926\atkbctl.dll
2010-05-26 06:00 . 2010-05-26 06:00 30080 ----a-w- c:\programdata\WebEx\WebEx\926\atasanot.exe
2010-05-26 06:00 . 2010-05-26 06:00 24576 ----a-w- c:\programdata\WebEx\WebEx\926\atmemmgr.dll
2010-05-26 06:00 . 2010-05-26 06:00 49152 ----a-w- c:\programdata\WebEx\WebEx\926\wbxtrace.dll
2010-05-26 06:00 . 2010-05-26 06:00 45121 ----a-w- c:\programdata\WebEx\WebEx\926\raurl.dll
2010-05-26 06:00 . 2010-05-26 06:00 163840 ----a-w- c:\programdata\WebEx\WebEx\926\uilibres.dll
2010-05-26 05:58 . 2010-05-26 05:58 150087 ----a-w- c:\programdata\WebEx\WebEx\926\atdl2006.dll
2010-05-26 05:58 . 2010-05-26 05:58 401462 ----a-w- c:\programdata\WebEx\WebEx\926\msvcp60.dll
2010-05-26 05:58 . 2010-05-26 05:58 2084864 ----a-w- c:\programdata\WebEx\WebEx\926\atpdmod.dll
2010-05-26 05:58 . 2010-05-26 05:58 286720 ----a-w- c:\programdata\WebEx\WebEx\926\attp.dll
2010-05-26 05:58 . 2010-05-26 05:58 311296 ----a-w- c:\programdata\WebEx\WebEx\926\atlchat.dll
2010-05-26 05:57 . 2010-05-26 05:57 402744 ----a-w- c:\programdata\WebEx\atcliun.exe
2010-05-26 05:57 . 2010-05-26 05:57 380928 ----a-w- c:\programdata\WebEx\WebEx\926\atarm.dll
2010-05-26 05:57 . 2010-05-26 05:57 376832 ----a-w- c:\programdata\WebEx\WebEx\926\atpollk2.dll
2010-05-26 05:56 . 2010-05-26 05:56 396160 ----a-w- c:\programdata\WebEx\WebEx\926\atasctrl.dll
2010-05-26 05:55 . 2010-05-26 05:56 3563520 ----a-w- c:\programdata\WebEx\WebEx\926\pfwres.dll
2010-05-26 05:55 . 2010-05-26 05:55 458752 ----a-w- c:\programdata\WebEx\WebEx\926\atwbxui7.dll
2010-05-26 05:54 . 2010-05-26 05:54 3043328 ----a-w- c:\programdata\WebEx\WebEx\926\atres.dll
2010-05-26 05:54 . 2010-05-26 05:54 548864 ----a-w- c:\programdata\WebEx\WebEx\926\mmssl32.dll
2010-05-26 05:51 . 2010-05-26 05:51 79160 ----a-w- c:\programdata\WebEx\WebEx\926\atinst.exe
2010-05-26 05:51 . 2010-05-26 05:51 62848 ----a-w- c:\programdata\WebEx\WebEx\926\ateccli.dll
2010-05-26 05:51 . 2010-05-26 05:51 254005 ----a-w- c:\programdata\WebEx\WebEx\926\msvcrt.dll
2010-05-26 05:51 . 2010-05-26 05:51 83256 ----a-w- c:\programdata\WebEx\WebEx\926\atmgr.exe
2010-05-26 05:51 . 2010-05-26 05:51 101760 ----a-w- c:\programdata\WebEx\ieatgpc.dll
2010-05-26 05:50 . 2010-05-26 05:50 239488 ----a-w- c:\programdata\WebEx\WebEx\926\atgpcext.dll
2010-05-26 05:49 . 2010-05-26 05:49 28472 ----a-w- c:\programdata\WebEx\WebEx\926\atgpcdec.dll
2010-05-26 05:49 . 2010-05-26 05:57 -------- d-----w- c:\programdata\WebEx
2010-05-25 09:27 . 2010-05-25 09:27 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-25 09:27 . 2010-05-25 09:27 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-25 09:27 . 2010-05-25 09:27 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-25 09:27 . 2010-05-25 09:27 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-25 09:27 . 2010-05-25 09:27 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-25 09:27 . 2010-05-25 09:27 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-25 09:27 . 2010-05-25 09:27 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-25 09:27 . 2010-05-25 09:27 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-25 09:27 . 2010-05-25 09:27 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-25 09:26 . 2010-05-25 09:26 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-25 09:25 . 2010-05-25 09:26 -------- d-----w- c:\program files\Common Files\Real
2010-05-25 09:25 . 2010-05-25 09:26 -------- d-----w- c:\program files\Real
2010-05-23 16:29 . 2010-05-25 09:13 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-23 16:29 . 2010-05-23 16:22 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-23 16:28 . 2010-05-24 05:29 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\DivX
2010-05-23 16:28 . 2010-05-25 09:12 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-23 16:24 . 2010-05-25 09:12 -------- d-----w- c:\program files\DivX
2010-05-23 16:23 . 2010-05-25 09:13 -------- d-----w- c:\programdata\DivX
2010-05-19 12:03 . 2010-05-19 12:03 -------- d-----w- c:\program files\DownloadToolz
2010-05-17 08:23 . 2010-05-17 08:23 -------- d-----w- c:\program files\MSECache
2010-05-13 08:41 . 2010-05-13 08:41 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\Malwarebytes
2010-05-13 08:40 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 08:40 . 2010-05-13 08:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 08:40 . 2010-05-13 08:40 -------- d-----w- c:\programdata\Malwarebytes
2010-05-13 08:40 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 17:35 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-12 17:35 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-12 17:35 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-05-12 17:31 . 2010-02-18 17:36 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-12 17:30 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-05-12 17:30 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-05-12 17:26 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-05-12 17:24 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-05-12 17:24 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-05-12 17:24 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-05-12 17:24 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-05-12 17:24 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-05-12 17:24 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-05-12 17:24 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-05-12 17:24 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-05-12 17:24 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-05-12 17:24 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-05-12 17:24 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-05-12 17:24 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-05-12 09:45 . 2007-03-20 06:49 2781184 ----a-w- c:\users\terencemagpie\AppData\Roaming\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2010-05-05 18:34 . 2010-05-05 18:35 -------- d-----w- c:\users\terencemagpie\funshion
2010-05-05 18:34 . 2010-05-05 18:34 -------- d-----w- c:\program files\Funshion Online
2010-05-03 01:36 . 2010-05-03 01:36 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\Octoshape
2010-05-02 17:34 . 2010-05-02 17:34 -------- d-sh--w- c:\windows\ftpcache
2010-04-30 22:05 . 2010-04-30 22:05 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\Acapela Group
2010-04-30 22:05 . 2010-04-30 22:05 -------- d-----w- c:\users\terencemagpie\AppData\Local\Xtranormal
2010-04-30 22:02 . 2010-04-30 22:02 -------- d-----w- c:\program files\Xtranormal
2010-04-30 22:02 . 2010-04-30 22:05 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\Xtranormal
2010-04-30 14:40 . 2010-04-30 14:40 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\ScrapeBox Link Checker Free Edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 15:06 . 2009-09-17 01:20 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-29 05:56 . 2010-04-07 20:06 -------- d-----w- c:\program files\Keyword Elite 2.0
2010-05-27 09:50 . 2010-03-24 17:17 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\uTorrent
2010-05-25 09:26 . 2009-11-24 07:49 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-24 22:26 . 2009-12-02 08:46 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\FileZilla
2010-05-22 10:01 . 2009-09-24 12:37 57216 ----a-w- c:\users\terencemagpie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-20 13:51 . 2009-09-24 14:19 -------- d-----w- c:\program files\Google
2010-05-13 01:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-02 18:13 . 2009-07-20 10:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-30 14:29 . 2009-12-16 12:35 -------- d-----w- c:\program files\FlashGet
2010-04-28 15:46 . 2009-12-03 06:29 -------- d-----w- c:\program files\Maxis Broadband
2010-04-27 15:14 . 2010-04-02 13:13 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\WinFF
2010-04-27 12:03 . 2010-04-27 12:03 0 ----a-w- c:\windows\nsreg.dat
2010-04-27 11:58 . 2010-04-13 02:45 -------- d-----w- c:\programdata\Skype
2010-04-27 05:32 . 2010-04-27 05:32 105212 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-25 14:44 . 2010-04-25 14:38 -------- d-----w- c:\program files\Instant Article Wizard 2.0
2010-04-23 11:38 . 2010-04-13 02:46 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\Skype
2010-04-23 11:36 . 2010-04-13 02:47 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\skypePM
2010-04-22 05:02 . 2010-03-21 16:54 -------- d-----w- c:\program files\Common Files\AOL
2010-04-21 00:11 . 2009-10-28 15:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-14 14:13 . 2010-04-14 14:11 -------- d-----w- c:\programdata\WinZip
2010-04-13 02:47 . 2010-04-13 02:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-07 20:11 . 2010-04-07 20:09 -------- d-----w- c:\programdata\Keyword Elite 2.0
2010-04-07 19:40 . 2010-04-07 19:40 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2010-04-05 21:35 . 2010-04-05 21:35 -------- d-----w- c:\program files\Traffic Travis v3
2010-04-05 21:35 . 2010-04-05 21:35 -------- d-----w- c:\users\terencemagpie\AppData\Roaming\Affilorama
2010-04-04 10:54 . 2010-04-04 10:54 -------- d-----w- c:\programdata\Micro Niche Finder
2010-04-04 10:04 . 2010-04-04 10:04 -------- d-----w- c:\program files\Micro Niche Finder
2010-04-03 08:02 . 2010-04-03 08:02 -------- d-----w- c:\program files\Playinator
2010-03-27 14:03 . 2010-03-27 14:03 65024 ----a-w- c:\windows\IFinst26.exe
2010-03-17 00:29 . 2010-03-17 00:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 00:29 . 2009-10-28 15:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 00:28 . 2009-10-28 15:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 16:28 . 2010-05-12 17:33 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-05-12 17:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-05-12 17:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-06 20:04 . 2010-03-06 20:03 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-03-06 02:34 . 2010-03-06 02:34 20 ----a-w- c:\windows\system32\pub_store.dat
2010-03-04 18:54 . 2010-05-12 17:31 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 12:02 . 2010-03-01 12:02 29926 ----a-r- c:\users\terencemagpie\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
2010-03-01 12:02 . 2010-03-01 12:02 29422 ----a-r- c:\users\terencemagpie\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
2009-07-20 10:43 . 2009-07-20 10:43 75 --sha-r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-04-27 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-19 1451304]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-05-12 450652]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-16 3810304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-07 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-13 153624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"WLSS"="c:\program files\Wireless Select Switch\WLSS.exe" [2009-04-15 550184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-25 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-20 10:35 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^?????????.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\?????????.lnk
backup=c:\windows\pss\?????????.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^terencemagpie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ÌÚѶQQ.lnk]
path=c:\users\terencemagpie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÌÚѶQQ.lnk
backup=c:\windows\pss\ÌÚѶQQ.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 17:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2009-03-03 21:01 405639 ----a-w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Pinyin 2 Autoupdater]
2009-09-28 16:28 1009648 ----a-w- c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 10:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-13 14:39 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-839650790-1182488598-3075496029-1000]
"EnableNotificationsRef"=dword:00000002

R2 9iQ79cE79kU7m3;9iQ79cE79kU7m3;c:\windows\system32\drivers\555e555555.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-24 133104]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2007-10-25 17192]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-17 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a1ffb3e6\aestsrv.exe [2009-05-12 81920]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-17 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-03-12 143840]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-05-23 58016]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-05-08 41504]
S3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\DRIVERS\OA012Ufd.sys [2009-03-05 133632]
S3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\DRIVERS\OA012Vid.sys [2009-07-07 272256]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD23
*Deregistered* - klmd23

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-24 14:19]

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-24 14:19]

2010-05-29 c:\windows\Tasks\User_Feed_Synchronization-{50924E06-01AF-492E-9855-FFE4755D3521}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\terencemagpie\AppData\Roaming\Mozilla\Firefox\Profiles\s6agvqip.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
FF - plugin: c:\program files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(119).dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Aim - c:\program files\AIM\aim.exe
MSConfigStartUp-googletalk - c:\users\terencemagpie\AppData\Roaming\Google\Google Talk\googletalk.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 23:30
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839650790-1182488598-3075496029-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*C*O*M*@*‡V0R{\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-29 23:34:40
ComboFix-quarantined-files.txt 2010-05-29 15:34

Pre-Run: 24,887,103,488 bytes free
Post-Run: 24,820,338,688 bytes free

- - End Of File - - 792B3931913925771E47340EB1FFB744
  • 0

#15
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
How are things running??

Add/Remove Programs
I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

A text file should open. Post the contents of that file in your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP