Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect using Firefox now IE


  • Please log in to reply

#1
damien2409

damien2409

    Member

  • Member
  • PipPip
  • 11 posts
Hello

Recently My Google search results have been redirecting to random sites when clicking on the link I want. It was only an issue with Firefox, however as a last gasp effort after trying everything else I decided to uninstall Firefox and now the redirection is happening with IE 9. I notice in the left hand bottom corner of the explorer window where the page address is displayed while loading it changes from the site I want to www.lilbwy.net then the bogus redirect site appears. Anyway I have tried Superantispyware, Hjt, Spyware doctor, Kapersky, TDDS killer and many tutorials checking my hosts file, DNS settings and proxy settings. Everything appears to be normal however I am still being redirected...I notice this in the OTL log as being suspiciuos from eastern europe ----> O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.21.113.40 203.21.112.40

Please Help me!




OTL logfile created on: 3/19/2011 12:30:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\damien\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 140.35 Gb Free Space | 60.27% Space Free | Partition Type: NTFS
Drive E: | 43.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAMIEN-PC | User Name: damien | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/19 12:28:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Damien\Downloads\OTL.exe
PRC - [2011/03/16 18:56:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HJT\HijackThis.exe
PRC - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/05 08:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/06/25 12:57:52 | 000,253,952 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2010/06/25 12:57:36 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/12/29 08:13:28 | 000,761,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
PRC - [2009/10/04 11:52:45 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/10/04 11:52:45 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/10/04 11:52:43 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/10/04 11:52:28 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/10/04 11:52:27 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/26 10:25:36 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/06/10 11:13:58 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/06/05 17:07:52 | 000,256,512 | ---- | M] (SafeBoot International) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/06/03 03:11:34 | 000,065,808 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008/05/15 15:11:12 | 001,176,824 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/04/18 23:54:02 | 000,354,840 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
PRC - [2008/04/18 23:53:58 | 000,178,712 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
PRC - [2007/12/11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/05/15 16:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 16:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 16:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2006/12/08 19:32:08 | 000,303,104 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/03/19 12:28:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Damien\Downloads\OTL.exe
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/10/04 11:53:44 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/03/26 03:17:04 | 000,076,048 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (UZDFNSZYMJ)
SRV - File not found [Auto | Stopped] -- -- (RelevantKnowledge)
SRV - File not found [On_Demand | Stopped] -- -- (LIXGQRIB)
SRV - File not found [On_Demand | Stopped] -- -- (JIZZG)
SRV - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/06/25 12:57:36 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/04 11:52:28 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/10/04 11:52:27 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/06/10 11:13:58 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/06/05 17:07:52 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/06/03 03:06:56 | 000,112,400 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/06/03 03:06:50 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008/05/15 15:11:12 | 001,176,824 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/04/18 23:54:02 | 000,354,840 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE -- (IAANTMON) Intel®
SRV - [2008/01/21 12:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/15 16:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2006/12/08 19:32:08 | 000,303,104 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/01 18:04:36 | 000,055,224 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys -- (RapportCerberus_23945)
DRV - [2010/10/03 23:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/10 17:11:44 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/30 20:32:28 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2010/04/30 20:32:28 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010/04/30 20:32:28 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/04/30 20:32:28 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/04/30 20:32:28 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/01 18:35:22 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/10/04 11:53:43 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/04 11:53:35 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/04 11:53:33 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/05 17:08:44 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/06/05 17:08:42 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/06/05 17:08:40 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/06/05 17:08:38 | 000,109,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/15 13:29:32 | 000,475,520 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/04/28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/10 17:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/04/07 18:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/04/07 18:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/02/29 16:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/23 17:08:58 | 000,099,456 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bsusbser.sys -- (bsusbser)
DRV - [2008/01/21 12:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/06/22 09:54:32 | 000,087,424 | ---- | M] (Cmotech Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmusbnet.sys -- (cmusbnet) WAN Driver @ 3GPP (6280)
DRV - [2007/06/19 13:41:04 | 000,404,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\t3.sys -- (t3) SB Xtreme Audio Notebook (Vista)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/12/13 18:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://websearch.ask...=TES002YYAU&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/23 08:14:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/02 09:47:03 | 000,000,000 | ---D | M]

[2009/08/30 15:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damien\AppData\Roaming\Mozilla\Extensions
[2009/08/30 06:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damien\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/03/18 14:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\wofzm2pi.default\extensions
[2010/09/08 15:38:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\wofzm2pi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/19 08:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 10:05:06 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/14 18:48:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/12/23 08:14:14 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/18 16:18:30 | 000,000,036 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\System32\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Snmxlfufb] C:\Users\damien\AppData\Roaming\activeds0.dll ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.21.113.40 203.21.112.40
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/06/26 03:16:32 | 000,000,118 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0af4289b-dd9a-11de-b39a-001f29a885cc}\Shell\Auto\command - "" = autorun.bat
O33 - MountPoints2\{0af4289b-dd9a-11de-b39a-001f29a885cc}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.bat
O33 - MountPoints2\{0af4289b-dd9a-11de-b39a-001f29a885cc}\Shell\explore\Command - "" = autorun.bat
O33 - MountPoints2\{0b0b0913-035e-11e0-b2e2-9651fe74e168}\Shell - "" = AutoRun
O33 - MountPoints2\{0b0b0913-035e-11e0-b2e2-9651fe74e168}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1562fc09-7e38-11df-b90c-87a49008e7cf}\Shell - "" = AutoRun
O33 - MountPoints2\{1562fc09-7e38-11df-b90c-87a49008e7cf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1562fc15-7e38-11df-b90c-87a49008e7cf}\Shell - "" = AutoRun
O33 - MountPoints2\{1562fc15-7e38-11df-b90c-87a49008e7cf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{27ff7f51-12fd-11e0-a0bb-c341c8f80c94}\Shell - "" = AutoRun
O33 - MountPoints2\{27ff7f51-12fd-11e0-a0bb-c341c8f80c94}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe -- [2010/06/24 23:02:49 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{44a3248b-13a0-11e0-814d-cda06ec0411c}\Shell - "" = AutoRun
O33 - MountPoints2\{44a3248b-13a0-11e0-814d-cda06ec0411c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{44a32494-13a0-11e0-814d-f8e240288411}\Shell - "" = AutoRun
O33 - MountPoints2\{44a32494-13a0-11e0-814d-f8e240288411}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5560f873-f5e8-11df-9e57-f813119a8f07}\Shell - "" = AutoRun
O33 - MountPoints2\{5560f873-f5e8-11df-9e57-f813119a8f07}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5560f8b7-f5e8-11df-9e57-caa57db6e4b3}\Shell - "" = AutoRun
O33 - MountPoints2\{5560f8b7-f5e8-11df-9e57-caa57db6e4b3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5560f8b9-f5e8-11df-9e57-caa57db6e4b3}\Shell - "" = AutoRun
O33 - MountPoints2\{5560f8b9-f5e8-11df-9e57-caa57db6e4b3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5560f8cf-f5e8-11df-9e57-ac04e8c9ab49}\Shell - "" = AutoRun
O33 - MountPoints2\{5560f8cf-f5e8-11df-9e57-ac04e8c9ab49}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5560f8d1-f5e8-11df-9e57-ac04e8c9ab49}\Shell - "" = AutoRun
O33 - MountPoints2\{5560f8d1-f5e8-11df-9e57-ac04e8c9ab49}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6c61f57e-ac1d-11df-8095-da047ab5a82d}\Shell\AutoRun\command - "" = G:\wdsync.exe
O33 - MountPoints2\{7828c643-8345-11df-886c-860efc1593ca}\Shell - "" = AutoRun
O33 - MountPoints2\{7828c643-8345-11df-886c-860efc1593ca}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7ae6f6ef-f541-11df-9f1c-a345507ad0be}\Shell - "" = AutoRun
O33 - MountPoints2\{7ae6f6ef-f541-11df-9f1c-a345507ad0be}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7ae6f6fa-f541-11df-9f1c-a345507ad0be}\Shell - "" = AutoRun
O33 - MountPoints2\{7ae6f6fa-f541-11df-9f1c-a345507ad0be}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ac0b6033-ee1e-11df-933d-e405a48c171d}\Shell - "" = AutoRun
O33 - MountPoints2\{ac0b6033-ee1e-11df-933d-e405a48c171d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ac84ebf0-c107-11df-8cbe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ac84ebf0-c107-11df-8cbe-806e6f6e6963}\Shell\AutoRun\command - "" = E:\QsSetup.exe
O33 - MountPoints2\{c8838a1e-0f26-11e0-b4ba-f86fbda9b70e}\Shell - "" = AutoRun
O33 - MountPoints2\{c8838a1e-0f26-11e0-b4ba-f86fbda9b70e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe -- [2010/06/24 23:02:49 | 000,274,432 | R--- | M] (Vodafone)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/19 11:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2011/03/19 08:43:10 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/18 18:48:29 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\DriverCure
[2011/03/18 18:48:26 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\ParetoLogic
[2011/03/18 18:47:41 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/03/18 18:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/03/18 18:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/03/18 17:53:54 | 005,193,608 | ---- | C] (ParetoLogic Inc.) -- C:\Users\damien\Desktop\ParetoLogic PC Health Advisor.exe
[2011/03/17 17:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/03/17 17:43:02 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/03/17 06:55:36 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/03/17 06:55:36 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/03/17 06:55:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/03/17 06:49:03 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/03/17 06:49:03 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/03/17 06:48:40 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/03/17 06:48:40 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/03/17 06:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/03/17 06:48:25 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/03/17 06:48:12 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\PC Tools
[2011/03/17 06:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/03/16 19:27:57 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\EurekaLog
[2011/03/14 19:07:30 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2011/03/14 19:07:30 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2011/03/14 19:07:30 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2011/03/14 19:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2011/03/13 11:02:47 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\Registry Mechanic
[2011/03/13 10:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/03/12 07:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/02/24 16:02:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2009/08/19 20:17:20 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/08/19 20:17:19 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/19 13:05:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B9864FFB-EC85-4390-8741-5FBBF9179897}.job
[2011/03/19 12:46:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804673653-277593080-2016996137-1000UA.job
[2011/03/19 12:19:56 | 000,608,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/19 12:19:56 | 000,106,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/19 12:05:17 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/19 12:05:16 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/19 09:38:59 | 072,687,390 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/03/19 08:46:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804673653-277593080-2016996137-1000Core.job
[2011/03/19 08:43:20 | 000,002,047 | ---- | M] () -- C:\Users\damien\Desktop\Google Chrome.lnk
[2011/03/19 08:43:20 | 000,002,009 | ---- | M] () -- C:\Users\damien\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/19 08:13:42 | 000,000,000 | ---- | M] () -- C:\Users\damien\AppData\Local\prvlcl.dat
[2011/03/19 08:05:45 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2011/03/19 08:04:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/19 08:03:48 | 2071,265,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/19 08:02:14 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/03/19 07:12:29 | 000,000,903 | ---- | M] () -- C:\Users\damien\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/19 07:06:49 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/03/19 07:06:49 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/03/19 07:06:49 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/03/19 06:59:39 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/03/19 06:59:39 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/03/19 06:58:23 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/03/19 06:50:45 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/03/18 18:47:41 | 000,000,862 | ---- | M] () -- C:\Users\damien\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/03/18 18:00:05 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/03/18 17:54:31 | 005,193,608 | ---- | M] (ParetoLogic Inc.) -- C:\Users\damien\Desktop\ParetoLogic PC Health Advisor.exe
[2011/03/18 16:18:30 | 000,000,036 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/17 20:28:54 | 000,001,356 | ---- | M] () -- C:\Users\damien\AppData\Local\d3d9caps.dat
[2011/03/17 17:43:03 | 000,001,017 | ---- | M] () -- C:\Users\damien\Desktop\Revo Uninstaller.lnk
[2011/03/17 06:48:29 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/03/16 18:52:20 | 000,112,489 | ---- | M] () -- C:\Users\damien\Desktop\Silent Runners.zip
[2011/03/14 19:07:44 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/03/09 17:39:53 | 000,118,784 | RHS- | M] () -- C:\Users\damien\AppData\Roaming\activeds0.dll
[2011/02/28 17:57:35 | 000,000,036 | ---- | M] () -- C:\Users\damien\AppData\Local\housecall.guid.cache
[2011/02/28 06:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\File Helper.job
[2011/02/26 08:00:00 | 000,138,752 | ---- | M] () -- C:\Users\damien\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/19 08:43:20 | 000,002,047 | ---- | C] () -- C:\Users\damien\Desktop\Google Chrome.lnk
[2011/03/19 08:43:20 | 000,002,009 | ---- | C] () -- C:\Users\damien\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/19 08:41:04 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804673653-277593080-2016996137-1000UA.job
[2011/03/19 08:41:01 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804673653-277593080-2016996137-1000Core.job
[2011/03/19 07:12:29 | 000,000,909 | ---- | C] () -- C:\Users\damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/03/19 06:58:23 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/18 18:49:09 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/03/18 18:47:41 | 000,000,862 | ---- | C] () -- C:\Users\damien\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/03/18 18:47:40 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/03/18 18:47:36 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/03/18 18:47:33 | 000,000,360 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/03/17 20:33:34 | 2071,265,280 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/17 17:43:03 | 000,001,017 | ---- | C] () -- C:\Users\damien\Desktop\Revo Uninstaller.lnk
[2011/03/17 06:55:37 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/03/17 06:55:37 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/03/17 06:55:37 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/03/17 06:55:36 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2011/03/17 06:55:36 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/03/17 06:49:03 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2011/03/17 06:48:40 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2011/03/17 06:48:40 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2011/03/17 06:48:29 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/03/17 06:48:25 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2011/03/16 18:52:19 | 000,112,489 | ---- | C] () -- C:\Users\damien\Desktop\Silent Runners.zip
[2011/03/14 19:07:44 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/03/14 19:07:30 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2011/03/09 17:39:53 | 000,118,784 | RHS- | C] () -- C:\Users\Damien\AppData\Roaming\activeds0.dll
[2011/02/28 17:57:35 | 000,000,036 | ---- | C] () -- C:\Users\Damien\AppData\Local\housecall.guid.cache
[2011/02/24 15:56:41 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 15:56:41 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 15:56:41 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/01/26 09:04:04 | 000,001,554 | ---- | C] () -- C:\Users\Damien\AppData\Roaming\dvdae.config
[2010/11/02 18:12:45 | 000,000,934 | ---- | C] () -- C:\Windows\WirelessCard.INI
[2010/10/10 18:19:56 | 000,000,000 | ---- | C] () -- C:\Users\Damien\AppData\Local\prvlcl.dat
[2010/09/19 13:19:13 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/19 13:11:08 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010/09/19 13:06:59 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/08/23 19:18:05 | 001,774,720 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/08/23 19:18:05 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/08/23 19:18:05 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/08/23 19:18:05 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/08/23 19:18:05 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/07/20 18:05:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/20 18:05:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/20 18:05:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/20 18:05:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/20 18:05:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/21 18:05:34 | 000,157,470 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/01/26 08:01:12 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/22 15:02:12 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/12/14 13:15:38 | 000,000,289 | ---- | C] () -- C:\Windows\EReg077.dat
[2009/12/14 13:15:22 | 000,000,730 | ---- | C] () -- C:\Windows\E-REGTLC.INI
[2009/12/14 13:14:59 | 000,000,072 | ---- | C] () -- C:\Windows\HGSPEECH.INI
[2009/12/14 13:14:21 | 000,000,090 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2009/11/01 14:52:51 | 000,000,239 | ---- | C] () -- C:\Windows\ULead32.ini
[2009/11/01 14:52:11 | 000,000,010 | ---- | C] () -- C:\Windows\Wininit.ini
[2009/10/31 17:26:02 | 000,829,781 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/10/20 21:02:57 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini
[2009/10/07 09:14:27 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/27 08:08:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/27 08:08:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/27 08:07:21 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/09/10 20:06:39 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009/09/10 20:06:39 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009/09/10 20:06:39 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009/09/10 20:06:39 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009/09/10 20:06:39 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009/09/10 20:06:39 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009/09/10 20:06:39 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009/09/10 20:06:39 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009/09/10 20:06:39 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009/09/05 11:17:37 | 000,004,472 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini
[2009/09/05 11:17:25 | 000,000,049 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/09/05 11:17:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\t3.ini
[2009/09/05 11:16:51 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009/09/05 11:16:51 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009/09/05 11:16:51 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009/09/05 11:16:51 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009/09/05 11:16:51 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009/09/05 11:16:51 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009/09/05 11:16:51 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03RMi.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03RLI.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03FMi.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03DI.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02RMi.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02RLI.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02FMi.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02DI.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01Mic.ini
[2009/09/05 11:16:50 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009/09/05 11:16:50 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009/09/05 11:16:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01LI.ini
[2009/09/05 11:16:49 | 000,150,016 | ---- | C] () -- C:\Windows\System32\OemSpiE.dll
[2009/09/05 11:16:49 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009/09/05 11:16:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01DI.ini
[2009/09/05 11:16:30 | 000,105,472 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009/09/05 11:16:30 | 000,067,072 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2009/08/30 15:29:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/30 15:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/19 20:17:19 | 001,804,160 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/08/19 20:17:19 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/08/19 20:17:19 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/08/19 20:16:52 | 000,000,571 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2009/08/19 20:11:52 | 002,144,744 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/19 20:11:52 | 000,469,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/19 20:11:52 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1488.dll
[2009/08/19 20:11:52 | 000,100,900 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/08/19 20:11:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/08/11 20:02:46 | 000,000,552 | ---- | C] () -- C:\Users\Damien\AppData\Local\d3d8caps.dat
[2009/08/11 18:15:50 | 000,138,752 | ---- | C] () -- C:\Users\Damien\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/11 18:09:49 | 000,001,356 | ---- | C] () -- C:\Users\Damien\AppData\Local\d3d9caps.dat
[2009/03/25 03:20:00 | 000,004,268 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/06/05 17:08:38 | 000,109,184 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2006/11/02 22:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:43 | 000,374,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:33:01 | 000,608,644 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,106,114 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/04/04 13:30:00 | 000,110,592 | ---- | C] () -- C:\Windows\System32\scardsyn.dll
[1998/05/06 13:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== LOP Check ==========

[2011/03/16 19:27:57 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\BitZipper
[2010/01/28 13:33:27 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Blitware
[2011/03/18 18:48:29 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\DriverCure
[2011/03/16 19:27:57 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\EurekaLog
[2009/11/10 10:14:52 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Foxit
[2009/11/13 16:28:04 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Foxit Software
[2011/02/23 18:34:11 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\FrostWire
[2010/07/11 14:17:32 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Haenlein-Software
[2009/08/19 20:19:11 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Hewlett Packard
[2009/10/05 11:32:05 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\IrfanView
[2010/12/11 10:17:22 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Leawo
[2010/11/03 21:33:52 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\LimeWire
[2009/11/10 11:17:31 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Mobipocket
[2010/12/11 10:17:22 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Moyea
[2009/12/02 10:09:58 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Nokia
[2011/03/18 18:48:26 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\ParetoLogic
[2011/02/19 17:35:30 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\PC Suite
[2009/10/20 21:08:28 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\PowerCinema
[2011/03/13 11:03:59 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Registry Mechanic
[2010/11/22 16:54:01 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\ScanSoft
[2010/03/17 17:19:25 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Trusteer
[2010/12/30 08:05:53 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Vodafone
[2011/02/28 06:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\File Helper.job
[2011/03/18 18:00:05 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/03/19 07:06:49 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/03/19 07:06:49 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/03/19 07:06:49 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/03/19 06:50:45 | 000,000,360 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
[2011/03/19 08:05:45 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2011/03/19 08:02:06 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/19 13:05:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B9864FFB-EC85-4390-8741-5FBBF9179897}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E4EA859B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >










OTL Extras logfile created on: 3/19/2011 12:30:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\damien\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 140.35 Gb Free Space | 60.27% Space Free | Partition Type: NTFS
Drive E: | 43.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAMIEN-PC | User Name: damien | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2A4EF6-83EA-49A7-B9A6-653D91E0C257}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{46BF1450-8EC7-4F25-9B28-F1AC5B244B6B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{535F7518-C5FE-42FD-AA52-4929E589A957}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{62BA0AD9-9A3F-4423-A163-B498995ED33A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7EC63301-98A9-4D36-9058-4F1EDB42FCB8}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7EF056F4-EF01-472B-8E63-E4AAA06C1DF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7F36F3A7-5126-4A8A-9C2C-10A5A3FE9EAB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8AC3CEA3-5CB1-407A-83DF-2B376CFD9D2D}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B8AB8FF4-CC6C-4993-9CEC-67A2305232BA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CCD81FBE-465C-45C5-BCF8-F378E46645C6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E24E64ED-C474-47F0-90F0-B2E8284F793C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0091C7F0-0D5B-483F-AE85-1C1FDB095097}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{0283AC21-A194-42CD-B2EB-6EBE948A4EBB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{20878A73-189F-45B5-A3F2-A88416EF7C69}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{38C24F28-4EAE-48AC-A263-D8E578E53A9F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3CCBD658-C37E-4B1B-B6B9-C4D999EE2759}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{476A53A1-D845-4969-B373-F4DC52F994B4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{56EBFAD4-DCBB-4F49-A51F-2DA784D3B52F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5CBD916B-3C53-46FC-98D8-ADAEFAF8BB98}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{73DEA1C0-3E60-4590-A89A-53886A912AAD}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{7693C4F0-FED8-41A2-9230-12EBAC511DDF}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{7F48E5FD-D1C3-4657-95DD-46E9CE5BBC30}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{83869021-8BB0-468A-BC54-220EC5509A85}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{90AD9901-B48C-4D2C-9F2C-2FA6FF5450CE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{913990E3-7072-43BC-ACA1-D66E708D015B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9524BEA4-F504-416A-854F-F56B30125AA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{996BA073-63EB-49E4-AAD3-FEF720F2AC44}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9CCAD231-1F73-439E-ABFB-B6729E2DCD13}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A428507D-7B33-4120-90CE-2CFEF52ED22A}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{AF9E6200-2A3B-4C68-8D34-2215201BB74B}" = protocol=6 | dir=in | app=c:\users\damien\appdata\local\temp\~os6b5.tmp\rlvknlg.exe |
"{B4B1F23B-0DDE-4CF2-B8B2-87B078F3FCB4}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{B7E22415-963A-4D89-9A8B-B2AD674E47AE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BFB90F0F-DF63-46CB-892A-CF3E06E6AB44}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BFC67805-74D1-4AB1-9276-571BEE675335}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{C4CD4F83-B476-4FA3-8CA4-815E53359626}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D30D52FE-896A-42C3-A4CB-DB6C2FF299B3}" = protocol=6 | dir=in | app=c:\users\claire\appdata\local\temp\~os63b.tmp\rlvknlg.exe |
"{D55C81E2-7709-4DC1-8627-53D8D9E73D4D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D6AD147B-5650-44C7-A797-65A1F35E0408}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{DCD08101-4D9C-4251-8826-D519CB2358DF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{EA952978-AD5F-4DD2-A3C3-809A498E1760}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{B8CF9CA7-84DA-4AEA-961B-5CE1994CDED6}C:\program files\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"TCP Query User{D3BA343B-F7FE-41D1-B220-75735840202A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{ECDC4F55-C7C5-4692-A6C1-ADFC7721049C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{0F00A97B-88FF-4FBC-86CE-E3D4E1BBEF2E}C:\program files\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"UDP Query User{BC5CB2BF-B864-4A35-A0B7-28D39857E546}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{C963A39C-5B1B-4BB5-ADB5-0226791D97C3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{395AB8C5-F3A8-4380-8718-7A11EC5829F1}" = GRLmobile Broadband
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48DC0314-8310-4D35-B52D-878B5255F26A}" = HP JavaCard for HP ProtectTools
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55CABB2F-4513-4FF1-B912-B45F93FC5B01}" = AuthenTec Fingerprint Sensor Minimum Install
"{583C712B-884A-424A-9DAC-F169C73FB275}" = Credential Manager for HP ProtectTools
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-375CW
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760A193-8668-4FAB-B1B1-525C259F84DC}_is1" = File Helper 1.1.0.10
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{819F6BAD-35DA-4094-BCE6-F57AACE116D1}" = ESU for Microsoft Vista SP1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{983980FC-66FB-4ECC-A5D8-4565BE217733}" = SCR3xxx Smart Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A88F2CDC-E615-4C3E-BD14-0936B59F8481}" = Sound Blaster X-Fi
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B566F2E8-FCC6-4DDA-9C51-FA34681E196D}" = Swiftebook
"{BD60F72D-3F1F-4AE1-9C41-3CF75B2CA59A}" = DVR-Studio Pro
"{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}" = DVR-Studio Pro 2
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C43F0316-CAA1-45C3-AAA7-B2E52D7AE8CA}" = HP ProtectTools Security Manager
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FB05CD66-D5EC-4B2A-8C6C-D434133323F4}" = Drive Encryption for HP ProtectTools
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99461}" = AuthenTec Fingerprint System
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Any Video Converter_is1" = Any Video Converter 3.0.7
"AudioCS" = Creative Audio Console
"AVG8Uninstall" = AVG Free 8.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BitZipper_is1" = BitZipper 2010
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DVD Audio Extractor_is1" = DVD Audio Extractor 5.2.2
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.1.1 Home Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Evrsoft First Page 2006_is1" = Evrsoft First Page 2006
"FrostWire" = FrostWire 4.21.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{B566F2E8-FCC6-4DDA-9C51-FA34681E196D}" = Swiftebook
"JETSE.EXE" = Spanish for Everyone
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nokia PC Suite" = Nokia PC Suite
"Optus Wireless Broadband" = Optus Wireless Broadband
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"Rapport_msi" = Rapport
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Revo Uninstaller" = Revo Uninstaller 1.91
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"WinLiveSuite" = Windows Live Essentials
"YouTubeRobot_is1" = YouTube Robot 3.8.2009.921

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2010 11:51:19 PM | Computer Name = damien-PC | Source = Application Error | ID = 1000
Description = Faulting application Optus Wireless Broadband.exe, version 1.0.0.1,
time stamp 0x49152ef7, faulting module atcomm.dll_unloaded, version 0.0.0.0, time
stamp 0x49153534, exception code 0xc0000005, fault offset 0x021cae76, process id
0x22c4, application start time 0x01cb2ac3abddf2f0.

Error - 7/24/2010 6:04:29 PM | Computer Name = damien-PC | Source = RasClient | ID = 20227
Description =

Error - 7/25/2010 6:18:25 AM | Computer Name = damien-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module AcroRd32.dll, version 8.1.3.187, time stamp 0x48f5acd6, exception
code 0xc0000005, fault offset 0x000931c3, process id 0x4b5c, application start time
0x01cb2be29b582700.

Error - 7/26/2010 3:34:46 AM | Computer Name = damien-PC | Source = Application Error | ID = 1000
Description = Faulting application 1stpage.exe, version 3.0.0.0, time stamp 0x2a425e19,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x12df4, application start time
0x01cb2c94f545ded0.

Error - 7/27/2010 3:41:37 PM | Computer Name = damien-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/27/2010 3:43:20 PM | Computer Name = damien-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 7/27/2010 4:36:27 PM | Computer Name = damien-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/27/2010 4:37:13 PM | Computer Name = damien-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 7/28/2010 2:54:28 AM | Computer Name = damien-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/28/2010 2:55:22 AM | Computer Name = damien-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

[ System Events ]
Error - 3/18/2011 4:54:25 PM | Computer Name = damien-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 120.17.235.143
with the system having network hardware address 02-50-F3-00-00-00. Network operations
on this system may be disrupted as a result.

Error - 3/18/2011 5:01:12 PM | Computer Name = damien-PC | Source = DCOM | ID = 10010
Description =

Error - 3/18/2011 5:07:50 PM | Computer Name = damien-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/18/2011 5:32:21 PM | Computer Name = damien-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 120.17.178.248 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 120.17.54.81 (The DHCP
Server sent a DHCPNACK message).

Error - 3/18/2011 5:32:21 PM | Computer Name = damien-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 120.17.178.248
with the system having network hardware address 02-50-F3-00-00-00. Network operations
on this system may be disrupted as a result.

Error - 3/18/2011 6:06:25 PM | Computer Name = damien-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 3/18/2011 6:07:06 PM | Computer Name = damien-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/18/2011 6:07:08 PM | Computer Name = damien-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/18/2011 6:07:40 PM | Computer Name = damien-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 3/18/2011 9:51:16 PM | Computer Name = damien-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >
  • 0

Advertisements


#2
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,310 posts
Hi

Welcome to Geekstogo. I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

I notice this in the OTL log as being suspiciuos from eastern europe ----> O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.21.113.40 203.21.112.40

That's Hutchinson Telecoms in Australia - does that sound right?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (UZDFNSZYMJ)
    SRV - File not found [Auto | Stopped] -- -- (RelevantKnowledge)
    SRV - File not found [On_Demand | Stopped] -- -- (LIXGQRIB)
    SRV - File not found [On_Demand | Stopped] -- -- (JIZZG)
    O4 - HKLM..\Run: [] File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O33 - MountPoints2\{0af4289b-dd9a-11de-b39a-001f29a885cc}\Shell\Auto\command - "" = autorun.bat
    O33 - MountPoints2\{0af4289b-dd9a-11de-b39a-001f29a885cc}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.bat
    O33 - MountPoints2\{0af4289b-dd9a-11de-b39a-001f29a885cc}\Shell\explore\Command - "" = autorun.bat
    O33 - MountPoints2\{0b0b0913-035e-11e0-b2e2-9651fe74e168}\Shell - "" = AutoRun
    O33 - MountPoints2\{0b0b0913-035e-11e0-b2e2-9651fe74e168}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{1562fc09-7e38-11df-b90c-87a49008e7cf}\Shell - "" = AutoRun
    O33 - MountPoints2\{1562fc09-7e38-11df-b90c-87a49008e7cf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{1562fc15-7e38-11df-b90c-87a49008e7cf}\Shell - "" = AutoRun
    O33 - MountPoints2\{1562fc15-7e38-11df-b90c-87a49008e7cf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{27ff7f51-12fd-11e0-a0bb-c341c8f80c94}\Shell - "" = AutoRun
    O33 - MountPoints2\{27ff7f51-12fd-11e0-a0bb-c341c8f80c94}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe -- [2010/06/24 23:02:49 | 000,274,432 | R--- | M] (Vodafone)
    O33 - MountPoints2\{44a3248b-13a0-11e0-814d-cda06ec0411c}\Shell - "" = AutoRun
    O33 - MountPoints2\{44a3248b-13a0-11e0-814d-cda06ec0411c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{44a32494-13a0-11e0-814d-f8e240288411}\Shell - "" = AutoRun
    O33 - MountPoints2\{44a32494-13a0-11e0-814d-f8e240288411}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{5560f873-f5e8-11df-9e57-f813119a8f07}\Shell - "" = AutoRun
    O33 - MountPoints2\{5560f873-f5e8-11df-9e57-f813119a8f07}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{5560f8b7-f5e8-11df-9e57-caa57db6e4b3}\Shell - "" = AutoRun
    O33 - MountPoints2\{5560f8b7-f5e8-11df-9e57-caa57db6e4b3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{5560f8b9-f5e8-11df-9e57-caa57db6e4b3}\Shell - "" = AutoRun
    O33 - MountPoints2\{5560f8b9-f5e8-11df-9e57-caa57db6e4b3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{5560f8cf-f5e8-11df-9e57-ac04e8c9ab49}\Shell - "" = AutoRun
    O33 - MountPoints2\{5560f8cf-f5e8-11df-9e57-ac04e8c9ab49}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{5560f8d1-f5e8-11df-9e57-ac04e8c9ab49}\Shell - "" = AutoRun
    O33 - MountPoints2\{5560f8d1-f5e8-11df-9e57-ac04e8c9ab49}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{6c61f57e-ac1d-11df-8095-da047ab5a82d}\Shell\AutoRun\command - "" = G:\wdsync.exe
    O33 - MountPoints2\{7828c643-8345-11df-886c-860efc1593ca}\Shell - "" = AutoRun
    O33 - MountPoints2\{7828c643-8345-11df-886c-860efc1593ca}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{7ae6f6ef-f541-11df-9f1c-a345507ad0be}\Shell - "" = AutoRun
    O33 - MountPoints2\{7ae6f6ef-f541-11df-9f1c-a345507ad0be}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{7ae6f6fa-f541-11df-9f1c-a345507ad0be}\Shell - "" = AutoRun
    O33 - MountPoints2\{7ae6f6fa-f541-11df-9f1c-a345507ad0be}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{ac0b6033-ee1e-11df-933d-e405a48c171d}\Shell - "" = AutoRun
    O33 - MountPoints2\{ac0b6033-ee1e-11df-933d-e405a48c171d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{ac84ebf0-c107-11df-8cbe-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{ac84ebf0-c107-11df-8cbe-806e6f6e6963}\Shell\AutoRun\command - "" = E:\QsSetup.exe
    O33 - MountPoints2\{c8838a1e-0f26-11e0-b4ba-f86fbda9b70e}\Shell - "" = AutoRun
    O33 - MountPoints2\{c8838a1e-0f26-11e0-b4ba-f86fbda9b70e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe -- [2010/06/24 23:02:49 | 000,274,432 | R--- | M] (Vodafone)
    :Commands
    [purity]
    [emptytemp]
    
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
damien2409

damien2409

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi azarl,

Thanks for your help mate. Hutchinsons telecoms seems right.... Anyway here is the new log after following your directions.


OTL logfile created on: 3/20/2011 11:34:21 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\damien\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 140.50 Gb Free Space | 60.33% Space Free | Partition Type: NTFS
Drive E: | 43.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAMIEN-PC | User Name: damien | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/19 12:28:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Damien\Downloads\OTL.exe
PRC - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/05 08:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/06/25 12:57:52 | 000,253,952 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2010/06/25 12:57:36 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/10/04 11:52:45 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/10/04 11:52:45 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/10/04 11:52:43 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/10/04 11:52:28 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/10/04 11:52:27 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/26 10:25:36 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/06/10 11:13:58 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/06/05 17:07:52 | 000,256,512 | ---- | M] (SafeBoot International) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/06/03 03:11:34 | 000,065,808 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008/05/15 15:11:12 | 001,176,824 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/04/18 23:54:02 | 000,354,840 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
PRC - [2008/04/18 23:53:58 | 000,178,712 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
PRC - [2008/03/31 14:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2007/12/11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/05/15 16:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 16:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 16:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2006/12/08 19:32:08 | 000,303,104 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/03/19 12:28:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Damien\Downloads\OTL.exe
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/02/26 07:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/10/04 11:53:44 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/03/26 03:17:04 | 000,076,048 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/06/25 12:57:36 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/04 11:52:28 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/10/04 11:52:27 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/24 21:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/06/10 11:13:58 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/06/05 17:07:52 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/06/03 03:06:56 | 000,112,400 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/06/03 03:06:50 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008/05/15 15:11:12 | 001,176,824 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/04/18 23:54:02 | 000,354,840 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE -- (IAANTMON) Intel®
SRV - [2008/01/21 12:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/15 16:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2006/12/08 19:32:08 | 000,303,104 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/01 18:04:36 | 000,055,224 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys -- (RapportCerberus_23945)
DRV - [2010/10/03 23:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/10 17:11:44 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/30 20:32:28 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2010/04/30 20:32:28 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010/04/30 20:32:28 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/04/30 20:32:28 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/04/30 20:32:28 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/01 18:35:22 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/10/04 11:53:43 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/04 11:53:35 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/04 11:53:33 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/05 17:08:44 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/06/05 17:08:42 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/06/05 17:08:40 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/06/05 17:08:38 | 000,109,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/15 13:29:32 | 000,475,520 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/04/28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/10 17:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/04/07 18:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/04/07 18:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/02/29 16:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/23 17:08:58 | 000,099,456 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bsusbser.sys -- (bsusbser)
DRV - [2008/01/21 12:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/06/22 09:54:32 | 000,087,424 | ---- | M] (Cmotech Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmusbnet.sys -- (cmusbnet) WAN Driver @ 3GPP (6280)
DRV - [2007/06/19 13:41:04 | 000,404,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\t3.sys -- (t3) SB Xtreme Audio Notebook (Vista)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/12/13 18:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://websearch.ask...=TES002YYAU&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/23 08:14:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/02 09:47:03 | 000,000,000 | ---D | M]

[2009/08/30 15:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damien\AppData\Roaming\Mozilla\Extensions
[2009/08/30 06:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damien\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/03/18 14:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\wofzm2pi.default\extensions
[2010/09/08 15:38:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\wofzm2pi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/19 08:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 10:05:06 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/14 18:48:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/12/23 08:14:14 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/18 16:18:30 | 000,000,036 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\System32\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Snmxlfufb] C:\Users\damien\AppData\Roaming\activeds0.dll ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.21.113.40 203.21.112.40
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (APSHook.dll) - APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/06/26 03:16:32 | 000,000,118 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/20 11:09:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/19 11:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2011/03/19 08:43:10 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/18 18:48:29 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\DriverCure
[2011/03/18 18:48:26 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\ParetoLogic
[2011/03/18 18:47:41 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/03/18 18:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/03/18 18:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/03/18 17:53:54 | 005,193,608 | ---- | C] (ParetoLogic Inc.) -- C:\Users\damien\Desktop\ParetoLogic PC Health Advisor.exe
[2011/03/17 17:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/03/17 17:43:02 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/03/17 06:55:36 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/03/17 06:55:36 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/03/17 06:55:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/03/17 06:49:03 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/03/17 06:49:03 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/03/17 06:48:40 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/03/17 06:48:40 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/03/17 06:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/03/17 06:48:25 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/03/17 06:48:12 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\PC Tools
[2011/03/17 06:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/03/16 19:27:57 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\EurekaLog
[2011/03/14 19:07:30 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2011/03/14 19:07:30 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2011/03/14 19:07:30 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2011/03/14 19:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2011/03/13 11:02:47 | 000,000,000 | ---D | C] -- C:\Users\Damien\AppData\Roaming\Registry Mechanic
[2011/03/13 10:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/03/12 07:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/02/24 16:02:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2009/08/19 20:17:20 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/08/19 20:17:19 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/03/20 11:50:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B9864FFB-EC85-4390-8741-5FBBF9179897}.job
[2011/03/20 11:46:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804673653-277593080-2016996137-1000UA.job
[2011/03/20 11:31:38 | 000,608,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/20 11:31:38 | 000,106,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/20 11:25:45 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2011/03/20 11:24:54 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/20 11:24:54 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/20 11:24:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/20 11:24:14 | 2073,321,472 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/20 11:22:29 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/03/19 14:14:01 | 000,000,000 | ---- | M] () -- C:\Users\damien\AppData\Local\prvlcl.dat
[2011/03/19 09:38:59 | 072,687,390 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/03/19 08:46:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804673653-277593080-2016996137-1000Core.job
[2011/03/19 08:43:20 | 000,002,047 | ---- | M] () -- C:\Users\damien\Desktop\Google Chrome.lnk
[2011/03/19 08:43:20 | 000,002,009 | ---- | M] () -- C:\Users\damien\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/19 07:12:29 | 000,000,903 | ---- | M] () -- C:\Users\damien\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/19 07:06:49 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/03/19 07:06:49 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/03/19 07:06:49 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/03/19 06:59:39 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/03/19 06:59:39 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/03/19 06:58:23 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/03/19 06:50:45 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/03/18 18:47:41 | 000,000,862 | ---- | M] () -- C:\Users\damien\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/03/18 18:00:05 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/03/18 17:54:31 | 005,193,608 | ---- | M] (ParetoLogic Inc.) -- C:\Users\damien\Desktop\ParetoLogic PC Health Advisor.exe
[2011/03/18 16:18:30 | 000,000,036 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/17 20:28:54 | 000,001,356 | ---- | M] () -- C:\Users\damien\AppData\Local\d3d9caps.dat
[2011/03/17 17:43:03 | 000,001,017 | ---- | M] () -- C:\Users\damien\Desktop\Revo Uninstaller.lnk
[2011/03/17 06:48:29 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/03/16 18:52:20 | 000,112,489 | ---- | M] () -- C:\Users\damien\Desktop\Silent Runners.zip
[2011/03/14 19:07:44 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/03/09 17:39:53 | 000,118,784 | RHS- | M] () -- C:\Users\damien\AppData\Roaming\activeds0.dll
[2011/02/28 17:57:35 | 000,000,036 | ---- | M] () -- C:\Users\damien\AppData\Local\housecall.guid.cache
[2011/02/28 06:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\File Helper.job
[2011/02/26 08:00:00 | 000,138,752 | ---- | M] () -- C:\Users\damien\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/03/19 08:43:20 | 000,002,047 | ---- | C] () -- C:\Users\damien\Desktop\Google Chrome.lnk
[2011/03/19 08:43:20 | 000,002,009 | ---- | C] () -- C:\Users\damien\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/19 08:41:04 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804673653-277593080-2016996137-1000UA.job
[2011/03/19 08:41:01 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804673653-277593080-2016996137-1000Core.job
[2011/03/19 07:12:29 | 000,000,909 | ---- | C] () -- C:\Users\damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/03/19 06:58:23 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/18 18:49:09 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/03/18 18:47:41 | 000,000,862 | ---- | C] () -- C:\Users\damien\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/03/18 18:47:40 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/03/18 18:47:36 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/03/18 18:47:33 | 000,000,360 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/03/17 20:33:34 | 2073,321,472 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/17 17:43:03 | 000,001,017 | ---- | C] () -- C:\Users\damien\Desktop\Revo Uninstaller.lnk
[2011/03/17 06:55:37 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/03/17 06:55:37 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/03/17 06:55:37 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/03/17 06:55:36 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2011/03/17 06:55:36 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/03/17 06:49:03 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2011/03/17 06:48:40 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2011/03/17 06:48:40 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2011/03/17 06:48:29 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/03/17 06:48:25 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2011/03/16 18:52:19 | 000,112,489 | ---- | C] () -- C:\Users\damien\Desktop\Silent Runners.zip
[2011/03/14 19:07:44 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/03/14 19:07:30 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2011/03/09 17:39:53 | 000,118,784 | RHS- | C] () -- C:\Users\Damien\AppData\Roaming\activeds0.dll
[2011/02/28 17:57:35 | 000,000,036 | ---- | C] () -- C:\Users\Damien\AppData\Local\housecall.guid.cache
[2011/02/24 15:56:41 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 15:56:41 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 15:56:41 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/01/26 09:04:04 | 000,001,554 | ---- | C] () -- C:\Users\Damien\AppData\Roaming\dvdae.config
[2010/11/02 18:12:45 | 000,000,934 | ---- | C] () -- C:\Windows\WirelessCard.INI
[2010/10/10 18:19:56 | 000,000,000 | ---- | C] () -- C:\Users\Damien\AppData\Local\prvlcl.dat
[2010/09/19 13:19:13 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/19 13:11:08 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010/09/19 13:06:59 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/08/23 19:18:05 | 001,774,720 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/08/23 19:18:05 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/08/23 19:18:05 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/08/23 19:18:05 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/08/23 19:18:05 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/07/20 18:05:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/20 18:05:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/20 18:05:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/20 18:05:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/20 18:05:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/21 18:05:34 | 000,157,470 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/01/26 08:01:12 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/22 15:02:12 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/12/14 13:15:38 | 000,000,289 | ---- | C] () -- C:\Windows\EReg077.dat
[2009/12/14 13:15:22 | 000,000,730 | ---- | C] () -- C:\Windows\E-REGTLC.INI
[2009/12/14 13:14:59 | 000,000,072 | ---- | C] () -- C:\Windows\HGSPEECH.INI
[2009/12/14 13:14:21 | 000,000,090 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2009/11/01 14:52:51 | 000,000,239 | ---- | C] () -- C:\Windows\ULead32.ini
[2009/11/01 14:52:11 | 000,000,010 | ---- | C] () -- C:\Windows\Wininit.ini
[2009/10/31 17:26:02 | 000,829,781 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/10/20 21:02:57 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini
[2009/10/07 09:14:27 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/27 08:08:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/27 08:08:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/27 08:07:21 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/09/10 20:06:39 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009/09/10 20:06:39 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009/09/10 20:06:39 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009/09/10 20:06:39 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009/09/10 20:06:39 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009/09/10 20:06:39 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009/09/10 20:06:39 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009/09/10 20:06:39 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009/09/10 20:06:39 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009/09/10 20:06:39 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009/09/05 11:17:37 | 000,004,472 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini
[2009/09/05 11:17:25 | 000,000,049 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/09/05 11:17:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\t3.ini
[2009/09/05 11:16:51 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009/09/05 11:16:51 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009/09/05 11:16:51 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009/09/05 11:16:51 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009/09/05 11:16:51 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009/09/05 11:16:51 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009/09/05 11:16:51 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03RMi.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03RLI.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03FMi.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03DI.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02RMi.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02RLI.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02FMi.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02DI.ini
[2009/09/05 11:16:51 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01Mic.ini
[2009/09/05 11:16:50 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009/09/05 11:16:50 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009/09/05 11:16:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01LI.ini
[2009/09/05 11:16:49 | 000,150,016 | ---- | C] () -- C:\Windows\System32\OemSpiE.dll
[2009/09/05 11:16:49 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009/09/05 11:16:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01DI.ini
[2009/09/05 11:16:30 | 000,105,472 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009/09/05 11:16:30 | 000,067,072 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2009/08/30 15:29:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/30 15:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/19 20:17:19 | 001,804,160 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/08/19 20:17:19 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/08/19 20:17:19 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/08/19 20:16:52 | 000,000,571 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2009/08/19 20:11:52 | 002,144,744 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/19 20:11:52 | 000,469,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/19 20:11:52 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1488.dll
[2009/08/19 20:11:52 | 000,100,900 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/08/19 20:11:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/08/11 20:02:46 | 000,000,552 | ---- | C] () -- C:\Users\Damien\AppData\Local\d3d8caps.dat
[2009/08/11 18:15:50 | 000,138,752 | ---- | C] () -- C:\Users\Damien\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/11 18:09:49 | 000,001,356 | ---- | C] () -- C:\Users\Damien\AppData\Local\d3d9caps.dat
[2009/03/25 03:20:00 | 000,004,268 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/06/05 17:08:38 | 000,109,184 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2006/11/02 22:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:43 | 000,374,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:33:01 | 000,608,644 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,106,114 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/04/04 13:30:00 | 000,110,592 | ---- | C] () -- C:\Windows\System32\scardsyn.dll
[1998/05/06 13:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== LOP Check ==========

[2011/03/16 19:27:57 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\BitZipper
[2010/01/28 13:33:27 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Blitware
[2011/03/18 18:48:29 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\DriverCure
[2011/03/16 19:27:57 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\EurekaLog
[2009/11/10 10:14:52 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Foxit
[2009/11/13 16:28:04 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Foxit Software
[2011/02/23 18:34:11 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\FrostWire
[2010/07/11 14:17:32 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Haenlein-Software
[2009/08/19 20:19:11 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Hewlett Packard
[2009/10/05 11:32:05 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\IrfanView
[2010/12/11 10:17:22 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Leawo
[2010/11/03 21:33:52 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\LimeWire
[2009/11/10 11:17:31 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Mobipocket
[2010/12/11 10:17:22 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Moyea
[2009/12/02 10:09:58 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Nokia
[2011/03/18 18:48:26 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\ParetoLogic
[2011/02/19 17:35:30 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\PC Suite
[2009/10/20 21:08:28 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\PowerCinema
[2011/03/13 11:03:59 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Registry Mechanic
[2010/11/22 16:54:01 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\ScanSoft
[2010/03/17 17:19:25 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Trusteer
[2010/12/30 08:05:53 | 000,000,000 | ---D | M] -- C:\Users\Damien\AppData\Roaming\Vodafone
[2011/02/28 06:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\File Helper.job
[2011/03/18 18:00:05 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/03/19 07:06:49 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/03/19 07:06:49 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/03/19 07:06:49 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/03/19 06:50:45 | 000,000,360 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
[2011/03/20 11:25:45 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2011/03/20 11:22:30 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/20 11:50:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B9864FFB-EC85-4390-8741-5FBBF9179897}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E4EA859B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >
  • 0

#4
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,310 posts
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#5
damien2409

damien2409

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Azarl,

Tried running scan and computer became unstable and froze (Blue Screen). Everything is running diabolically slow after I rebooted (windows explorer, reboot, programs etc.) Windows has stopped recognizing usb devices unless I have them plugged in before rebooting. Coincidence perhaps?
Anyway finally got the scan done



aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-21 14:17:51
-----------------------------
14:17:51.362 OS Version: Windows 6.0.6002 Service Pack 2
14:17:51.362 Number of processors: 2 586 0x1706
14:17:51.367 ComputerName: DAMIEN-PC UserName: damien
14:18:04.315 Initialize success
14:18:07.155 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:18:07.160 Disk 0 Vendor: FUJITSU_ 8909 Size: 238475MB BusType: 3
14:18:07.181 Disk 0 MBR read successfully
14:18:07.187 Disk 0 MBR scan
14:18:07.197 Disk 0 scanning sectors +488394752
14:18:07.273 Disk 0 scanning C:\Windows\system32\drivers
14:18:32.607 Service scanning
14:18:38.599 Disk 0 trace - called modules:
14:18:38.609
14:18:38.618 Scan finished successfully
  • 0

#6
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,310 posts
How's it seem? Have the redirects stopped?
  • 0

#7
damien2409

damien2409

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Redirects still happening with IE but not google chrome... cant get rid of pop up window in IE for global card host? Computer still running very slow.
  • 0

#8
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,797 posts
Hi damien,

Azarl is indisposed for the next few days so I'll be taking over for him. I haven't had a chance to review your logs yet but let's see if we can get this tool running:

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.



If you cannot run this tool for any reason, please let me know and we'll see what we can do.
  • 0

#9
damien2409

damien2409

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Neo,

Here is the log mate.


ComboFix 11-03-22.09 - damien 03/23/2011 20:34:54.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1976.648 [GMT 10:00]
Running from: c:\users\damien\Downloads\ComboFix.exe
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\damien\AppData\Roaming\EurekaLog
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-23 10:51 . 2011-03-23 10:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-03-23 10:51 . 2011-03-23 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-23 10:51 . 2011-03-23 10:51 -------- d-----w- c:\users\Claire\AppData\Local\temp
2011-03-23 05:49 . 2011-03-23 05:49 -------- d-----w- c:\users\damien\AppData\Local\{69BF1FF2-78AA-48EF-B9CA-2DB95FF021DE}
2011-03-22 06:21 . 2011-03-22 06:21 -------- d-----w- c:\users\damien\AppData\Local\{EBECF096-B067-43A9-83C4-CE208B1699B6}
2011-03-21 06:38 . 2011-03-21 06:39 -------- d-----w- c:\users\damien\AppData\Local\{780469A9-8B46-492B-8C0D-9E4372A67B36}
2011-03-21 06:05 . 2011-03-21 06:05 -------- d-----w- c:\windows\en
2011-03-21 05:53 . 2011-03-22 19:54 -------- d-----w- c:\program files\Microsoft
2011-03-21 05:50 . 2011-03-21 05:50 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\ce33864f1cbe78b0b\InstallManager_WLE_WLE.exe
2011-03-21 05:48 . 2011-03-21 05:48 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\9f1688e41cbe78b0a\MeshBetaRemover.exe
2011-03-20 01:09 . 2011-03-20 01:09 -------- d-----w- C:\_OTL
2011-03-19 01:44 . 2011-03-19 01:45 -------- d-----w- c:\program files\HJT
2011-03-18 08:48 . 2011-03-18 08:48 -------- d-----w- c:\users\damien\AppData\Roaming\DriverCure
2011-03-18 08:48 . 2011-03-18 08:48 -------- d-----w- c:\users\damien\AppData\Roaming\ParetoLogic
2011-03-18 08:47 . 2011-03-18 08:47 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-03-18 08:47 . 2011-03-18 08:47 -------- d-----w- c:\program files\ParetoLogic
2011-03-17 07:43 . 2011-03-17 07:43 -------- d-----w- c:\program files\VS Revo Group
2011-03-16 20:55 . 2010-01-27 03:51 767952 ----a-w- c:\windows\BDTSupport.dll
2011-03-16 20:55 . 2010-01-21 22:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-03-16 20:55 . 2010-01-21 22:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2011-03-16 20:55 . 2010-01-21 22:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2011-03-16 20:49 . 2010-02-04 23:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-03-16 20:49 . 2010-02-04 23:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-16 20:48 . 2010-03-29 00:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-16 20:48 . 2009-11-23 03:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-16 20:48 . 2010-04-08 04:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-03-16 20:48 . 2011-03-16 20:48 -------- d-----w- c:\users\damien\AppData\Roaming\PC Tools
2011-03-16 20:48 . 2011-03-16 20:48 -------- d-----w- c:\programdata\PC Tools
2011-03-15 07:24 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76171168-D51D-4274-BE81-28E6F67566FF}\mpengine.dll
2011-03-14 09:07 . 2010-08-04 22:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-03-14 09:07 . 2008-04-02 05:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-03-14 09:07 . 2008-04-02 05:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-03-14 09:07 . 2008-04-02 05:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-03-14 09:07 . 2004-08-03 21:00 506368 ----a-w- c:\windows\system32\msxml.dll
2011-03-13 10:30 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-13 10:30 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-13 10:30 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-13 10:30 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-13 10:30 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-13 10:30 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-13 01:02 . 2011-03-13 01:03 -------- d-----w- c:\users\damien\AppData\Roaming\Registry Mechanic
2011-03-11 21:05 . 2011-03-16 20:56 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-09 07:39 . 2011-03-09 07:39 118784 --sha-r- c:\users\damien\AppData\Roaming\activeds0.dll
2011-02-24 05:57 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 07:15 . 2010-06-24 01:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 07:11 . 2009-10-03 07:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-10 08:47 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-10 08:47 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-10 08:47 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 08:47 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 08:47 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-10 08:47 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-10 08:47 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-10 08:47 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-10 08:47 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-10 08:47 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 08:47 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-10 08:47 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-10 08:47 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-10 08:47 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 08:47 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-10 08:47 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-10 08:47 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 08:47 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-10 08:47 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 08:47 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 08:47 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 08:47 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 08:47 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 08:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 08:47 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-10 08:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-10 08:47 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-10 08:47 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-10 08:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-10 08:45 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-10 08:48 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-13 06:15 413696 ----a-w- c:\windows\system32\odbc32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Snmxlfufb"="c:\users\damien\AppData\Roaming\activeds0.dll" [2011-03-09 118784]
"Google Update"="c:\users\damien\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-03-18 136176]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456]
"SPIRunE"="SPIRunE.dll" [2007-05-08 18432]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-30 648072]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-30 328992]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-06-25 253952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-04 104408]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-18 1150976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Optus Wireless Broadband.lnk]
backup=c:\windows\pss\Optus Wireless Broadband.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^damien^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2009-01-09 05:53 114688 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Helper]
2010-01-22 08:25 583136 ----a-w- c:\program files\File Helper\1.1.0.10\FileHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-09 13:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-09 16:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-09 13:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2008-06-10 01:21 238896 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
R0 fhmpjaj;fhmpjaj;c:\windows\System32\drivers\whqvnh.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-11-29 181760]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 bsusbser;Basecom USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bsusbser.sys [2008-01-23 99456]
R3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\DRIVERS\cmusbnet.sys [2007-06-21 87424]
R3 cmusbser;%CMUSBSER%;c:\windows\system32\DRIVERS\cmusbser.sys [2006-12-13 87040]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-14 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-14 8456]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-06-10 9216]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 t3;SB Xtreme Audio Notebook (Vista);c:\windows\system32\drivers\t3.sys [2007-06-19 404992]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-10-03 59240]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RapportCerberus_23945;RapportCerberus_23945;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys [2011-03-01 55224]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-03 169320]
S1 RsvLock;RsvLock; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-15 1176824]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-10 18944]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-06-05 256512]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-04 583640]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-06-25 9216]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-05-15 475520]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-03-01 80000]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2010-04-30 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-30 105856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-27 c:\windows\Tasks\File Helper.job
- c:\program files\File Helper\1.1.0.10\FileHelper.exe [2010-01-28 08:25]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2804673653-277593080-2016996137-1000Core.job
- c:\users\damien\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 22:40]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2804673653-277593080-2016996137-1000UA.job
- c:\users\damien\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 22:40]
.
2011-03-23 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2011-03-18 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2011-03-18 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2011-03-18 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2011-03-23 c:\windows\Tasks\User_Feed_Synchronization-{B9864FFB-EC85-4390-8741-5FBBF9179897}.job
- c:\windows\system32\msfeedssync.exe [2011-03-18 20:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by YouTube Robot - c:\program files\YouTubeRobot\downall.htm
IE: Download by YouTube Robot - c:\program files\YouTubeRobot\downlink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 20:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPIRunE = Rundll32 SPIRunE.dll,RunDLLEntry?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2804673653-277593080-2016996137-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Y%[*y*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2804673653-277593080-2016996137-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC9F0E17-DF2C-2024-93FC-FE478F6FE0F2}*]
"palpojogakigodkmnjjffbgoglbgiiif"=hex:61,62,69,6f,65,66,63,6e,68,62,63,68,62,
63,61,68,69,6b,6a,63,61,70,67,68,61,61,6f,70,70,69,70,65,6e,6f,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2152)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Completion time: 2011-03-23 21:05:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-23 11:05
ComboFix2.txt 2010-07-20 08:34
.
Pre-Run: 150,284,046,336 bytes free
Post-Run: 162,498,617,344 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4,59
- - End Of File - - 0A3C8B29DF10ECA8A7318C36933E8F90
  • 0

#10
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,797 posts
Thank you for that! I can see a few items we'll need to take care of. Before I do though, would you be so kind as to get me the log of the first time ComboFix was run on this machine for me? We don't recommend that anyone run this tool without being asked to as it does a whole lot more to a system than just remove bad files. I'll need to see what changes ComboFix has made as it may help me pinpoint exactly which infection you had/have.

Please see if you can get me these files in C:\QooBox\

ComboFix-quarantined-files.txt
ComboFix2.txt
  • 0

Advertisements


#11
damien2409

damien2409

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Neo,

Here are both logs you need.


ComboFix 10-07-19.02 - damien 07/20/2010 18:16:41.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1976.967 [GMT 10:00]
Running from: c:\users\damien\Downloads\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\system volume information\SystemRestore
C:\VDMF241.tmp
C:\VDMF261.tmp
c:\windows\jestertb.dll

Infected copy of c:\windows\system32\drivers\msahci.sys was found and disinfected
Restored copy from - Kitty had a snack :D
.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-20 08:29 . 2010-07-20 08:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-20 08:29 . 2010-07-20 08:29 -------- d-----w- c:\users\damien\AppData\Local\temp
2010-07-20 08:29 . 2010-07-20 08:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-07-20 08:29 . 2010-07-20 08:29 -------- d-----w- c:\users\Claire\AppData\Local\temp
2010-07-20 08:06 . 2010-07-20 08:07 -------- d-----w- C:\32788R22FWJFW
2010-07-20 07:49 . 2010-07-20 07:49 -------- d-----w- c:\users\damien\AppData\Roaming\PC Tools
2010-07-20 07:49 . 2010-07-20 07:49 -------- d-----w- c:\programdata\PC Tools
2010-07-19 11:01 . 2010-07-19 11:02 7053608 ----a-w- c:\users\Claire\AppData\Roaming\Blitware\FileHelper\updates\2.5.0.6\filehelper_setup.exe
2010-07-18 08:05 . 2010-07-18 08:07 7053608 ----a-w- c:\users\damien\AppData\Roaming\Blitware\FileHelper\updates\2.5.0.6\filehelper_setup.exe
2010-07-17 05:58 . 2010-07-17 05:58 -------- d-----w- c:\users\Claire\AppData\Roaming\Malwarebytes
2010-07-16 09:07 . 2010-07-16 09:07 -------- d-----w- c:\temp\TV Progs
2010-07-12 08:42 . 2010-07-12 08:42 -------- d-----w- c:\users\damien\AppData\Roaming\Malwarebytes
2010-07-12 08:42 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-12 08:42 . 2010-07-12 08:42 -------- d-----w- c:\programdata\Malwarebytes
2010-07-12 08:42 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-12 08:42 . 2010-07-20 07:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 04:17 . 2010-07-11 04:17 -------- d-----w- c:\users\damien\AppData\Roaming\Haenlein-Software
2010-07-11 02:52 . 2010-07-11 02:52 -------- d-----w- c:\program files\DVR-Studio Pro
2010-07-10 02:08 . 2010-07-10 02:08 -------- d-----w- c:\users\Claire\AppData\Roaming\AnvSoft
2010-07-09 22:17 . 2010-07-09 22:17 -------- d-----w- c:\users\Claire\AppData\Local\Google
2010-07-09 22:17 . 2010-07-09 22:17 -------- d-----w- c:\program files\Google
2010-07-03 02:07 . 2010-07-11 02:52 -------- d-----w- c:\program files\DVR-Compress
2010-07-03 02:07 . 2010-07-11 02:52 -------- d-----w- c:\users\Claire\AppData\Roaming\Haenlein-Software
2010-07-03 02:07 . 2010-07-03 02:07 -------- d-----w- c:\program files\DVR-Studio Pro 2
2010-07-01 02:07 . 2010-07-01 02:07 434176 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-06-27 03:20 . 2010-06-27 03:21 6766360 ----a-w- c:\users\damien\AppData\Roaming\Blitware\FileHelper\updates\2.5.0.5\filehelper_setup.exe
2010-06-27 02:38 . 2010-06-27 02:38 -------- d-----w- C:\730127b24b064d841f4425a0
2010-06-26 08:44 . 2010-06-26 08:44 -------- d-----w- C:\cb1a3df20a347c952c8fc26e
2010-06-26 08:24 . 2010-06-26 08:24 -------- d-----w- c:\windows\CheckSur
2010-06-25 05:55 . 2009-11-08 00:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 05:55 . 2009-11-08 00:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 05:55 . 2009-11-08 00:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 05:55 . 2009-11-08 00:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 05:55 . 2009-11-08 00:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 05:43 . 2008-09-26 08:04 621056 ----a-r- c:\windows\system32\drivers\mod7700.sys
2010-06-24 05:43 . 2008-09-26 08:04 113152 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2010-06-24 05:43 . 2008-09-26 08:04 101760 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2010-06-24 05:43 . 2008-09-26 08:03 23424 ----a-r- c:\windows\system32\drivers\ewdcsc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 08:13 . 2010-07-20 07:49 -------- d-----w- c:\program files\Spyware Doctor
2010-07-20 08:11 . 2009-03-24 17:20 2140 ----a-w- c:\windows\bthservsdp.dat
2010-07-20 07:59 . 2010-07-20 07:49 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-19 20:43 . 2010-02-01 10:14 -------- d-----w- c:\users\Claire\AppData\Roaming\LimeWire
2010-07-18 08:05 . 2009-12-01 23:48 -------- d-----w- c:\users\damien\AppData\Roaming\PC Suite
2010-07-18 08:04 . 2009-12-01 23:48 -------- d-----w- c:\programdata\PC Suite
2010-07-17 01:02 . 2010-01-07 03:57 -------- d-----w- c:\users\Claire\AppData\Roaming\vlc
2010-07-16 06:09 . 2009-08-29 20:34 -------- d-----w- c:\users\damien\AppData\Roaming\LimeWire
2010-07-14 09:00 . 2010-02-10 22:29 -------- d-----w- c:\program files\Microsoft.NET
2010-07-11 04:06 . 2009-10-04 01:52 -------- d-----w- c:\programdata\avg8
2010-07-10 04:46 . 2010-03-24 23:15 -------- d-----w- c:\users\Claire\AppData\Roaming\CyberLink
2010-07-10 02:23 . 2009-11-10 00:14 -------- d-----w- c:\program files\Foxit Software
2010-07-01 07:57 . 2009-10-04 09:15 -------- d-----w- c:\users\damien\AppData\Roaming\vlc
2010-06-26 00:39 . 2010-01-07 03:08 -------- d-----w- c:\users\Claire\AppData\Roaming\PC Suite
2010-06-26 00:38 . 2010-02-09 22:36 -------- d-----w- c:\users\Claire\AppData\Roaming\Nokia
2010-06-24 05:44 . 2009-08-29 09:05 -------- d-----w- c:\program files\Optus Wireless Broadband
2010-06-14 04:22 . 2010-06-14 03:28 -------- d-----w- c:\users\Claire\AppData\Roaming\AVS4YOU
2010-06-14 03:28 . 2010-06-14 03:26 -------- d-----w- c:\programdata\AVS4YOU
2010-06-14 03:28 . 2010-06-14 03:26 -------- d-----w- c:\program files\AVS4YOU
2010-06-14 03:28 . 2010-06-14 03:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-14 01:50 . 2010-06-14 01:50 -------- d-----w- c:\programdata\QuickMediaConverter
2010-06-14 01:50 . 2010-06-14 01:50 -------- d-----w- c:\users\Claire\AppData\Roaming\CocoonSoftware
2010-06-14 01:50 . 2010-06-14 01:50 -------- d-----w- c:\program files\Conduit
2010-06-11 21:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 13:28 . 2010-02-10 22:27 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 11:12 . 2010-06-11 10:56 6766360 ----a-w- c:\users\Claire\AppData\Roaming\Blitware\FileHelper\updates\2.5.0.5\filehelper_setup.exe
2010-06-07 19:45 . 2009-10-06 23:13 -------- d-----w- c:\users\damien\AppData\Roaming\Skype
2010-06-07 19:43 . 2009-10-06 23:14 -------- d-----w- c:\users\damien\AppData\Roaming\skypePM
2010-06-07 11:57 . 2010-02-09 00:43 -------- d-----w- c:\users\Claire\AppData\Roaming\Skype
2010-06-07 11:45 . 2010-02-09 00:45 -------- d-----w- c:\users\Claire\AppData\Roaming\skypePM
2010-06-04 22:57 . 2010-02-13 20:44 -------- d-----w- c:\users\damien\AppData\Roaming\BitZipper
2010-06-04 22:40 . 2010-06-04 22:40 -------- d-----w- c:\program files\7-Zip
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 19:41 . 2010-05-20 05:23 6760128 ----a-w- c:\users\damien\AppData\Roaming\Blitware\FileHelper\updates\2.5.0.2\filehelper_setup.exe
2010-05-31 10:10 . 2010-05-21 21:40 6760128 ----a-w- c:\users\Claire\AppData\Roaming\Blitware\FileHelper\updates\2.5.0.2\filehelper_setup.exe
2010-05-26 17:06 . 2010-06-11 09:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 09:08 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 04:14 . 2009-10-03 07:11 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 09:43 . 2010-05-12 09:26 6755688 ----a-w- c:\users\Claire\AppData\Roaming\Blitware\FileHelper\updates\2.5.0.0\filehelper_setup.exe
2010-05-04 19:15 . 2010-06-11 08:58 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-11 08:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-11 09:09 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 04:58 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 02:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456]
"SPIRunE"="SPIRunE.dll" [2007-05-08 18432]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"File Helper"="c:\program files\File Helper\1.1.0.10\FileHelper.exe" [2010-01-22 583136]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-30 648072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]

c:\users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-8-1 139776]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8b,9a,5a,af,03,74,ca,01

R3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\DRIVERS\cmusbnet.sys [2007-06-21 87424]
R3 cmusbser;%CMUSBSER%;c:\windows\system32\DRIVERS\cmusbser.sys [2006-12-13 87040]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-10-04 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-10-04 108552]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-07-01 59240]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-07-01 166632]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [2008-05-16 61424]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-10-04 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-10-04 297752]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-07-01 840936]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2008-10-22 364635]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2008-10-22 172121]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-11-29 181760]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 t3;SB Xtreme Audio Notebook (Vista);c:\windows\system32\drivers\t3.sys [2007-06-19 404992]


--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-03 c:\windows\Tasks\File Helper.job
- c:\program files\File Helper\1.1.0.10\FileHelper.exe [2010-01-28 08:25]

2010-07-19 c:\windows\Tasks\User_Feed_Synchronization-{632DEFDE-8828-47B3-BBFA-9B383DDD057B}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:25]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{B9864FFB-EC85-4390-8741-5FBBF9179897}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by YouTube Robot - c:\program files\YouTubeRobot\downall.htm
IE: Download by YouTube Robot - c:\program files\YouTubeRobot\downlink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\wofzm2pi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
AddRemove-101 Spanish Verbs Powered by AdVantage - c:\users\damien\Desktop\Claire's Stuff\101 Spanish Verbs Powered by AdVantage\uninstall.exe



**************************************************************************
scanning hidden processes ...

[0] 0x6E694C00

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPIRunE = Rundll32 SPIRunE.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2804673653-277593080-2016996137-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC9F0E17-DF2C-2024-93FC-FE478F6FE0F2}*]
"palpojogakigodkmnjjffbgoglbgiiif"=hex:61,62,69,6f,65,66,63,6e,68,62,63,68,62,
63,61,68,69,6b,6a,63,61,70,67,68,61,61,6f,70,70,69,70,65,6e,6f,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-20 18:34:26
ComboFix-quarantined-files.txt 2010-07-20 08:34

Pre-Run: 117,279,199,232 bytes free
Post-Run: 118,916,775,936 bytes free

- - End Of File - - FD3E9FA2B871A46AD9F1AFBD9156627













2011-03-23 11:02:23 . 2011-03-23 11:02:23 862 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AVG8_TRAY.reg.dat
2010-07-20 08:32:46 . 2010-07-20 08:32:46 892 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-101 Spanish Verbs Powered by AdVantage.reg.dat
2010-07-20 08:31:32 . 2010-07-20 08:31:32 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}.reg.dat
2010-07-20 08:31:29 . 2010-07-20 08:31:29 442 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2010-07-20 08:31:28 . 2010-07-20 08:31:28 490 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C}.reg.dat
2010-07-20 08:31:25 . 2010-07-20 08:31:25 432 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C}.reg.dat
2010-07-20 08:26:03 . 2011-03-23 10:46:17 24,986 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-07-20 08:04:36 . 2011-03-23 10:34:54 226 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-04-17 07:12:44 . 2010-04-17 07:12:44 20,992 ----a-w- C:\Qoobox\Quarantine\C\Windows\jestertb.dll.vir
2010-02-07 22:41:09 . 2010-02-07 22:41:09 0 ----a-w- C:\Qoobox\Quarantine\C\VDMF261.tmp.vir
2010-02-07 22:41:09 . 2010-02-07 22:41:09 0 ----a-w- C:\Qoobox\Quarantine\C\VDMF241.tmp.vir
2009-10-20 10:47:54 . 2009-10-20 10:47:54 57 ----a-w- C:\Qoobox\Quarantine\C\desktop.ini.vir
  • 0

#12
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,797 posts
Excellent.

Please do the following:

1. Close any open open programs before running the fix.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad (Start > Programs > Accessories) and copy/paste the text in the quotebox below into it:

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Snmxlfufb"=-

Driver::
fhmpjaj
SafeBoot
SbAlg
SbFsLock
RsvLock

File::
c:\windows\System32\drivers\whqvnh.sys

NOTE: Make sure WordWrap is unchecked in Notepad by clicking on the "Format" menu icon.

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#13
damien2409

damien2409

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Neon,

Unfortunately diabolical news.

I ran scan successfully, however when computer rebooted it would not start normally so i was forced to select the "last known good configuration mode"

Computer restarted ok and the log report was produced, however when I tried to open my internet connection (and all other programs for that matter) an error message appeared stating that the operation could not be completed because of some sort of registry key error and also that the programs i was trying to access were in line to be deleted??

So.... I restarted the machine again normally and was greeted with the blue screen of death for a split second and then sent back to start up. From there I tried last known good config, safe mode etc only to see the blue screen of death again and sent back to the selection of start options. I don't have vista disc and unfortunately i am unable to give you info on what the blue screen of death says as it disappears so quickly (much like my hope!)

Trapped
  • 0

#14
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,797 posts
Hi Damien, I'm terribly sorry to hear that.

We will need a windows vista dvd or some other bootable media in order to attempt a recovery. Do you think someone you know might have a copy of this DVD that you could borrow?


One thing we could try is burning a recovery CD but this would require that you obtain a blank CD and that you have a computer you could burn it on. Could we try doing this?


One other thing, you can prevent windows from rebooting automatically on a bluescreen by selecting the "Disable automatic restart on system failure" option from the Advanced boot options menu where you can select Safe Mode and other options.
  • 0

#15
damien2409

damien2409

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Neon,

Tried the second option but blue screen again telling me to run CHKDSK/F

I will see if i can get hold of a vista disk.... If by chance I have to reformat this computer would i be best loading XP onto it rather than Vista as it seems from what i here vista is a resource hog?

Am i able to download something like recovery on another machine and burn it to disc?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP