Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE9 search engine redirection [Solved]

Started by Boris Maliov , Nov 01 2011 07:17 AM

  • This topic is locked This topic is locked

#1
Boris Maliov
Posted 01 November 2011 - 07:17 AM

Boris Maliov

    Member

  • Member
  • PipPip
  • 16 posts
My default search engine is google.When i write someting in IE9 address bar it redirects me to google custom search.The things i´v done so far is to run mycrosoft security essentials and malwarebytes but they didnt found anything suspicious.
OTL logfile created on: 1.11.2011 г. 15:10:54 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\defusr\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000402 | Country: България | Language: BGR | Date Format: d.M.yyyy 'г.'

7,98 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 76,46% Memory free
15,95 Gb Paging File | 13,98 Gb Available in Paging File | 87,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101,46 Gb Total Space | 58,17 Gb Free Space | 57,33% Space Free | Partition Type: NTFS
Drive D: | 1761,45 Gb Total Space | 1269,69 Gb Free Space | 72,08% Space Free | Partition Type: NTFS

Computer Name: DEFUSR-PC | User Name: defusr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.01 14:40:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\defusr\Desktop\OTL.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.09.05 19:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.08.30 18:18:30 | 008,093,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.08.30 17:26:55 | 000,108,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.04.29 23:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.29 23:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.03.21 15:25:30 | 000,019,680 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010.12.02 09:37:22 | 001,425,536 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2010.12.02 09:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
PRC - [2010.11.26 20:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010.11.17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.04 08:30:14 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
PRC - [2010.10.21 16:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2010.10.19 14:38:54 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
PRC - [2010.10.12 15:39:50 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
PRC - [2010.09.24 20:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2009.10.26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 12:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe


========== Modules (No Company Name) ==========

MOD - [2011.10.22 13:31:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.22 13:31:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.22 13:31:02 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33cecc66284ef59208b639ec72b0f565\IAStorCommon.ni.dll
MOD - [2011.10.22 13:31:01 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e8339b699235ebf2f904ccb8383de342\IAStorUtil.ni.dll
MOD - [2011.10.22 13:31:00 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.22 13:30:56 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.22 13:30:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.22 13:30:47 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.22 13:30:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.22 13:30:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.12.02 16:28:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2010.11.30 12:13:04 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dll
MOD - [2010.11.19 09:55:00 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2010.11.19 09:53:34 | 000,963,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2010.11.04 17:30:16 | 001,245,184 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2010.10.15 16:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
MOD - [2010.09.27 19:51:16 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2010.09.27 19:51:12 | 000,881,664 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2010.08.23 09:17:40 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll
MOD - [2010.08.06 17:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2010.08.06 17:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2010.06.21 14:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
MOD - [2010.06.21 14:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2009.08.12 19:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2009.06.27 09:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.10.22 11:56:59 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010.11.21 05:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.08.12 14:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.10 05:53:18 | 003,552,856 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.29 23:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2011.03.21 15:25:30 | 000,019,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010.12.02 09:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010.11.21 05:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010.11.04 08:30:14 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2010.10.21 16:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.10.20 21:31:48 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.04.26 10:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.10 12:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 12:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 19:05:18 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010.09.21 13:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010.08.10 16:29:14 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.11.13 16:45:02 | 001,085,952 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.08.19 14:15:13 | 000,707,584 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WLANURN.sys -- (Asus790V64) ASUS 802.11n USB-N11 Driver(vista)
DRV:64bit: - [2007.08.17 06:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV - [2011.11.01 14:16:16 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TrufosAlt.sys -- (TrufosAlt)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 40 DD 14 59 8F CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.10.22 12:59:58 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011.10.22 12:50:03 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\defusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75CB6823-FED8-4830-9E0B-1533A6BEA72E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.01 14:48:47 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\defusr\Desktop\aswMBR.exe
[2011.11.01 14:40:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\defusr\Desktop\OTL.exe
[2011.11.01 14:16:16 | 000,306,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys
[2011.11.01 14:01:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2011.10.31 22:39:01 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\ts3overlay
[2011.10.31 22:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011.10.31 22:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2011.10.31 21:21:33 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\{2540B9EB-E51F-4F4B-97D1-F0D03E131DCF}
[2011.10.31 21:21:22 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\{28E83901-6175-40B1-9AD8-ABDAAB7216DF}
[2011.10.30 16:48:15 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\TeamViewer
[2011.10.30 16:30:11 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\{2FA26CCB-7F87-4BCE-9D40-7C0334FFE9FF}
[2011.10.30 16:30:00 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\{1964C956-ECE2-4D98-929E-22508CAA1BD5}
[2011.10.28 11:11:21 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\{054BAB22-F6B9-44CB-9039-F292AD5A7075}
[2011.10.28 11:11:10 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\{9EDEE9DF-AAF2-436C-A483-768AAC8A9486}
[2011.10.28 11:11:10 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\{9337E58B-A8BD-4904-BD2F-1E0FC6948DBC}
[2011.10.28 11:10:57 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\Windows Live Writer
[2011.10.28 11:10:57 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\Windows Live Writer
[2011.10.27 21:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011.10.26 16:30:16 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\Skype
[2011.10.26 16:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.10.26 16:30:13 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011.10.26 16:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011.10.26 00:28:21 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\Malwarebytes
[2011.10.26 00:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.26 00:23:59 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.10.25 23:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011.10.25 23:15:50 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.10.25 23:15:50 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.10.25 23:09:26 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011.10.25 23:07:44 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011.10.25 23:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011.10.25 23:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011.10.25 23:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011.10.25 23:01:32 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\Windows Live
[2011.10.25 23:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011.10.22 22:42:00 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2011.10.22 22:41:08 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\Apps
[2011.10.22 22:41:07 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\Deployment
[2011.10.22 12:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011.10.22 12:53:39 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\Adobe
[2011.10.22 12:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2011.10.22 12:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.10.22 12:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.10.22 12:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.10.22 12:02:45 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\cache
[2011.10.22 12:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011.10.22 11:58:37 | 000,000,000 | ---D | C] -- C:\Users\defusr\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - English
[2011.10.22 11:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011.10.22 11:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011.10.22 11:54:58 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\Autodesk
[2011.10.22 11:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2011.10.22 11:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2011.10.22 11:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2011.10.22 11:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2011.10.22 11:49:32 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\Autodesk
[2011.10.22 11:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2011.10.21 21:44:34 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\DeviceVM
[2011.10.21 21:40:11 | 000,014,592 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiCharger.sys
[2011.10.21 21:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2011.10.21 21:36:16 | 000,184,320 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\drivers\UpdateHelper.dll
[2011.10.21 21:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2011.10.21 21:32:40 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2011.10.21 21:32:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2011.10.21 20:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011.10.21 20:34:16 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\uTorrent
[2011.10.21 20:34:16 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\uTorrent
[2011.10.21 07:04:59 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011.10.21 02:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011.10.21 02:05:30 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
[2011.10.21 02:01:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011.10.21 02:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011.10.21 02:01:36 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011.10.21 02:01:36 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011.10.21 02:01:36 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011.10.21 02:01:36 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011.10.21 02:01:36 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011.10.21 02:01:35 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011.10.21 02:01:35 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2011.10.21 02:01:35 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011.10.21 02:01:35 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011.10.21 02:01:35 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2011.10.21 02:01:35 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2011.10.21 02:01:35 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011.10.21 02:01:35 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2011.10.21 02:01:34 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011.10.21 02:01:34 | 001,770,328 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2011.10.21 02:01:34 | 001,716,368 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2011.10.21 02:01:34 | 000,419,472 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2011.10.21 02:01:34 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2011.10.21 02:01:34 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2011.10.21 02:01:34 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011.10.21 02:01:34 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011.10.21 02:01:34 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011.10.21 02:01:34 | 000,125,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2011.10.21 02:01:34 | 000,106,640 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2011.10.21 02:01:34 | 000,072,336 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2011.10.21 02:01:33 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011.10.21 02:01:33 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011.10.21 02:01:33 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011.10.21 02:01:33 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011.10.21 02:01:33 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011.10.21 02:01:33 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011.10.21 02:01:33 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011.10.21 02:01:33 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011.10.21 02:01:33 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011.10.21 02:01:33 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011.10.21 02:01:33 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011.10.21 02:01:33 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011.10.21 02:01:33 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011.10.21 02:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011.10.21 02:01:31 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011.10.21 01:59:12 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\Download Manager
[2011.10.20 22:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011.10.20 22:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.10.20 22:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.10.20 22:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011.10.20 22:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.10.20 21:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.10.20 21:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011.10.20 21:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011.10.20 21:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011.10.20 21:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011.10.20 21:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011.10.20 21:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.10.20 21:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011.10.20 21:39:35 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\Microsoft Help
[2011.10.20 21:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.10.20 21:39:29 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.10.20 21:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\[bleep] NFO Viewer
[2011.10.20 21:31:48 | 000,270,912 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.10.20 21:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.10.20 21:31:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.10.20 21:30:25 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\DAEMON Tools Lite
[2011.10.20 21:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.10.20 21:29:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.10.20 21:17:32 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\Macromedia
[2011.10.20 21:17:32 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\Adobe
[2011.10.20 21:17:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011.10.20 21:17:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.20 21:15:31 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011.10.20 21:12:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.10.20 21:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.10.20 21:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.10.20 21:08:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.10.20 21:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.10.20 20:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011.10.20 20:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011.10.20 20:52:35 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.10.20 20:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.10.20 20:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011.10.20 20:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.10.20 20:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011.10.20 20:42:20 | 000,707,584 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\WLANURN.sys
[2011.10.20 20:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2011.10.20 20:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2011.10.20 20:39:21 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.10.20 20:29:52 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
[2011.10.20 20:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2011.10.20 20:29:35 | 000,000,000 | ---D | C] -- C:\RaidTool
[2011.10.20 20:29:31 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool
[2011.10.20 20:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.10.20 20:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2011.10.20 20:21:51 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\Intel Corporation
[2011.10.20 20:20:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2011.10.20 20:19:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.10.20 20:19:24 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\InstallShield
[2011.10.20 20:16:07 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011.10.20 20:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011.10.20 20:15:59 | 000,000,000 | ---D | C] -- C:\Intel
[2011.10.20 20:15:26 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\WinRAR
[2011.10.20 20:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.10.20 20:10:15 | 000,000,000 | R--D | C] -- C:\Users\defusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.10.20 20:10:15 | 000,000,000 | R--D | C] -- C:\Users\defusr\Searches
[2011.10.20 20:10:15 | 000,000,000 | R--D | C] -- C:\Users\defusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.10.20 20:10:15 | 000,000,000 | -H-D | C] -- C:\Users\defusr\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011.10.20 20:10:09 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\Identities
[2011.10.20 20:10:08 | 000,000,000 | R--D | C] -- C:\Users\defusr\Contacts
[2011.10.20 20:10:07 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\VirtualStore
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\AppData\Local\Temporary Internet Files
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\Templates
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\Start Menu
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\SendTo
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\Recent
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\PrintHood
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\NetHood
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\Documents\My Videos
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\Documents\My Pictures
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\Documents\My Music
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\My Documents
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\Local Settings
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\AppData\Local\History
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\Cookies
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\Application Data
[2011.10.20 20:10:03 | 000,000,000 | -HSD | C] -- C:\Users\defusr\AppData\Local\Application Data
[2011.10.20 20:10:02 | 000,000,000 | --SD | C] -- C:\Users\defusr\AppData\Roaming\Microsoft
[2011.10.20 20:10:02 | 000,000,000 | R--D | C] -- C:\Users\defusr\Videos
[2011.10.20 20:10:02 | 000,000,000 | R--D | C] -- C:\Users\defusr\Saved Games
[2011.10.20 20:10:02 | 000,000,000 | R--D | C] -- C:\Users\defusr\Pictures
[2011.10.20 20:10:02 | 000,000,000 | R--D | C] -- C:\Users\defusr\Music
[2011.10.20 20:10:02 | 000,000,000 | R--D | C] -- C:\Users\defusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.10.20 20:10:02 | 000,000,000 | R--D | C] -- C:\Users\defusr\Links
[2011.10.20 20:10:02 | 000,000,000 | R--D | C] -- C:\Users\defusr\Favorites
[2011.10.20 20:10:02 | 000,000,000 | R--D | C] -- C:\Users\defusr\Downloads
[2011.10.20 20:10:02 | 000,000,000 | R--D | C] -- C:\Users\defusr\Documents
[2011.10.20 20:10:02 | 000,000,000 | R--D | C] -- C:\Users\defusr\Desktop
[2011.10.20 20:10:02 | 000,000,000 | R--D | C] -- C:\Users\defusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.10.20 20:10:02 | 000,000,000 | -H-D | C] -- C:\Users\defusr\AppData
[2011.10.20 20:10:02 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\Temp
[2011.10.20 20:10:02 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Local\Microsoft
[2011.10.20 20:10:02 | 000,000,000 | ---D | C] -- C:\Users\defusr\AppData\Roaming\Media Center Programs
[2011.10.20 20:09:59 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.10.20 20:09:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.10.20 20:06:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.10.20 20:05:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011.11.01 15:09:27 | 000,782,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.01 15:09:27 | 000,654,038 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.01 15:09:27 | 000,121,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.01 14:57:47 | 000,000,512 | ---- | M] () -- C:\Users\defusr\Desktop\MBR.dat
[2011.11.01 14:46:44 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\defusr\Desktop\aswMBR.exe
[2011.11.01 14:41:58 | 000,000,537 | ---- | M] () -- C:\Users\defusr\Desktop\how to remove google custom search - Custom Search Help.url
[2011.11.01 14:40:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\defusr\Desktop\OTL.exe
[2011.11.01 14:01:31 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.01 14:01:31 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.01 13:55:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.01 13:55:39 | 2129,305,599 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.01 00:51:48 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011.10.26 16:30:15 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.10.22 22:42:07 | 000,000,000 | ---- | M] () -- C:\Users\defusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011.10.22 17:11:02 | 000,421,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.22 12:50:03 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.10.22 12:30:35 | 000,767,394 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.22 11:59:20 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
[2011.10.22 11:56:46 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
[2011.10.22 11:54:00 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Design Review 2012.lnk
[2011.10.21 22:03:18 | 001,032,256 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2011.10.21 22:02:58 | 001,076,288 | ---- | M] () -- C:\Windows\PE_File.dll
[2011.10.21 21:44:22 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2011.10.21 02:05:30 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll
[2011.10.20 22:18:33 | 000,001,239 | ---- | M] () -- C:\Users\defusr\Desktop\WoW.lnk
[2011.10.20 22:01:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.10.20 21:31:48 | 000,270,912 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.10.20 20:50:01 | 000,001,441 | ---- | M] () -- C:\Users\defusr\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.10.20 20:11:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.10.20 20:08:34 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.10.20 20:08:34 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.10.15 10:53:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.10.15 10:53:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.10.15 10:53:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011.10.14 23:54:52 | 000,321,856 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe

========== Files Created - No Company Name ==========

[2011.11.01 14:57:47 | 000,000,512 | ---- | C] () -- C:\Users\defusr\Desktop\MBR.dat
[2011.11.01 14:41:58 | 000,000,537 | ---- | C] () -- C:\Users\defusr\Desktop\how to remove google custom search - Custom Search Help.url
[2011.10.31 22:37:06 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011.10.27 21:57:49 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.10.26 16:30:15 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.10.25 23:07:31 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011.10.25 23:07:03 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011.10.25 23:05:27 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011.10.22 22:42:07 | 000,000,000 | ---- | C] () -- C:\Users\defusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011.10.22 12:53:23 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2011.10.22 12:53:23 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2011.10.22 11:59:20 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
[2011.10.22 11:56:46 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
[2011.10.22 11:54:00 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Design Review 2012.lnk
[2011.10.21 22:01:22 | 001,076,288 | ---- | C] () -- C:\Windows\PE_File.dll
[2011.10.21 22:00:53 | 001,032,256 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2011.10.21 21:44:42 | 000,001,238 | ---- | C] () -- C:\Users\defusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
[2011.10.21 21:36:30 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011.10.21 21:35:32 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.10.21 21:35:32 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.10.21 21:32:40 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.10.21 02:17:54 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2011.10.21 02:15:00 | 000,003,114 | ---- | C] () -- C:\Windows\SysNative\e1c62x64.din
[2011.10.20 22:18:33 | 000,001,239 | ---- | C] () -- C:\Users\defusr\Desktop\WoW.lnk
[2011.10.20 22:01:47 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.10.20 22:01:46 | 000,767,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.20 22:01:45 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.10.20 20:50:01 | 000,001,441 | ---- | C] () -- C:\Users\defusr\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.10.20 20:15:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.10.20 20:11:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.10.20 20:10:18 | 000,001,413 | ---- | C] () -- C:\Users\defusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.10.20 20:10:17 | 000,001,447 | ---- | C] () -- C:\Users\defusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.10.20 20:10:02 | 000,000,290 | ---- | C] () -- C:\Users\defusr\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011.10.20 20:10:02 | 000,000,272 | ---- | C] () -- C:\Users\defusr\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011.10.20 20:08:24 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.10.20 20:08:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.10.20 20:05:48 | 2129,305,599 | -HS- | C] () -- C:\hiberfil.sys
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011.10.22 12:35:07 | 000,000,000 | ---D | M] -- C:\Users\defusr\AppData\Roaming\Autodesk
[2011.10.22 11:48:20 | 000,000,000 | ---D | M] -- C:\Users\defusr\AppData\Roaming\DAEMON Tools Lite
[2011.10.30 16:50:46 | 000,000,000 | ---D | M] -- C:\Users\defusr\AppData\Roaming\TeamViewer
[2011.10.31 23:01:13 | 000,000,000 | ---D | M] -- C:\Users\defusr\AppData\Roaming\ts3overlay
[2011.10.21 21:32:45 | 000,000,000 | ---D | M] -- C:\Users\defusr\AppData\Roaming\uTorrent
[2011.10.28 11:10:57 | 000,000,000 | ---D | M] -- C:\Users\defusr\AppData\Roaming\Windows Live Writer
[2009.07.14 07:08:49 | 000,011,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by Boris Maliov, 01 November 2011 - 07:33 AM.

  • 0

Advertisements

#2
Render
Posted 15 November 2011 - 09:32 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#3
Boris Maliov
Posted 15 November 2011 - 10:51 AM

Boris Maliov

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ComboFix 11-11-15.01 - defusr 11.2011 г. 18:33:23.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.8169.6352 [GMT 2:00]
Running from: c:\users\defusr\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\defusr\AppData\Local\Temp\7zS4C40\HPSLPSVC64.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-15 16:36 . 2011-11-15 16:36 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61A14B79-C252-4CEF-97DC-FD54457E8452}\offreg.dll
2011-11-15 16:35 . 2011-11-15 16:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-15 16:14 . 2011-10-06 18:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61A14B79-C252-4CEF-97DC-FD54457E8452}\mpengine.dll
2011-11-14 20:56 . 2011-11-14 20:56 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2011-11-14 20:56 . 2011-11-14 20:57 -------- d-----w- c:\program files (x86)\ABBYY FineReader 11
2011-11-14 20:56 . 2011-11-14 20:56 -------- d-----w- c:\programdata\ABBYY
2011-11-14 20:41 . 2011-11-14 20:41 -------- d-----w- C:\Temp
2011-11-12 19:40 . 2011-11-12 19:40 -------- d-----w- c:\program files (x86)\Safari
2011-11-12 19:40 . 2011-11-12 19:40 -------- d-----w- c:\programdata\Apple Computer
2011-11-12 19:40 . 2011-11-12 19:40 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-11-12 19:40 . 2011-11-12 19:40 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-12 19:40 . 2011-11-12 19:40 -------- d-----w- c:\programdata\Apple
2011-11-09 04:00 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 04:00 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 04:00 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 04:00 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 22:11 . 2011-11-07 22:11 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-11-07 20:29 . 2011-11-07 20:29 -------- d-----w- c:\program files (x86)\CardRecovery
2011-11-07 15:00 . 2011-11-07 15:00 -------- d-----w- c:\programdata\Microsoft Corporation
2011-11-05 19:24 . 2011-09-22 19:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
2011-11-05 19:24 . 2011-09-22 19:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$MICROSOFTSCM-sqlctr10.3.5500.0.dll
2011-11-05 19:24 . 2011-09-22 15:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$MICROSOFTSCM-sqlctr10.3.5500.0.dll
2011-11-04 19:47 . 2011-11-04 19:47 -------- d-----w- C:\SQLEXPRESS
2011-11-04 19:43 . 2011-11-04 19:43 -------- d-----w- c:\program files (x86)\Microsoft Application Compatibility Toolkit
2011-11-01 23:58 . 2011-11-01 23:58 -------- d-----w- c:\program files\Ventrilo
2011-11-01 23:58 . 2011-11-01 23:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-11-01 23:28 . 2011-11-01 23:28 -------- d-----w- c:\program files (x86)\ImgBurn
2011-11-01 12:16 . 2011-11-01 12:16 306320 ----a-w- c:\windows\SysWow64\drivers\TrufosAlt.sys
2011-11-01 12:01 . 2011-11-15 16:37 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2011-10-31 20:37 . 2011-10-31 20:37 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-10-27 19:57 . 2011-10-27 19:57 -------- d-----w- c:\program files (x86)\TeamViewer
2011-10-26 14:30 . 2011-10-26 14:30 -------- d-----r- c:\program files (x86)\Skype
2011-10-26 14:30 . 2011-10-26 14:30 -------- d-----w- c:\programdata\Skype
2011-10-25 22:24 . 2011-10-25 22:24 -------- d-----w- c:\programdata\Malwarebytes
2011-10-25 22:23 . 2011-08-31 14:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-25 21:09 . 2011-10-25 21:09 -------- d-----w- c:\windows\en
2011-10-25 21:06 . 2011-10-25 21:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-10-25 21:03 . 2011-10-25 21:09 -------- d-----w- c:\program files (x86)\Windows Live
2011-10-25 21:03 . 2011-10-25 21:03 -------- d-----w- c:\program files\Windows Live
2011-10-25 21:02 . 2009-09-04 14:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-10-25 21:02 . 2009-09-04 14:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-10-25 21:02 . 2006-11-29 10:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-10-25 21:02 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-10-25 21:01 . 2011-10-25 21:01 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-10-22 10:55 . 2011-10-22 10:55 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-10-22 10:52 . 2011-10-22 10:59 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-10-22 10:00 . 2011-10-22 10:00 -------- d-----w- c:\programdata\FLEXnet
2011-10-22 09:56 . 2011-10-22 09:56 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-10-22 09:51 . 2011-10-22 09:58 -------- d-----w- c:\program files\Autodesk
2011-10-22 09:49 . 2011-10-22 10:35 -------- d-----w- c:\programdata\Autodesk
2011-10-21 20:01 . 2011-10-21 20:02 1076288 ----a-w- c:\windows\PE_File.dll
2011-10-21 20:00 . 2011-10-21 20:03 1032256 ----a-w- c:\windows\PE_Rom.dll
2011-10-21 19:44 . 2011-10-21 19:44 -------- d--h--w- c:\program files (x86)\DeviceVM
2011-10-21 19:40 . 2010-10-20 17:05 14592 ----a-w- c:\windows\system32\drivers\AiCharger.sys
2011-10-21 19:36 . 2010-08-03 10:21 14464 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
2011-10-21 19:36 . 2008-12-02 17:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
2011-10-21 19:35 . 2011-10-21 19:35 -------- d-----w- c:\programdata\ASUS
2011-10-21 19:35 . 2008-01-04 10:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2011-10-21 19:35 . 2008-01-04 10:34 10216 ------w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2011-10-21 19:32 . 2011-10-21 19:43 -------- d-----w- c:\program files (x86)\ASUS
2011-10-21 19:32 . 2010-08-25 04:16 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2011-10-21 19:32 . 2010-06-30 04:41 28672 ----a-w- c:\windows\SysWow64\AsIO.dll
2011-10-21 18:34 . 2011-10-21 18:34 -------- d-----w- c:\program files (x86)\uTorrent
2011-10-21 05:04 . 2011-10-20 18:10 -------- d-----w- c:\windows\Panther
2011-10-21 00:18 . 2010-08-12 12:00 133800 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-10-21 00:17 . 2011-10-21 00:17 -------- d-----w- c:\program files\Intel
2011-10-21 00:17 . 2010-05-07 14:41 314568 ----a-w- c:\windows\system32\PROUnstl.exe
2011-10-21 00:15 . 2010-09-21 11:34 313520 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2011-10-21 00:15 . 2010-07-30 21:56 68264 ----a-w- c:\windows\system32\e1cmsg.dll
2011-10-21 00:15 . 2010-07-26 22:30 91840 ----a-w- c:\windows\system32\NicInstC.dll
2011-10-21 00:15 . 2009-05-26 07:05 36472 ----a-w- c:\windows\system32\NicCo36.dll
2011-10-21 00:05 . 2011-10-21 00:05 16896 ----a-w- c:\windows\AsTaskSched.dll
2011-10-20 20:19 . 2011-10-20 20:19 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-10-20 20:10 . 2011-10-06 18:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-20 20:10 . 2011-10-20 20:10 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5EDCF0F3-B24B-4D37-8D9E-4AF41F207055}\gapaengine.dll
2011-10-20 20:01 . 2011-10-20 20:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-10-20 20:01 . 2011-10-20 20:01 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-20 20:01 . 2011-10-20 20:01 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-20 19:43 . 2011-10-20 19:43 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-10-20 19:43 . 2011-10-20 19:43 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-10-20 19:39 . 2011-10-20 19:39 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-10-20 19:39 . 2011-10-20 19:39 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-10-20 19:39 . 2011-11-09 08:16 -------- d-----w- c:\programdata\Microsoft Help
2011-10-20 19:39 . 2011-10-20 19:39 -------- d-----r- C:\MSOCache
2011-10-20 19:34 . 2011-10-20 19:34 -------- d-----w- c:\program files (x86)\[bleep] NFO Viewer
2011-10-20 19:31 . 2011-10-20 19:31 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-20 19:31 . 2011-10-20 19:31 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-10-20 19:30 . 2011-11-09 14:34 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-10-20 19:29 . 2011-11-05 19:23 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-10-20 19:17 . 2011-11-11 13:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-20 19:17 . 2011-10-20 19:17 -------- d-----w- c:\windows\SysWow64\Macromed
2011-10-20 19:17 . 2011-10-20 19:17 -------- d-----w- c:\windows\system32\Macromed
2011-10-20 19:16 . 2011-10-15 08:53 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-20 19:16 . 2011-10-15 08:53 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-20 19:16 . 2011-10-15 08:53 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-20 19:16 . 2011-10-15 08:53 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-20 19:16 . 2011-05-10 09:41 1426536 ----a-w- c:\windows\system32\nvhdagenco642040.dll
2011-10-20 19:15 . 2011-10-20 19:15 -------- d-----w- C:\NVIDIA
2011-10-20 19:12 . 2011-10-20 19:12 -------- d-----w- c:\windows\Sun
2011-10-20 19:10 . 2011-10-20 19:10 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-20 19:10 . 2011-10-20 19:10 -------- d-----w- c:\program files\Java
2011-10-20 19:08 . 2011-10-20 19:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-20 19:08 . 2011-10-20 19:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-20 19:08 . 2011-10-20 19:08 -------- d-----w- c:\program files (x86)\Java
2011-10-20 19:04 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-10-20 19:04 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-10-20 19:04 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-10-20 19:04 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-10-20 19:04 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-10-20 18:52 . 2011-10-20 18:52 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-10-20 18:52 . 2011-10-20 18:52 -------- d-----w- c:\windows\PCHEALTH
2011-10-20 18:50 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-20 18:46 . 2011-11-15 16:36 -------- d-----w- c:\programdata\NVIDIA
2011-10-20 18:46 . 2011-11-10 20:14 -------- d-----w- c:\users\UpdatusUser
2011-10-20 18:46 . 2011-10-25 21:16 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-10-20 18:45 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-20 18:45 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-20 18:45 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-20 18:45 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-20 18:45 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-20 18:45 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-20 18:45 . 2011-05-21 03:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-20 18:45 . 2011-10-20 18:45 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-10-20 18:45 . 2011-10-20 19:16 -------- d-----w- c:\program files\NVIDIA Corporation
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 21:03 . 2011-03-28 15:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-15 08:53 . 2011-05-21 03:01 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-05-21 03:01 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-14 21:54 . 2011-10-14 21:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-09-22 19:07 . 2011-09-22 19:07 474472 ----a-w- c:\windows\system32\SqlServerSpatial.dll
2011-09-22 19:06 . 2011-09-22 19:06 3171176 ----a-w- c:\windows\system32\sqlncli10.dll
2011-09-22 19:01 . 2011-09-22 19:01 312168 ----a-w- c:\windows\system32\drivers\RsFx0104.sys
2011-09-22 19:01 . 2011-09-22 19:01 311144 ----a-w- c:\windows\system32\drivers\RsFx0105.sys
2011-09-22 18:09 . 2011-09-22 18:09 42344 ----a-w- c:\windows\system32\DTSPipelinePerf100.dll
2011-09-22 15:18 . 2011-09-22 15:18 2570088 ----a-w- c:\windows\SysWow64\sqlncli10.dll
2011-09-05 17:05 . 2011-09-05 17:05 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2011-09-05 17:04 . 2011-09-05 17:04 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Akamai NetSession Interface"="c:\users\defusr\AppData\Local\Akamai\netsession_win.exe" [2011-11-11 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-11-06 934152]
.
c:\users\defusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-22 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 Asus790V64;ASUS 802.11n USB-N11 Driver(vista);c:\windows\system32\DRIVERS\WLANURN.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-22 1431888]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$MICROSOFTSCM;SQL Server Agent (MICROSOFTSCM);c:\program files\Microsoft SQL Server\MSSQL10.MICROSOFTSCM\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-04 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-03-21 19680]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 MSSQL$MICROSOFTSCM;SQL Server (MICROSOFTSCM);c:\program files\Microsoft SQL Server\MSSQL10.MICROSOFTSCM\MSSQL\Binn\sqlservr.exe [2011-09-22 58345832]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"combofix"="c:\combo-fix\CF32715.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.bg/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_dac4cfd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1741522034-3029520656-3164917852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1741522034-3029520656-3164917852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
.
**************************************************************************
.
Completion time: 2011-11-15 18:39:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-15 16:39
.
Pre-Run: 57 428 652 032 bytes free
Post-Run: 57 608 925 184 bytes free
.
- - End Of File - - 3EC8F04944981FECD8A6B3DF60F3B335
  • 0

#4
Boris Maliov
Posted 15 November 2011 - 11:01 AM

Boris Maliov

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
During the process this happened also:
Posted Image
  • 0

#5
Render
Posted 15 November 2011 - 11:50 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Sorry but I don't see the picture.

My default search engine is google.When i write someting in IE9 address bar it redirects me to google custom search.

That is actually your only problem? If yes, this is not malware related issue.

Please do the following:

Restore Internet Explorer default settings.
  • Click on Start and then on Control Panel
  • In Control Panel window click on Network and Internet and then on Internet Options
  • In Internet Properties window click on Advanced tab
  • Under "Reset Internet Explorer setting", click the Reset button.
  • Put a check mark on Delete Personal Settings.
  • Click Apply > OK.

Note: Putting a check mark on Delete Personal Settings will reset your "Home page, Search providers and Accelerators" to default setting.
  • 0

#6
Boris Maliov
Posted 16 November 2011 - 06:46 AM

Boris Maliov

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks Render, that helped so the problem is solved now!
  • 0

#7
Render
Posted 16 November 2011 - 08:21 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.

    Posted Image

  • Please follow the prompts to uninstall Combofix.
  • This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

NEXT...

OTL Clean-Up:

  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
  • Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.
  • 0

#8
Boris Maliov
Posted 16 November 2011 - 09:10 AM

Boris Maliov

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks again Render i'v done everything as u said. /bow
  • 0

#9
Render
Posted 17 November 2011 - 04:44 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
You are welcome.
  • 0

#10
Render
Posted 10 December 2011 - 12:37 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP