Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[SID 23621/23615] System Infected: Tidserv Activity/Tidserv Activity 2


  • Please log in to reply

#1
chelsq

chelsq

    Member

  • Member
  • PipPip
  • 13 posts
Hi.. I'm using Symantec Endpoint Protection and recently when connected to internet, I got notifications saying "[SID 23621] System Infected: Tidserv Activity Detected" and "[SID 23615] System Infected: Tidserv Activity 2 Detected" and IP addresses from certain sites are blocked.

I've run FixTDSS from Symantec, but it founds nothing. And at the second try, my laptop failed to start and got the BSOD; it could only restart using Last Known Good Configuration. I also couldn't perform the full scan completely without having the laptop crashed :(

I also have tried Malwarebytes, it found and cleaned some malwares, but after I restarted my laptop, the Tidserv notifications still there.

Yesterday I installed Advanced SystemCare 5 in hope it will fix some errors and resolve the problem, but it seems that my laptop just got slower and the Tidserv notifications keep coming back.

Anything I can do with my laptop without reinstalling the Windows? Sorry for my poor English. Thanks for any and all help :)


Here's the OTL log file:

OTL logfile created on: 28/12/2011 18:31:25 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Windows\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.59% Memory free
3.99 Gb Paging File | 2.78 Gb Available in Paging File | 69.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.50 Gb Total Space | 4.49 Gb Free Space | 7.67% Space Free | Partition Type: NTFS
Drive D: | 101.17 Gb Total Space | 7.98 Gb Free Space | 7.88% Space Free | Partition Type: NTFS
Drive E: | 13.05 Gb Total Space | 2.03 Gb Free Space | 15.56% Space Free | Partition Type: NTFS
Drive G: | 62.60 Gb Total Space | 7.67 Gb Free Space | 12.26% Space Free | Partition Type: NTFS
Drive H: | 62.67 Gb Total Space | 1.50 Gb Free Space | 2.39% Space Free | Partition Type: NTFS
Drive I: | 3.60 Gb Total Space | 0.52 Gb Free Space | 14.44% Space Free | Partition Type: FAT32

Computer Name: SEVEN-PC | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/27 23:11:24 | 000,494,424 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/12/13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/10/23 04:23:03 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Windows\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/16 21:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
PRC - [2011/06/24 12:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 20:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/06/02 19:15:58 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/04/08 04:57:42 | 000,099,896 | R--- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
PRC - [2009/09/22 11:50:36 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2009/07/27 02:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/07/23 16:13:32 | 000,040,960 | ---- | M] () -- C:\Program Files\Lock Folder XP\LFService.exe
PRC - [2009/07/14 09:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2009/06/03 18:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
PRC - [2009/02/10 12:02:28 | 000,385,240 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe
PRC - [2009/02/10 12:02:24 | 000,876,760 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\cfosspeed.exe
PRC - [2008/12/09 14:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/09 13:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/09 13:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/15 06:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/15 06:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/07/06 13:24:54 | 005,730,304 | ---- | M] () -- c:\Program Files\dbbmn\bin\mysqld.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/20 20:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2010/11/20 20:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/03/19 10:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 10:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 10:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/23 16:13:32 | 000,040,960 | ---- | M] () -- C:\Program Files\Lock Folder XP\LFService.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/12/27 23:11:24 | 000,494,424 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/05/28 18:18:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/11/20 20:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 20:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/06/02 19:15:58 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2010/04/08 04:57:42 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/03 18:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/10 12:02:28 | 000,385,240 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2008/12/09 14:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/09 13:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/09 13:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/15 06:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/15 06:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/07/01 08:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/07/06 13:24:54 | 005,730,304 | ---- | M] () [Auto | Running] -- c:\program files\dbbmn\bin\mysqld.exe -- (MySQL)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 21:40:56 | 000,026,872 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\FixTDSS.sys -- (FixTDSS)
DRV - [2011/11/15 17:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/15 17:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 07:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111226.032\navex15.sys -- (NAVEX15)
DRV - [2011/10/18 07:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111226.032\naveng.sys -- (NAVENG)
DRV - [2011/06/21 17:46:10 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/05/16 03:35:25 | 000,107,616 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 16:39:17 | 000,074,752 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2010/07/16 15:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/07/16 15:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/06/02 19:15:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2010/03/23 14:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/03/15 10:38:44 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2010/03/15 10:38:44 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2010/03/15 10:38:44 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2010/03/15 10:38:44 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2010/03/15 09:38:44 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2010/03/15 09:38:44 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2010/03/15 09:38:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2010/03/06 15:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2010/03/02 14:44:25 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/20 15:26:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/10/03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/22 12:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/23 11:03:54 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/07/14 07:54:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_51)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/09 15:41:30 | 000,077,312 | ---- | M] (© Everstrike Software) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\LFSys.sys -- (LFSys)
DRV - [2009/05/21 06:08:40 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009/05/13 10:35:40 | 000,203,824 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/04/30 00:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/03/26 07:02:36 | 002,340,224 | ---- | M] (Digital Camera) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SPUVCBv.sys -- (SPUVCbv)
DRV - [2009/02/10 12:02:34 | 000,787,672 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfosspeed.sys -- (cFosSpeed)
DRV - [2008/12/09 13:45:28 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/12/09 13:43:46 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/11/19 10:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/15 03:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/10/14 04:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/14 04:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/14 04:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/22 03:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/22 03:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/06/17 08:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/03/17 11:05:30 | 000,101,632 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/01/23 09:08:58 | 000,099,456 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\plkusbser.sys -- (plkusbser)
DRV - [2006/10/25 05:12:48 | 000,086,368 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w200obex.sys -- (w200obex)
DRV - [2006/10/25 05:12:00 | 000,088,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w200mgmt.sys -- (w200mgmt) Sony Ericsson W200 USB WMC Device Management Drivers (WDM)
DRV - [2006/10/25 05:11:12 | 000,097,056 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w200mdm.sys -- (w200mdm)
DRV - [2006/10/25 05:11:08 | 000,009,328 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w200mdfl.sys -- (w200mdfl)
DRV - [2006/10/25 05:10:20 | 000,061,504 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w200bus.sys -- (w200bus) Sony Ericsson W200 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.dapyx.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://id.msn.com/iat/us_id.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 D9 FE AF 62 70 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: D:\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: G:\Photo Editor\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Windows\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Windows\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Windows\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Fiddler2\FiddlerHook [2011/02/09 16:07:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 11:41:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 23:10:51 | 000,000,000 | ---D | M]

[2011/09/05 20:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Extensions
[2011/09/05 20:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/12/27 22:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions
[2011/11/29 11:35:04 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/05/27 13:59:30 | 000,000,000 | ---D | M] (Playboost Gamebar) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\{A79D8B60-1FF0-47F0-8E79-8CDE1FECB0FD}
[2011/11/30 11:37:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/29 11:45:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/01 05:56:37 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/05/01 05:56:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\[email protected]
[2010/09/23 09:29:08 | 000,000,000 | ---D | M] (Multiply Toolbar) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\[email protected]
[2011/05/01 05:56:38 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\[email protected]
[2011/12/27 22:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/13 11:37:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/28 20:22:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/23 12:02:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/03 09:22:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/18 12:12:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/17 17:29:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/26 10:40:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/24 18:51:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/05/11 11:41:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/13 00:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/05/11 11:41:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/10/15 15:36:28 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = D:\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Picasa (Enabled) = G:\Photo Editor\Picasa3\npPicasa3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: We Heart It = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae\1.2.6_0\
CHR - Extension: Picnik = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\
CHR - Extension: Blog This! = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pengoopmcjnbflcjbmoeodbmoflcgjlk\0.2_0\
CHR - Extension: WWF Indonesia = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifcghcdmgljhjflhabcieaojeihllap\1.0\

Hosts file not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [LFService] C:\Program Files\Lock Folder XP\LFService.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Windows\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MyWirelessCard] C:\Program Files\PROLINK\PHS100\PROLINK HSDPA Modem.exe ()
O4 - HKCU..\Run: [SMΔRT-Protection] C:\Program Files\Smadav\SMΔRTP.exe (Smadsoft)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [WebcamMaxAutoRun] G:\Photo Editor\WebcamMax\WebcamMax.exe (CoolwareMax)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Masters%20of%20Mystery%20-%20Crime%20of%20Fashion/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Masters%20of%20Mystery%20-%20Crime%20of%20Fashion/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F6B46FA-DDBD-4880-AE97-5666AABDB098}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/07/04 07:11:23 | 000,000,000 | ---D | M] - D:\auto -- [ NTFS ]
O32 - AutoRun File - [2011/12/05 20:50:38 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{01b9274e-c1ba-11e0-81b8-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{01b9274e-c1ba-11e0-81b8-002622994ba7}\Shell\AutoRun\command - "" = M:\Setup.exe
O33 - MountPoints2\{01b92752-c1ba-11e0-81b8-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{01b92752-c1ba-11e0-81b8-002622994ba7}\Shell\AutoRun\command - "" = M:\Autorun.exe
O33 - MountPoints2\{054de98b-8d8f-11df-8bd0-8eb22499b347}\Shell - "" = AutoRun
O33 - MountPoints2\{054de98b-8d8f-11df-8bd0-8eb22499b347}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{063f25c4-f1e5-11de-867f-ce1910d3aa44}\Shell - "" = AutoRun
O33 - MountPoints2\{063f25d1-f1e5-11de-867f-ce1910d3aa44}\Shell - "" = AutoRun
O33 - MountPoints2\{0d312631-6ecd-11df-83cc-e10fb0d2d07c}\Shell - "" = AutoRun
O33 - MountPoints2\{0d312631-6ecd-11df-83cc-e10fb0d2d07c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{1277e0d6-89b8-11e0-aa76-af8c4cdc2501}\Shell - "" = AutoRun
O33 - MountPoints2\{1277e0d6-89b8-11e0-aa76-af8c4cdc2501}\Shell\AutoRun\command - "" = I:\SISetup.exe
O33 - MountPoints2\{182f31b1-0f5d-11e0-9f6c-93d7d5e5f4e0}\Shell - "" = AutoRun
O33 - MountPoints2\{182f31b1-0f5d-11e0-9f6c-93d7d5e5f4e0}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{182f31b4-0f5d-11e0-9f6c-93d7d5e5f4e0}\Shell - "" = AutoRun
O33 - MountPoints2\{182f31b4-0f5d-11e0-9f6c-93d7d5e5f4e0}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{19b3d786-9663-11e0-bbd2-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{19b3d786-9663-11e0-bbd2-002622994ba7}\Shell\AutoRun\command - "" = M:\Autorun.exe
O33 - MountPoints2\{1e6374c5-f1e6-11de-9632-c5eb26147444}\Shell - "" = AutoRun
O33 - MountPoints2\{27ba60c6-9676-11e0-a914-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{27ba60c6-9676-11e0-a914-002622994ba7}\Shell\AutoRun\command - "" = M:\Autorun.exe
O33 - MountPoints2\{28b4fd24-956b-11e0-a265-00247eee1698}\Shell - "" = AutoRun
O33 - MountPoints2\{28b4fd24-956b-11e0-a265-00247eee1698}\Shell\AutoRun\command - "" = V:\Setup.exe
O33 - MountPoints2\{28b4fd4b-956b-11e0-a265-00247eee1698}\Shell - "" = AutoRun
O33 - MountPoints2\{28b4fd4b-956b-11e0-a265-00247eee1698}\Shell\AutoRun\command - "" = W:\Autorun.exe
O33 - MountPoints2\{36a8e1eb-8c2b-11df-ac3f-efe2abf63869}\Shell - "" = AutoRun
O33 - MountPoints2\{36a8e1eb-8c2b-11df-ac3f-efe2abf63869}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3c028ec0-d874-11de-ae92-00247eee1698}\Shell - "" = AutoRun
O33 - MountPoints2\{3c028ec0-d874-11de-ae92-00247eee1698}\Shell\AutoRun\command - "" = K:\QsSetup.exe
O33 - MountPoints2\{4190a554-8d52-11e0-b6f7-fc7bef190d75}\Shell - "" = AutoRun
O33 - MountPoints2\{4190a554-8d52-11e0-b6f7-fc7bef190d75}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{4190a557-8d52-11e0-b6f7-fc7bef190d75}\Shell - "" = AutoRun
O33 - MountPoints2\{4190a557-8d52-11e0-b6f7-fc7bef190d75}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{55a1e561-f223-11de-b903-817ecb69c643}\Shell - "" = AutoRun
O33 - MountPoints2\{55a1e568-f223-11de-b903-817ecb69c643}\Shell - "" = AutoRun
O33 - MountPoints2\{55a1e568-f223-11de-b903-817ecb69c643}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7e060411-9595-11e0-a2b5-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{7e060411-9595-11e0-a2b5-002622994ba7}\Shell\AutoRun\command - "" = W:\Setup.exe
O33 - MountPoints2\{8ef958ca-961b-11e0-bdbf-00247eee1698}\Shell - "" = AutoRun
O33 - MountPoints2\{8ef958ca-961b-11e0-bdbf-00247eee1698}\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\{8ef958d7-961b-11e0-bdbf-00247eee1698}\Shell - "" = AutoRun
O33 - MountPoints2\{8ef958d7-961b-11e0-bdbf-00247eee1698}\Shell\AutoRun\command - "" = J:\Setup.exe
O33 - MountPoints2\{8ef958da-961b-11e0-bdbf-00247eee1698}\Shell - "" = AutoRun
O33 - MountPoints2\{8ef958da-961b-11e0-bdbf-00247eee1698}\Shell\AutoRun\command - "" = K:\Autorun.exe
O33 - MountPoints2\{8ef958e3-961b-11e0-bdbf-00247eee1698}\Shell - "" = AutoRun
O33 - MountPoints2\{8ef958e3-961b-11e0-bdbf-00247eee1698}\Shell\AutoRun\command - "" = L:\RunGame.exe
O33 - MountPoints2\{8ef958e9-961b-11e0-bdbf-00247eee1698}\Shell - "" = AutoRun
O33 - MountPoints2\{8ef958e9-961b-11e0-bdbf-00247eee1698}\Shell\AutoRun\command - "" = M:\Autorun.exe
O33 - MountPoints2\{a8a6292b-959e-11e0-a21e-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{a8a6292b-959e-11e0-a21e-002622994ba7}\Shell\AutoRun\command - "" = V:\Setup.exe
O33 - MountPoints2\{a8a62961-959e-11e0-a21e-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{a8a62961-959e-11e0-a21e-002622994ba7}\Shell\AutoRun\command - "" = W:\Autorun.exe
O33 - MountPoints2\{a8a62964-959e-11e0-a21e-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{a8a62964-959e-11e0-a21e-002622994ba7}\Shell\AutoRun\command - "" = X:\RunGame.exe
O33 - MountPoints2\{a8a6296c-959e-11e0-a21e-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{a8a6296c-959e-11e0-a21e-002622994ba7}\Shell\AutoRun\command - "" = X:\RunGame.exe
O33 - MountPoints2\{a8a6296d-959e-11e0-a21e-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{a8a6296d-959e-11e0-a21e-002622994ba7}\Shell\AutoRun\command - "" = Y:\Setup.exe
O33 - MountPoints2\{a8a62970-959e-11e0-a21e-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{a8a62970-959e-11e0-a21e-002622994ba7}\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\{b09786f0-8daa-11e0-898d-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{b09786f0-8daa-11e0-898d-002622994ba7}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b09786f3-8daa-11e0-898d-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{b09786f3-8daa-11e0-898d-002622994ba7}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{e08cdf1a-9558-11e0-a291-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{e08cdf1a-9558-11e0-a291-002622994ba7}\Shell\AutoRun\command - "" = V:\RunGame.exe
O33 - MountPoints2\{e08cdf2c-9558-11e0-a291-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{e08cdf2c-9558-11e0-a291-002622994ba7}\Shell\AutoRun\command - "" = V:\Setup.exe
O33 - MountPoints2\{e08cdf2f-9558-11e0-a291-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{e08cdf2f-9558-11e0-a291-002622994ba7}\Shell\AutoRun\command - "" = V:\RunGame.exe
O33 - MountPoints2\{e08cdf3a-9558-11e0-a291-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{e08cdf3a-9558-11e0-a291-002622994ba7}\Shell\AutoRun\command - "" = V:\RunGame.exe
O33 - MountPoints2\{e08cdf3d-9558-11e0-a291-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{e08cdf3d-9558-11e0-a291-002622994ba7}\Shell\AutoRun\command - "" = V:\RunGame.exe
O33 - MountPoints2\{e08cdf44-9558-11e0-a291-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{e08cdf44-9558-11e0-a291-002622994ba7}\Shell\AutoRun\command - "" = V:\Setup.exe
O33 - MountPoints2\{ede4f663-9498-11e0-bd61-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{ede4f663-9498-11e0-bd61-002622994ba7}\Shell\AutoRun\command - "" = V:\Setup.exe
O33 - MountPoints2\{ede4f666-9498-11e0-bd61-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{ede4f666-9498-11e0-bd61-002622994ba7}\Shell\AutoRun\command - "" = V:\RunGame.exe
O33 - MountPoints2\{ede4f668-9498-11e0-bd61-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{ede4f668-9498-11e0-bd61-002622994ba7}\Shell\AutoRun\command - "" = V:\RunGame.exe
O33 - MountPoints2\{ede4f66a-9498-11e0-bd61-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{ede4f66a-9498-11e0-bd61-002622994ba7}\Shell\AutoRun\command - "" = V:\RunGame.exe
O33 - MountPoints2\{ede4f674-9498-11e0-bd61-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{ede4f674-9498-11e0-bd61-002622994ba7}\Shell\AutoRun\command - "" = V:\Setup.exe
O33 - MountPoints2\{ede4f677-9498-11e0-bd61-002622994ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{ede4f677-9498-11e0-bd61-002622994ba7}\Shell\AutoRun\command - "" = W:\RunGame.exe
O33 - MountPoints2\{f199f647-f380-11de-a052-8c723d2da163}\Shell - "" = AutoRun
O33 - MountPoints2\{f199f654-f380-11de-a052-8c723d2da163}\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\QsSetup.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\QsSetup.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\QsSetup.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\QsSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 17:04:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2011/12/28 09:00:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/27 22:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/12/27 22:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2011/12/27 22:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/12/27 21:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/12/27 21:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2011/12/27 21:11:56 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\IObit
[2011/12/27 21:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/12/10 15:08:50 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2011/12/10 15:08:50 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\FixTDSS
[2011/12/04 19:08:10 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Windows\Desktop\FixTDSS.exe
[2011/12/01 17:21:52 | 029,622,600 | ---- | C] (Rovio) -- C:\Users\Windows\AppData\Roaming\AngryBirdsSeasonsInstaller_2.0.0.exe
[2011/12/01 17:21:48 | 001,491,216 | ---- | C] (Rovio Mobile) -- C:\Users\Windows\AppData\Roaming\AngryBirdsSeasons.exe
[2011/11/30 12:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio

========== Files - Modified Within 30 Days ==========

[2011/12/28 18:28:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000UA.job
[2011/12/28 18:10:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 17:35:55 | 000,013,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 17:35:55 | 000,013,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 17:34:15 | 000,007,607 | ---- | M] () -- C:\Users\Windows\AppData\Local\Resmon.ResmonCfg
[2011/12/28 17:10:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 16:55:55 | 000,698,228 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/28 16:55:55 | 000,132,610 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/28 16:45:39 | 000,006,650 | ---- | M] () -- C:\Windows\PROLINK HSDPA Modem.INI
[2011/12/28 16:35:08 | 000,409,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/28 16:34:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/28 16:34:44 | 1608,216,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 01:43:24 | 000,002,373 | ---- | M] () -- C:\Users\Windows\Desktop\Google Chrome.lnk
[2011/12/28 01:22:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000UA.job
[2011/12/27 22:22:07 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000Core.job
[2011/12/27 21:28:57 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWindows.job
[2011/12/27 21:12:01 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/12/27 21:11:58 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2011/12/20 21:40:56 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2011/12/11 07:43:04 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000Core.job
[2011/12/05 21:20:54 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/12/04 19:14:25 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Windows\Desktop\FixTDSS.exe
[2011/12/04 13:42:04 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/12/04 00:37:04 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSEVEN-PC$.job
[2011/12/01 17:21:52 | 029,622,600 | ---- | M] (Rovio) -- C:\Users\Windows\AppData\Roaming\AngryBirdsSeasonsInstaller_2.0.0.exe
[2011/12/01 17:21:48 | 001,491,216 | ---- | M] (Rovio Mobile) -- C:\Users\Windows\AppData\Roaming\AngryBirdsSeasons.exe
[2011/11/30 12:50:24 | 000,001,641 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk

========== Files Created - No Company Name ==========

[2011/12/27 21:12:01 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/12/27 21:11:58 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2011/12/10 15:47:33 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForWindows.job
[2011/12/04 13:42:04 | 000,001,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011/12/04 13:42:04 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/11/30 12:50:24 | 000,001,641 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2011/10/05 22:10:39 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2011/10/05 22:10:39 | 000,004,153 | ---- | C] () -- C:\Windows\unins000.dat
[2011/07/27 11:37:37 | 000,000,000 | ---- | C] () -- C:\Users\Windows\AppData\Local\{B5FDDFDB-1CEA-4BD4-ADDA-1A0FEC47C3CD}
[2011/06/30 23:36:40 | 000,000,000 | ---- | C] () -- C:\Users\Windows\AppData\Local\{8A69D9AB-51D4-4B6A-90FC-AAD3EFEF5A45}
[2011/05/30 11:13:33 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2011/05/30 11:13:28 | 000,047,104 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2011/05/30 11:13:24 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2011/05/30 11:13:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2011/05/09 07:32:29 | 000,000,000 | ---- | C] () -- C:\Users\Windows\AppData\Local\{1F8AA570-28C0-445A-B9AD-890D17541DC1}
[2011/04/27 14:27:07 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/04/27 14:25:32 | 000,074,752 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2011/04/27 14:25:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/03 13:11:57 | 000,000,082 | ---- | C] () -- C:\Windows\mafosav.INI
[2011/02/26 07:58:43 | 000,000,064 | -H-- | C] () -- C:\Windows\pb.dat
[2011/01/10 11:23:38 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/11/09 18:28:32 | 000,000,000 | ---- | C] () -- C:\Windows\Player.INI
[2010/11/08 19:30:04 | 000,147,456 | ---- | C] () -- C:\Windows\autoclk.exe
[2010/11/08 19:30:04 | 000,049,152 | ---- | C] () -- C:\Windows\pnpclk.dll
[2010/10/15 15:48:50 | 000,001,227 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010/10/15 15:36:21 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2010/10/09 21:38:06 | 000,139,776 | ---- | C] () -- C:\Windows\System32\RTPScan.dll
[2010/10/09 21:38:06 | 000,133,632 | ---- | C] () -- C:\Windows\System32\PCMAVext.dll
[2010/08/01 22:56:10 | 000,000,045 | ---- | C] () -- C:\Windows\AutoScreenRecorder.INI
[2010/07/27 12:40:12 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/21 10:00:31 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/07/21 10:00:30 | 000,139,152 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\PnkBstrK.sys
[2010/07/21 10:00:19 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/07/21 10:00:14 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/07/21 10:00:14 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/07/10 14:30:21 | 000,003,584 | ---- | C] () -- C:\Users\Windows\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/30 09:30:35 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/06/26 22:59:07 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/06/19 11:32:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/06/02 19:17:19 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/04/05 13:03:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2010/03/05 20:57:58 | 000,000,990 | -HS- | C] () -- C:\Users\Windows\AppData\Roaming\systemfl.$dk
[2010/03/05 15:03:20 | 000,284,160 | R--- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2010/02/27 14:48:03 | 000,007,607 | ---- | C] () -- C:\Users\Windows\AppData\Local\Resmon.ResmonCfg
[2010/01/09 19:27:17 | 000,000,008 | ---- | C] () -- C:\Windows\System32\F73859.bin
[2010/01/09 19:27:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\e9243f.bin
[2010/01/09 19:01:53 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe
[2009/11/24 05:16:18 | 000,006,650 | ---- | C] () -- C:\Windows\PROLINK HSDPA Modem.INI
[2009/10/25 22:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:33:53 | 000,409,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,698,228 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,132,610 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/01 10:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
[2007/11/15 08:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll

========== LOP Check ==========

[2010/03/05 21:27:44 | 000,000,000 | -HSD | M] -- C:\Users\Windows\AppData\Roaming\.#
[2011/07/05 23:20:35 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\.minecraft
[2010/06/14 19:53:01 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\.purple
[2010/02/27 16:41:25 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\3M
[2010/06/26 15:17:23 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Artogon
[2011/12/27 21:24:06 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\BitTorrent
[2011/11/14 10:22:51 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Camfrog
[2010/07/28 16:01:08 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Canon
[2009/12/17 22:26:43 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DAEMON Tools Lite
[2010/03/08 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DriverCure
[2011/10/05 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\FFSJ
[2011/12/10 15:08:50 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\FixTDSS
[2011/09/05 20:44:38 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Flickr
[2010/03/03 21:45:24 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\FreeFixer
[2011/02/28 19:43:59 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Gamelab
[2010/02/27 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\GetRightToGo
[2009/11/27 14:16:58 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\GrabPro
[2010/01/05 20:30:23 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\gtk-2.0
[2011/03/16 09:57:23 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\IBAGroup
[2011/12/27 21:11:56 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\IObit
[2011/10/24 17:05:47 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Money Manager Ex
[2010/10/15 18:43:49 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\MyHeritage
[2011/11/08 18:25:23 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\MyPhoneExplorer
[2010/10/07 19:13:18 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Opera
[2011/12/28 17:17:38 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Orbit
[2011/02/26 08:04:24 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Petbook
[2011/05/26 19:56:40 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\PhotoScape
[2011/09/30 11:36:39 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Pogo Games
[2011/11/30 12:52:19 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Rovio
[2011/07/13 21:47:29 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Smadav
[2010/07/13 21:31:22 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Sony
[2011/01/12 10:13:29 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\SpinTop
[2011/01/31 13:40:03 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\SYSTEMAX Software Development
[2010/10/15 15:36:20 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2009/11/27 11:44:19 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\uTorrent
[2009/11/27 16:09:10 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\VitySoft
[2010/10/13 15:59:32 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\WebcamMax
[2011/11/28 20:48:34 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Wildfire
[2010/06/04 09:09:11 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\WinBatch
[2011/12/27 22:22:07 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000Core.job
[2011/12/28 01:22:04 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000UA.job
[2011/12/27 22:31:18 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/12/20 18:36:55 | 000,000,692 | ---- | M] ()(C:\Users\Public\Desktop\SMAD?V.lnk) -- C:\Users\Public\Desktop\SMADΔV.lnk
[2010/10/13 08:20:16 | 000,000,692 | ---- | C] ()(C:\Users\Public\Desktop\SMAD?V.lnk) -- C:\Users\Public\Desktop\SMADΔV.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 842 bytes -> C:\ProgramData\Temp:35E5AF34
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8FF81EB0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:CFA8C6E3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:3B5038B1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:7E6454EB

< End of report >



Extras.txt generated by OTL:

OTL Extras logfile created on: 28/12/2011 18:31:25 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Windows\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.59% Memory free
3.99 Gb Paging File | 2.78 Gb Available in Paging File | 69.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.50 Gb Total Space | 4.49 Gb Free Space | 7.67% Space Free | Partition Type: NTFS
Drive D: | 101.17 Gb Total Space | 7.98 Gb Free Space | 7.88% Space Free | Partition Type: NTFS
Drive E: | 13.05 Gb Total Space | 2.03 Gb Free Space | 15.56% Space Free | Partition Type: NTFS
Drive G: | 62.60 Gb Total Space | 7.67 Gb Free Space | 12.26% Space Free | Partition Type: NTFS
Drive H: | 62.67 Gb Total Space | 1.50 Gb Free Space | 2.39% Space Free | Partition Type: NTFS
Drive I: | 3.60 Gb Total Space | 0.52 Gb Free Space | 14.44% Space Free | Partition Type: FAT32

Computer Name: SEVEN-PC | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{06283453-7826-2168-5324-689421793582}" = MessengerData WMP Plugin
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 29
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{395AB8C5-F3A8-4380-8718-7A11EC5829F9}" = PHS100
"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4933D2E2-B621-487F-A7E7-96DA7312BCFE}" = Angry Birds Rio
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57CDBAE6-0896-4E78-88F0-C673E4BB44FD}" = Lock Folder XP
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71381523-BEA1-4410-954E-36EEF570DBA8}_is1" = Empires & Allies version 2.2a
"{724D7BEE-883D-452E-B8DA-26E88343CAE9}" = ADSL MODEM USB Driver
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EC63FE1-D017-460D-90B1-CCC97239AF73}" = Media Go
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA668889-AA01-AA01-AADC-65462C3DE344}" = FreeFixer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.173
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}" = YouTube Downloader Toolbar v4.9
"5B73F775A90397BAF80173B8A6C0B327BE3872FB" = ENE CIR Receiver Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced PC Tweaker_is1" = Advanced PC Tweaker v4.2
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"AVerMedia TV Tuner Card" = AVerMedia TV Tuner Card 1.0.0.4
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CanonMyPrinter" = Canon Utilities My Printer
"cFosSpeed" = cFosSpeed v4.50
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Dapyx Messenger Archive_is1" = Dapyx Messenger Archive v1.02
"Dream Day Wedding - Viva Las Vegas 1.00" = Dream Day Wedding - Viva Las Vegas 1.00
"Dream Day Wedding Bella ItaliaJust For Fun Games" = Dream Day Wedding Bella ItaliaJust For Fun Games
"Dream Day Wedding Married in Manhattan" = Dream Day Wedding Married in Manhattan
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Family Tree Builder" = MyHeritage Family Tree Builder
"Fiddler2" = Fiddler2
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"GOM Player" = GOM Player
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Basic)
"Latihan Soal CPNS4.5" = Latihan Soal CPNS
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"LSI Soft Modem" = LSI HDA Modem
"Luxor" = Luxor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MiniLyrics" = Minilyrics(remove only)
"mIRC" = mIRC
"Mobile Partner" = Mobile Partner
"Money Manager Ex_is1" = Money Manager Ex 0.9.5.1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MPE" = MyPhoneExplorer
"Nero8Lite_is1" = Nero 8 Micro 8.3.6.0
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.52.1100" = Opera 11.52
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Pidgin" = Pidgin
"Pidgin-Musictracker" = Pidgin-Musictracker plugin (remove only)
"Plants Vs Zombies" = Plants Vs Zombies
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2 Lite
"Recover My Files_is1" = Recover My Files
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"ST6UNST #1" = Simple Chat
"The Poppit Show 1.3.41o" = The Poppit Show 1.3.41o
"WebcamMax" = WebcamMax
"Winamp" = Winamp
"WinCDEmu" = WinCDEmu
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft Set up ASR 3.1 Pro" = Wisdom-soft Set up ASR 3.1 Pro
"xVideos Video Downloader_is1" = xVideos Video Downloader 3.22
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FolderLock6" = Folder Lock
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/12/2011 20:43:20 | Computer Name = Seven-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 27/12/2011 20:43:20 | Computer Name = Seven-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 27/12/2011 20:43:20 | Computer Name = Seven-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 27/12/2011 20:43:20 | Computer Name = Seven-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 27/12/2011 20:43:30 | Computer Name = Seven-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 27/12/2011 20:43:30 | Computer Name = Seven-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 27/12/2011 20:43:31 | Computer Name = Seven-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 27/12/2011 20:43:31 | Computer Name = Seven-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 28/12/2011 05:31:09 | Computer Name = Seven-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1c30 Start Time:
01ccc53ff1ee6eb4 Termination Time: 6 Application Path: C:\Users\Windows\Desktop\OTL.exe

Report
Id: 9aecc2f4-3136-11e1-b938-002622994ba7

Error - 28/12/2011 06:36:24 | Computer Name = Seven-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Set Information Process Action Taken: Logged Actor
Process: C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (PID 772) Time:
Wednesday, December 28, 2011 6:36:23 PM

[ Hewlett-Packard Events ]
Error - 31/10/2010 18:57:27 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 14/12/2010 02:40:57 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 19/12/2010 14:59:50 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. Configurator

at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

Error - 22/12/2010 20:27:21 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 19/03/2011 20:34:36 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US String was not recognized as a valid DateTime. mscorlib at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles) at HPAssistant.Pages.MaintainHistory.loadApplied(Boolean
bUseHistory) at HPAssistant.Pages.MaintainHistory.Page_Loaded(Object sender,
RoutedEventArgs e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 19/03/2011 20:34:53 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US String was not recognized as a valid DateTime. mscorlib at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles) at HPAssistant.Pages.MaintainHistory.loadApplied(Boolean
bUseHistory) at HPAssistant.Pages.MaintainHistory.Page_Loaded(Object sender,
RoutedEventArgs e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 20/04/2011 20:29:51 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 07/09/2011 20:29:15 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 15/09/2011 04:47:52 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 10/11/2011 04:02:43 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

[ Media Center Events ]
Error - 24/02/2011 01:56:40 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 1:56:40 PM - Error connecting to the internet. 1:56:40 PM - Unable
to contact server..

Error - 24/02/2011 01:57:00 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 1:56:45 PM - Error connecting to the internet. 1:56:45 PM - Unable
to contact server..

Error - 26/03/2011 09:37:35 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 9:37:30 PM - Error connecting to the internet. 9:37:31 PM - Unable
to contact server..

Error - 10/09/2011 03:18:20 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 3:18:19 PM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 25/09/2011 20:05:17 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 8:05:17 AM - Error connecting to the internet. 8:05:17 AM - Unable
to contact server..

Error - 26/09/2011 07:00:10 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 7:00:08 PM - Error connecting to the internet. 7:00:08 PM - Unable
to contact server..

Error - 02/10/2011 07:39:02 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 7:39:01 PM - Error connecting to the internet. 7:39:01 PM - Unable
to contact server..

Error - 18/10/2011 09:09:27 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 9:09:25 PM - Error connecting to the internet. 9:09:25 PM - Unable
to contact server..

Error - 23/10/2011 21:34:15 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 9:34:14 AM - Error connecting to the internet. 9:34:14 AM - Unable
to contact server..

Error - 03/11/2011 09:28:29 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 9:28:25 PM - Error connecting to the internet. 9:28:25 PM - Unable
to contact server..

[ OSession Events ]
Error - 14/01/2010 03:48:57 | Computer Name = Seven-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 856 seconds with 540 seconds of active time. This session ended with a crash.

Error - 02/08/2011 02:21:28 | Computer Name = Seven-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22357
seconds with 11160 seconds of active time. This session ended with a crash.

Error - 18/10/2011 21:59:21 | Computer Name = Seven-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/12/2011 04:35:24 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 28/12/2011 04:35:24 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 28/12/2011 04:35:25 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 28/12/2011 04:37:10 | Computer Name = Seven-PC | Source = PNRPSvc | ID = 102
Description =

Error - 28/12/2011 04:37:10 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 28/12/2011 04:46:09 | Computer Name = Seven-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 28/12/2011 05:35:36 | Computer Name = Seven-PC | Source = Application Popup | ID = 875
Description = Driver COH_Mon.sys has been blocked from loading.

Error - 28/12/2011 05:35:36 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275

Error - 28/12/2011 06:30:47 | Computer Name = Seven-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 28/12/2011 06:35:44 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Please just copy and paste your logs. Do not user spoiler.


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#3
chelsq

chelsq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for your reply :)

When running ComboFix, I got error messages saying "Freeware implementation of XCACLS has stopped working" twice, but the scan still running, then it found rootkit infection and alerted that the computer need to reboot. After reboot and initial scan was complete, it said it needed to run a deeper scan. After finishing that, the computer was rebooted again, then it finished and produced log.

Here's the ComboFix log:

ComboFix 11-12-28.03 - Windows 29/12/2011 9:17.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2045.770 [GMT 8:00]
Running from: c:\users\Windows\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinPCap
c:\users\Windows\AppData\Roaming\.#
c:\users\Windows\AppData\Roaming\3M
c:\users\Windows\AppData\Roaming\3M\PDNotes\PDNDB
c:\users\Windows\AppData\Roaming\3M\PDNotes\PDNDB.ldb
c:\users\Windows\AppData\Roaming\3M\PDNotes\Subscriptions.config
c:\users\Windows\AppData\Roaming\AngryBirdsSeasons.exe
c:\users\Windows\AppData\Roaming\FFSJ
c:\users\Windows\AppData\Roaming\FFSJ\FFSJ.cfg
c:\windows\$NtUninstallKB44520$\1195399385
c:\windows\$NtUninstallKB44520$\861118139\@
c:\windows\$NtUninstallKB44520$\861118139\bckfg.tmp
c:\windows\$NtUninstallKB44520$\861118139\cfg.ini
c:\windows\$NtUninstallKB44520$\861118139\Desktop.ini
c:\windows\$NtUninstallKB44520$\861118139\keywords
c:\windows\$NtUninstallKB44520$\861118139\kwrd.dll
c:\windows\$NtUninstallKB44520$\861118139\L\xadqgnnk
c:\windows\$NtUninstallKB44520$\861118139\U\[email protected]
c:\windows\$NtUninstallKB44520$\861118139\U\[email protected]
c:\windows\$NtUninstallKB44520$\861118139\U\[email protected]
c:\windows\$NtUninstallKB44520$\861118139\U\[email protected]
c:\windows\$NtUninstallKB44520$\861118139\U\[email protected]
c:\windows\$NtUninstallKB44520$\861118139\U\[email protected]
c:\windows\iun6002.exe
c:\windows\$NtUninstallKB44520$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-29 01:44 . 2011-12-29 01:49 -------- d-----w- c:\users\Windows\AppData\Local\temp
2011-12-29 01:44 . 2011-12-29 01:44 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-12-29 01:44 . 2011-12-29 01:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-29 01:44 . 2011-12-29 01:44 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2011-12-29 01:44 . 2011-12-29 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-29 01:44 . 2011-12-29 01:44 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2011-12-29 01:44 . 2011-12-29 01:44 -------- d-----w- c:\users\Bagian Keuangan\AppData\Local\temp
2011-12-29 01:44 . 2011-12-29 01:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-12-29 01:33 . 2011-12-29 01:33 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2011-12-29 01:11 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-29 00:39 . 2011-12-10 07:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 09:18 . 2011-04-28 03:15 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-12-28 09:18 . 2011-04-28 03:15 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-12-27 17:18 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-27 17:05 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-12-27 17:05 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-12-27 17:05 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-12-27 17:05 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-27 17:05 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-27 17:01 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-27 17:01 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-27 17:01 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-27 16:55 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-12-27 16:55 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-27 14:11 . 2011-12-27 14:11 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-27 14:03 . 2011-12-27 14:03 -------- d-----w- c:\program files\Application Updater
2011-12-27 14:03 . 2011-12-27 14:03 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-12-27 14:03 . 2011-12-27 14:03 -------- d-----w- c:\program files\Common Files\Spigot
2011-12-27 13:49 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-12-27 13:47 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-12-27 13:14 . 2011-12-27 13:14 -------- d-----w- c:\programdata\IObit
2011-12-27 13:11 . 2011-12-27 13:11 -------- d-----w- c:\users\Windows\AppData\Roaming\IObit
2011-12-27 13:11 . 2011-12-27 13:11 -------- d-----w- c:\program files\IObit
2011-12-27 11:50 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-10 07:08 . 2011-12-20 13:40 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2011-12-10 07:08 . 2011-12-10 07:08 -------- d-----w- c:\users\Windows\AppData\Roaming\FixTDSS
2011-12-01 09:21 . 2011-12-01 09:21 29622600 ----a-w- c:\users\Windows\AppData\Roaming\AngryBirdsSeasonsInstaller_2.0.0.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 01:14 . 2011-05-19 23:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:25 . 2011-12-27 17:05 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:26 . 2011-12-27 17:04 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:39 . 2011-12-28 01:19 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-10-26 04:47 . 2011-12-27 15:46 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:47 . 2011-12-27 15:46 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-05 14:10 . 2011-10-05 14:10 794906 ----a-w- c:\windows\unins000.exe
2011-10-02 21:06 . 2010-04-28 12:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-11 03:41 . 2011-05-11 03:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 08:39 . 046BE59748E24BEF1F610DDB1240A4E8 . 74752 . . [------] . . c:\windows\System32\drivers\tdx.sys
[-] 2010-11-20 08:39 . 046BE59748E24BEF1F610DDB1240A4E8 . 74752 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[7] 2009-07-13 . CB39E896A2A83702D1737BFD402B3542 . 74240 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
[-] 2011-05-28 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 04:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-10-18 04:26 3908192 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-25 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"WebcamMaxAutoRun"="g:\photo editor\WebcamMax\WebcamMax.exe" [2010-10-13 6046960]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-04-14 428544]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-08 221184]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Facebook Update"="c:\users\Windows\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-21 137536]
"MyWirelessCard"="c:\program files\PROLINK\PHS100\PROLINK HSDPA Modem.exe" [2010-10-12 2043904]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-27 619352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 282624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2009-02-10 876760]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"LFService"="c:\program files\Lock Folder XP\LFService.exe" [2009-07-23 40960]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
.
c:\users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 03:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 19:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-21 04:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 136176]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-06-03 599344]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-11-19 23888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-23 116136]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-06 17408]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 98672]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 14960]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 124016]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 117872]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 25456]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 113904]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 123504]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TIDHOOK;TIDHOOK;c:\users\Windows\AppData\Local\Temp\fxxoksm8.tmp\tidhook.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USB_RNDIS_51;%USBServiceDisplayName%;c:\windows\system32\DRIVERS\usb8023.sys [2009-07-13 15872]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-28 1343400]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2011-12-20 26872]
S0 LFSys;LFSys;c:\windows\System32\Drivers\LFSys.sys [2009-07-09 77312]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-27 494424]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 99896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-05-15 107616]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 59904]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-15 106104]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]
S3 plkusbser;PROLiNKU6 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\plkusbser.sys [2008-01-23 99456]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv.sys [2009-03-25 2340224]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 03:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000Core.job
- c:\users\Windows\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 14:17]
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000UA.job
- c:\users\Windows\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 14:17]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 20:54]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 20:54]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000Core.job
- c:\users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 13:02]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000UA.job
- c:\users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 13:02]
.
2011-12-03 c:\windows\Tasks\HPCeeScheduleForSEVEN-PC$.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-06 20:22]
.
2011-12-29 c:\windows\Tasks\HPCeeScheduleForWindows.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-06 20:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.dapyx.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.myheritage.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{A98DCD0E-AC95-439D-AF39-F6F059F4C521}\86F64756C6020716255602759637144716: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\tbd7h4k8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - hxxp://id.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.http - 110.8.253.100
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-Wdf01000.sys
SafeBoot-Symantec Antvirus
AddRemove-Advanced PC Tweaker_is1 - c:\program files\Advanced PC Tweaker\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3626651802-3374829526-3147755075-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5863CD10-1023-8CED-6756-D963894E948C}*]
"manbamldlpfipdaodophomkcci"=hex:61,61,00,00
"abacjmjemopampobliiiakanjokadidcge"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000054
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0024\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0025\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0026\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0027\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0028\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0029\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0030\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0031\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0032\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0033\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0034\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0035\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\cFosSpeed\spd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\dbbmn\bin\mysqld.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\sppsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\conhost.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Smadav\SMc:\windows\system32\SearchIndexer.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-12-29 09:57:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 01:57
.
Pre-Run: 3,589,967,872 bytes free
Post-Run: 3,119,927,296 bytes free
.
- - End Of File - - 10BE4D12DD1C09861426D75D73B49F4C

.
  • 0

#4
chelsq

chelsq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
TDSSKiller log:


11:46:06.0960 3256 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:46:08.0963 3256 ============================================================
11:46:08.0963 3256 Current date / time: 2011/12/29 11:46:08.0963
11:46:08.0963 3256 SystemInfo:
11:46:08.0963 3256
11:46:08.0963 3256 OS Version: 6.1.7601 ServicePack: 1.0
11:46:08.0963 3256 Product type: Workstation
11:46:08.0963 3256 ComputerName: SEVEN-PC
11:46:08.0963 3256 UserName: Windows
11:46:08.0963 3256 Windows directory: C:\Windows
11:46:08.0963 3256 System windows directory: C:\Windows
11:46:08.0963 3256 Processor architecture: Intel x86
11:46:08.0963 3256 Number of processors: 2
11:46:08.0963 3256 Page size: 0x1000
11:46:08.0963 3256 Boot type: Normal boot
11:46:08.0963 3256 ============================================================
11:46:10.0291 3256 Initialize success
11:46:13.0539 2604 ============================================================
11:46:13.0539 2604 Scan started
11:46:13.0539 2604 Mode: Manual;
11:46:13.0539 2604 ============================================================
11:46:13.0754 2604 1394ohci - ok
11:46:13.0763 2604 Accelerometer - ok
11:46:13.0769 2604 ACPI - ok
11:46:13.0775 2604 AcpiPmi - ok
11:46:13.0785 2604 adp94xx - ok
11:46:13.0792 2604 adpahci - ok
11:46:13.0798 2604 adpu320 - ok
11:46:13.0845 2604 AFD - ok
11:46:13.0854 2604 AgereSoftModem - ok
11:46:13.0859 2604 agp440 - ok
11:46:13.0865 2604 aic78xx - ok
11:46:13.0873 2604 aliide - ok
11:46:13.0880 2604 amdagp - ok
11:46:13.0885 2604 amdide - ok
11:46:13.0891 2604 AmdK8 - ok
11:46:13.0898 2604 AmdPPM - ok
11:46:13.0904 2604 amdsata - ok
11:46:13.0910 2604 amdsbs - ok
11:46:13.0915 2604 amdxata - ok
11:46:13.0921 2604 ApfiltrService - ok
11:46:13.0930 2604 AppID - ok
11:46:14.0024 2604 arc - ok
11:46:14.0030 2604 arcsas - ok
11:46:14.0050 2604 AsyncMac - ok
11:46:14.0056 2604 atapi - ok
11:46:14.0071 2604 b06bdrv - ok
11:46:14.0077 2604 b57nd60x - ok
11:46:14.0087 2604 BazisVirtualCDBus - ok
11:46:14.0101 2604 BCM43XX - ok
11:46:14.0110 2604 Beep - ok
11:46:14.0119 2604 blbdrive - ok
11:46:14.0125 2604 bowser - ok
11:46:14.0131 2604 BrFiltLo - ok
11:46:14.0137 2604 BrFiltUp - ok
11:46:14.0146 2604 Brserid - ok
11:46:14.0153 2604 BrSerWdm - ok
11:46:14.0158 2604 BrUsbMdm - ok
11:46:14.0170 2604 BrUsbSer - ok
11:46:14.0177 2604 BthEnum - ok
11:46:14.0183 2604 BTHMODEM - ok
11:46:14.0189 2604 BthPan - ok
11:46:14.0197 2604 BTHPORT - ok
11:46:14.0208 2604 BTHUSB - ok
11:46:14.0224 2604 catchme - ok
11:46:14.0235 2604 cdfs - ok
11:46:14.0241 2604 cdrom - ok
11:46:14.0250 2604 cFosSpeed - ok
11:46:14.0258 2604 circlass - ok
11:46:14.0265 2604 CLFS - ok
11:46:14.0276 2604 CmBatt - ok
11:46:14.0282 2604 cmdide - ok
11:46:14.0288 2604 CNG - ok
11:46:14.0295 2604 COH_Mon - ok
11:46:14.0303 2604 Compbatt - ok
11:46:14.0309 2604 CompositeBus - ok
11:46:14.0318 2604 crcdisk - ok
11:46:14.0330 2604 CSC - ok
11:46:14.0347 2604 DfsC - ok
11:46:14.0356 2604 discache - ok
11:46:14.0362 2604 Disk - ok
11:46:14.0373 2604 dot4 - ok
11:46:14.0380 2604 Dot4Print - ok
11:46:14.0385 2604 dot4usb - ok
11:46:14.0395 2604 drmkaud - ok
11:46:14.0400 2604 DXGKrnl - ok
11:46:14.0409 2604 ebdrv - ok
11:46:14.0418 2604 eeCtrl - ok
11:46:14.0432 2604 elxstor - ok
11:46:14.0437 2604 enecir - ok
11:46:14.0443 2604 EraserUtilRebootDrv - ok
11:46:14.0450 2604 ErrDev - ok
11:46:14.0506 2604 exfat - ok
11:46:14.0513 2604 fastfat - ok
11:46:14.0524 2604 fdc - ok
11:46:14.0539 2604 FileInfo - ok
11:46:14.0546 2604 Filetrace - ok
11:46:14.0550 2604 FixTDSS - ok
11:46:14.0557 2604 flpydisk - ok
11:46:14.0564 2604 FltMgr - ok
11:46:14.0577 2604 FsDepends - ok
11:46:14.0584 2604 Fs_Rec - ok
11:46:14.0591 2604 fvevol - ok
11:46:14.0598 2604 gagp30kx - ok
11:46:14.0619 2604 hcw85cir - ok
11:46:14.0625 2604 HdAudAddService - ok
11:46:14.0633 2604 HDAudBus - ok
11:46:14.0640 2604 HidBatt - ok
11:46:14.0646 2604 HidBth - ok
11:46:14.0653 2604 HidIr - ok
11:46:14.0700 2604 HidUsb - ok
11:46:14.0717 2604 hpdskflt - ok
11:46:14.0723 2604 HpqKbFiltr - ok
11:46:14.0731 2604 HpSAMD - ok
11:46:14.0743 2604 HTTP - ok
11:46:14.0751 2604 hwdatacard - ok
11:46:14.0757 2604 hwpolicy - ok
11:46:14.0770 2604 i8042prt - ok
11:46:14.0775 2604 iaStorV - ok
11:46:14.0784 2604 iirsp - ok
11:46:14.0799 2604 intelide - ok
11:46:14.0805 2604 intelppm - ok
11:46:14.0814 2604 IpFilterDriver - ok
11:46:14.0822 2604 IPMIDRV - ok
11:46:14.0829 2604 IPNAT - ok
11:46:14.0835 2604 IRENUM - ok
11:46:14.0840 2604 isapnp - ok
11:46:14.0846 2604 iScsiPrt - ok
11:46:14.0852 2604 JMCR - ok
11:46:14.0858 2604 kbdclass - ok
11:46:14.0864 2604 kbdhid - ok
11:46:14.0872 2604 KSecDD - ok
11:46:14.0878 2604 KSecPkg - ok
11:46:14.0896 2604 LFSys - ok
11:46:14.0907 2604 lltdio - ok
11:46:14.0921 2604 LSI_FC - ok
11:46:14.0927 2604 LSI_SAS - ok
11:46:14.0933 2604 LSI_SAS2 - ok
11:46:14.0939 2604 LSI_SCSI - ok
11:46:14.0945 2604 luafv - ok
11:46:14.0953 2604 megasas - ok
11:46:14.0959 2604 MegaSR - ok
11:46:14.0971 2604 Modem - ok
11:46:14.0976 2604 monitor - ok
11:46:14.0983 2604 mouclass - ok
11:46:14.0988 2604 mouhid - ok
11:46:14.0994 2604 mountmgr - ok
11:46:15.0000 2604 mpio - ok
11:46:15.0006 2604 mpsdrv - ok
11:46:15.0012 2604 MRxDAV - ok
11:46:15.0018 2604 mrxsmb - ok
11:46:15.0023 2604 mrxsmb10 - ok
11:46:15.0030 2604 mrxsmb20 - ok
11:46:15.0035 2604 msahci - ok
11:46:15.0041 2604 msdsm - ok
11:46:15.0055 2604 Msfs - ok
11:46:15.0061 2604 mshidkmdf - ok
11:46:15.0068 2604 msisadrv - ok
11:46:15.0079 2604 MSKSSRV - ok
11:46:15.0085 2604 MSPCLOCK - ok
11:46:15.0091 2604 MSPQM - ok
11:46:15.0097 2604 MsRPC - ok
11:46:15.0105 2604 mssmbios - ok
11:46:15.0111 2604 MSTEE - ok
11:46:15.0117 2604 MTConfig - ok
11:46:15.0123 2604 Mup - ok
11:46:15.0128 2604 mvusbews - ok
11:46:15.0140 2604 NativeWifiP - ok
11:46:15.0147 2604 NAVENG - ok
11:46:15.0152 2604 NAVEX15 - ok
11:46:15.0159 2604 NDIS - ok
11:46:15.0203 2604 NdisCap - ok
11:46:15.0209 2604 NdisTapi - ok
11:46:15.0216 2604 Ndisuio - ok
11:46:15.0223 2604 NdisWan - ok
11:46:15.0228 2604 NDProxy - ok
11:46:15.0235 2604 NetBIOS - ok
11:46:15.0241 2604 NetBT - ok
11:46:15.0259 2604 nfrd960 - ok
11:46:15.0268 2604 Npfs - ok
11:46:15.0277 2604 nsiproxy - ok
11:46:15.0285 2604 Ntfs - ok
11:46:15.0292 2604 Null - ok
11:46:15.0298 2604 NVHDA - ok
11:46:15.0304 2604 nvlddmkm - ok
11:46:15.0310 2604 nvraid - ok
11:46:15.0316 2604 nvstor - ok
11:46:15.0324 2604 nv_agp - ok
11:46:15.0334 2604 ohci1394 - ok
11:46:15.0366 2604 Parport - ok
11:46:15.0371 2604 partmgr - ok
11:46:15.0377 2604 Parvdm - ok
11:46:15.0387 2604 pci - ok
11:46:15.0392 2604 pciide - ok
11:46:15.0399 2604 pcmcia - ok
11:46:15.0405 2604 pcw - ok
11:46:15.0410 2604 PEAUTH - ok
11:46:15.0433 2604 plkusbser - ok
11:46:15.0460 2604 PptpMiniport - ok
11:46:15.0466 2604 Processor - ok
11:46:15.0477 2604 Psched - ok
11:46:15.0483 2604 ql2300 - ok
11:46:15.0489 2604 ql40xx - ok
11:46:15.0500 2604 QWAVEdrv - ok
11:46:15.0506 2604 RasAcd - ok
11:46:15.0511 2604 RasAgileVpn - ok
11:46:15.0522 2604 Rasl2tp - ok
11:46:15.0531 2604 RasPppoe - ok
11:46:15.0537 2604 RasSstp - ok
11:46:15.0542 2604 rdbss - ok
11:46:15.0549 2604 rdpbus - ok
11:46:15.0555 2604 RDPCDD - ok
11:46:15.0564 2604 RDPDR - ok
11:46:15.0570 2604 RDPENCDD - ok
11:46:15.0578 2604 RDPREFMP - ok
11:46:15.0588 2604 RdpVideoMiniport - ok
11:46:15.0593 2604 RDPWD - ok
11:46:15.0601 2604 rdyboost - ok
11:46:15.0636 2604 RFCOMM - ok
11:46:15.0641 2604 RimUsb - ok
11:46:15.0656 2604 rspndr - ok
11:46:15.0661 2604 RTL8167 - ok
11:46:15.0669 2604 s1039bus - ok
11:46:15.0674 2604 s1039mdfl - ok
11:46:15.0681 2604 s1039mdm - ok
11:46:15.0687 2604 s1039mgmt - ok
11:46:15.0692 2604 s1039nd5 - ok
11:46:15.0700 2604 s1039obex - ok
11:46:15.0706 2604 s1039unic - ok
11:46:15.0712 2604 s3cap - ok
11:46:15.0722 2604 sbp2port - ok
11:46:15.0755 2604 scfilter - ok
11:46:15.0788 2604 sdbus - ok
11:46:15.0820 2604 secdrv - ok
11:46:15.0835 2604 Serenum - ok
11:46:15.0840 2604 Serial - ok
11:46:15.0847 2604 sermouse - ok
11:46:15.0864 2604 sffdisk - ok
11:46:15.0870 2604 sffp_mmc - ok
11:46:15.0876 2604 sffp_sd - ok
11:46:15.0882 2604 sfloppy - ok
11:46:15.0941 2604 sisagp - ok
11:46:15.0953 2604 SiSRaid2 - ok
11:46:15.0959 2604 SiSRaid4 - ok
11:46:15.0973 2604 Smb - ok
11:46:16.0032 2604 SPBBCDrv - ok
11:46:16.0039 2604 spldr - ok
11:46:16.0068 2604 SPUVCbv - ok
11:46:16.0073 2604 SRTSP - ok
11:46:16.0080 2604 SRTSPL - ok
11:46:16.0086 2604 SRTSPX - ok
11:46:16.0091 2604 srv - ok
11:46:16.0097 2604 srv2 - ok
11:46:16.0104 2604 srvnet - ok
11:46:16.0134 2604 stexstor - ok
11:46:16.0139 2604 STHDA - ok
11:46:16.0149 2604 storflt - ok
11:46:16.0155 2604 storvsc - ok
11:46:16.0161 2604 swenum - ok
11:46:16.0178 2604 SymEvent - ok
11:46:16.0184 2604 SYMREDRV - ok
11:46:16.0190 2604 SYMTDI - ok
11:46:16.0196 2604 Synth3dVsc - ok
11:46:16.0205 2604 SysPlant - ok
11:46:16.0213 2604 tap0901 - ok
11:46:16.0226 2604 Tcpip - ok
11:46:16.0232 2604 TCPIP6 - ok
11:46:16.0246 2604 tcpipreg - ok
11:46:16.0257 2604 TDPIPE - ok
11:46:16.0262 2604 TDTCP - ok
11:46:16.0268 2604 tdx - ok
11:46:16.0274 2604 Teefer2 - ok
11:46:16.0280 2604 TermDD - ok
11:46:16.0294 2604 TIDHOOK - ok
11:46:16.0319 2604 tssecsrv - ok
11:46:16.0324 2604 TsUsbFlt - ok
11:46:16.0330 2604 tsusbhub - ok
11:46:16.0336 2604 tunnel - ok
11:46:16.0342 2604 uagp35 - ok
11:46:16.0356 2604 udfs - ok
11:46:16.0374 2604 uliagpkx - ok
11:46:16.0389 2604 umbus - ok
11:46:16.0394 2604 UmPass - ok
11:46:16.0405 2604 usbccgp - ok
11:46:16.0411 2604 usbcir - ok
11:46:16.0424 2604 usbehci - ok
11:46:16.0428 2604 usbhub - ok
11:46:16.0434 2604 usbohci - ok
11:46:16.0440 2604 usbprint - ok
11:46:16.0457 2604 usbscan - ok
11:46:16.0460 2604 USBSTOR - ok
11:46:16.0466 2604 usbuhci - ok
11:46:16.0472 2604 usbvideo - ok
11:46:16.0478 2604 USB_RNDIS_51 - ok
11:46:16.0490 2604 vdrvroot - ok
11:46:16.0502 2604 vga - ok
11:46:16.0508 2604 VgaSave - ok
11:46:16.0514 2604 VGPU - ok
11:46:16.0520 2604 vhdmp - ok
11:46:16.0525 2604 viaagp - ok
11:46:16.0531 2604 ViaC7 - ok
11:46:16.0537 2604 viaide - ok
11:46:16.0543 2604 vmbus - ok
11:46:16.0549 2604 VMBusHID - ok
11:46:16.0554 2604 volmgr - ok
11:46:16.0561 2604 volmgrx - ok
11:46:16.0567 2604 volsnap - ok
11:46:16.0573 2604 vsmraid - ok
11:46:16.0581 2604 vwifibus - ok
11:46:16.0587 2604 vwififlt - ok
11:46:16.0593 2604 vwifimp - ok
11:46:16.0599 2604 w200bus - ok
11:46:16.0605 2604 w200mdfl - ok
11:46:16.0611 2604 w200mdm - ok
11:46:16.0617 2604 w200mgmt - ok
11:46:16.0623 2604 w200obex - ok
11:46:16.0634 2604 WacomPen - ok
11:46:16.0640 2604 WANARP - ok
11:46:16.0646 2604 Wanarpv6 - ok
11:46:16.0669 2604 Wd - ok
11:46:16.0675 2604 Wdf01000 - ok
11:46:16.0719 2604 WfpLwf - ok
11:46:16.0733 2604 WIMMount - ok
11:46:16.0766 2604 WinUsb - ok
11:46:16.0800 2604 WmiAcpi - ok
11:46:16.0833 2604 WPS - ok
11:46:16.0839 2604 WpsHelper - ok
11:46:16.0844 2604 ws2ifsl - ok
11:46:16.0908 2604 WudfPf - ok
11:46:16.0913 2604 WUDFRd - ok
11:46:16.0958 2604 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:46:17.0011 2604 \Device\Harddisk0\DR0 - ok
11:46:17.0012 2604 ============================================================
11:46:17.0012 2604 Scan finished
11:46:17.0012 2604 ============================================================
11:46:17.0025 5628 Detected object count: 0
11:46:17.0025 5628 Actual detected object count: 0
11:46:29.0804 2400 Deinitialize success


aswMBR log:


aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-29 11:47:40
-----------------------------
11:47:40.392 OS Version: Windows 6.1.7601 Service Pack 1
11:47:40.392 Number of processors: 2 586 0x170A
11:47:40.393 ComputerName: SEVEN-PC UserName: Windows
11:48:00.454 Initialize success
11:49:13.348 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:49:13.350 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 11
11:49:15.376 Disk 0 MBR read successfully
11:49:15.379 Disk 0 MBR scan
11:49:15.381 Disk 0 Windows 7 default MBR code
11:49:15.384 Disk 0 Partition 1 00 42 SFS 0 MB offset 63
11:49:15.414 Disk 0 Partition 2 80 (A) 42 SFS NTFS 100 MB offset 2048
11:49:15.422 Disk 0 Partition 3 00 42 SFS NTFS 59900 MB offset 206848
11:49:15.443 Disk 0 Partition 4 00 42 SFS NTFS 245243 MB offset 122882048
11:49:15.448 Disk 0 scanning sectors +625140400
11:49:15.478 Disk 0 scanning C:\Windows\system32\drivers
11:49:15.484 Service scanning
11:49:19.653 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
11:49:19.716 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
11:49:20.712 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
11:49:20.719 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
11:49:21.290 Modules scanning
11:49:22.912 Scan finished successfully
11:49:53.259 Disk 0 MBR has been saved successfully to "C:\Users\Windows\Desktop\MBR.dat"
11:49:53.267 The log file has been saved successfully to "C:\Users\Windows\Desktop\aswMBR.txt"

Malwarebytes' log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.28.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Windows :: SEVEN-PC [administrator]

29/12/2011 11:51:18
mbam-log-2011-12-29 (11-51-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257554
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 12
c:\users\public\documents\my pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.
c:\users\public\documents\my pictures\my pictures.exe (Worm.AutoRun) -> Delete on reboot.
c:\users\public\documents\my pictures\my pictures.url (Trojan.Zlob) -> Delete on reboot.
c:\users\public\documents\my pictures\sample pictures\blue hills.exe (Trojan.Xanib) -> Delete on reboot.
c:\users\public\documents\my pictures\sample pictures\cakep.exe (Worm.Xanib) -> Delete on reboot.
c:\users\public\documents\my pictures\sample pictures\cuakep.exe (Worm.Xanib) -> Delete on reboot.
c:\users\public\documents\my pictures\sample pictures\sunset.exe (Trojan.Xanib) -> Delete on reboot.
c:\users\public\documents\my pictures\sample pictures\water lilies.exe (Trojan.Xanib) -> Delete on reboot.
c:\users\public\documents\my pictures\sample pictures\winter.exe (Trojan.Xanib) -> Delete on reboot.
c:\users\public\documents\my pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot.
c:\users\windows\downloads\adobeflashplayerhd.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\users\public\pictures\cool profile pics\cool profile pics.exe (Trojan.Agent) -> Delete on reboot.

(end)
  • 0

#5
chelsq

chelsq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL.txt


OTL logfile created on: 29/12/2011 12:19:20 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Windows\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.35% Memory free
3.99 Gb Paging File | 2.71 Gb Available in Paging File | 67.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.50 Gb Total Space | 3.06 Gb Free Space | 5.23% Space Free | Partition Type: NTFS
Drive D: | 101.17 Gb Total Space | 16.07 Gb Free Space | 15.89% Space Free | Partition Type: NTFS
Drive E: | 13.05 Gb Total Space | 2.04 Gb Free Space | 15.60% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 62.60 Gb Total Space | 9.48 Gb Free Space | 15.14% Space Free | Partition Type: NTFS
Drive H: | 62.67 Gb Total Space | 6.46 Gb Free Space | 10.31% Space Free | Partition Type: NTFS

Computer Name: SEVEN-PC | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/27 23:11:24 | 000,619,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/12/27 23:11:24 | 000,494,424 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/12/20 18:36:54 | 001,503,232 | ---- | M] (Smadsoft) -- C:\Program Files\Smadav\SMΔRTP.exe
PRC - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/12/13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/10/16 21:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
PRC - [2011/06/24 12:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/14 13:26:56 | 000,428,544 | ---- | M] (Sony Ericsson) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 20:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/10/12 15:55:24 | 002,043,904 | ---- | M] () -- C:\Program Files\PROLINK\PHS100\PROLINK HSDPA Modem.exe
PRC - [2010/06/02 19:15:58 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/04/08 04:57:42 | 000,099,896 | R--- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
PRC - [2009/09/22 11:50:36 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2009/07/27 02:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/07/23 16:13:32 | 000,040,960 | ---- | M] () -- C:\Program Files\Lock Folder XP\LFService.exe
PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
PRC - [2009/02/10 12:02:28 | 000,385,240 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe
PRC - [2009/02/10 12:02:24 | 000,876,760 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\cfosspeed.exe
PRC - [2008/12/09 13:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/09 13:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2007/07/06 13:24:54 | 005,730,304 | ---- | M] () -- c:\Program Files\dbbmn\bin\mysqld.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/28 18:46:09 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/12/28 16:41:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/12/28 16:40:48 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/12/28 16:40:28 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll
MOD - [2011/12/28 16:40:25 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/12/28 16:39:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/12/28 16:39:43 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/12/28 16:39:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/12/28 16:38:59 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/12/28 16:38:30 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/12/28 16:38:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/12/28 16:38:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/12/28 16:37:46 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/12/28 16:37:23 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/12/20 18:36:54 | 001,503,232 | ---- | M] () -- C:\Program Files\Smadav\SM?RTP.exe
MOD - [2011/12/07 19:16:28 | 000,411,192 | ---- | M] () -- C:\Users\Windows\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
MOD - [2011/12/07 19:16:27 | 003,767,864 | ---- | M] () -- C:\Users\Windows\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 19:14:56 | 000,122,952 | ---- | M] () -- C:\Users\Windows\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 19:14:55 | 000,222,280 | ---- | M] () -- C:\Users\Windows\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 19:14:53 | 001,746,504 | ---- | M] () -- C:\Users\Windows\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2010/12/17 11:33:12 | 000,204,800 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll
MOD - [2010/12/13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
MOD - [2010/12/13 10:58:50 | 000,047,616 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll
MOD - [2010/11/05 09:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/12 15:55:24 | 002,043,904 | ---- | M] () -- C:\Program Files\PROLINK\PHS100\PROLINK HSDPA Modem.exe
MOD - [2010/10/12 15:55:08 | 002,289,664 | ---- | M] () -- C:\Program Files\PROLINK\PHS100\lang\en\_iures.dll
MOD - [2010/10/12 15:54:58 | 000,221,184 | ---- | M] () -- C:\Program Files\PROLINK\PHS100\wmd_DLL.dll
MOD - [2010/08/10 14:58:48 | 000,139,264 | ---- | M] () -- C:\Program Files\PROLINK\PHS100\VoIP.dll
MOD - [2010/06/02 17:01:30 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/03/19 10:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 10:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 10:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/03/18 15:55:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\Report.dll
MOD - [2009/10/25 22:27:56 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/10/25 22:27:54 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/10/25 22:27:46 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/10/25 22:27:46 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/10/25 22:27:46 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/10/25 22:27:44 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/10/25 22:27:38 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/10/25 22:27:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/08/17 09:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/23 16:13:32 | 000,040,960 | ---- | M] () -- C:\Program Files\Lock Folder XP\LFService.exe
MOD - [2009/07/14 12:36:02 | 000,032,768 | ---- | M] () -- C:\Program Files\Lock Folder XP\LF37Context.dll
MOD - [2008/11/28 13:39:34 | 000,036,864 | ---- | M] () -- C:\Program Files\PROLINK\PHS100\DevEstimate.dll
MOD - [2008/07/20 21:11:32 | 000,247,808 | ---- | M] () -- C:\Windows\System32\FFSJ\FFSJSHL.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/27 23:11:24 | 000,494,424 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/05/28 18:18:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/11/20 20:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 20:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/06/02 19:15:58 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2010/04/08 04:57:42 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/03 18:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/10 12:02:28 | 000,385,240 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2008/12/09 14:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/09 13:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/09 13:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/15 06:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/15 06:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/07/01 08:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/07/06 13:24:54 | 005,730,304 | ---- | M] () [Auto | Running] -- c:\program files\dbbmn\bin\mysqld.exe -- (MySQL)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 21:40:56 | 000,026,872 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\FixTDSS.sys -- (FixTDSS)
DRV - [2011/11/15 17:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/15 17:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 07:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111227.032\navex15.sys -- (NAVEX15)
DRV - [2011/10/18 07:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111227.032\naveng.sys -- (NAVENG)
DRV - [2011/06/21 17:46:10 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/05/16 03:35:25 | 000,107,616 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 16:39:17 | 000,074,752 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2010/07/16 15:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/07/16 15:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/06/02 19:15:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2010/03/23 14:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/03/15 10:38:44 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2010/03/15 10:38:44 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2010/03/15 10:38:44 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2010/03/15 10:38:44 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2010/03/15 09:38:44 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2010/03/15 09:38:44 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2010/03/15 09:38:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2010/03/06 15:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2010/03/02 14:44:25 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/20 15:26:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/10/03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/22 12:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/23 11:03:54 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/07/14 07:54:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_51)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/09 15:41:30 | 000,077,312 | ---- | M] (© Everstrike Software) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\LFSys.sys -- (LFSys)
DRV - [2009/05/21 06:08:40 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009/05/13 10:35:40 | 000,203,824 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/04/30 00:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/03/26 07:02:36 | 002,340,224 | ---- | M] (Digital Camera) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SPUVCBv.sys -- (SPUVCbv)
DRV - [2009/02/10 12:02:34 | 000,787,672 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfosspeed.sys -- (cFosSpeed)
DRV - [2008/12/09 13:45:28 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/12/09 13:43:46 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/11/19 10:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/15 03:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/10/14 04:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/14 04:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/14 04:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/22 03:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/22 03:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/06/17 08:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/03/17 11:05:30 | 000,101,632 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/01/23 09:08:58 | 000,099,456 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\plkusbser.sys -- (plkusbser)
DRV - [2006/10/25 05:12:48 | 000,086,368 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w200obex.sys -- (w200obex)
DRV - [2006/10/25 05:12:00 | 000,088,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w200mgmt.sys -- (w200mgmt) Sony Ericsson W200 USB WMC Device Management Drivers (WDM)
DRV - [2006/10/25 05:11:12 | 000,097,056 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w200mdm.sys -- (w200mdm)
DRV - [2006/10/25 05:11:08 | 000,009,328 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w200mdfl.sys -- (w200mdfl)
DRV - [2006/10/25 05:10:20 | 000,061,504 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w200bus.sys -- (w200bus) Sony Ericsson W200 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.dapyx.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 D9 FE AF 62 70 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: D:\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: G:\Photo Editor\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Windows\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Windows\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Windows\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Fiddler2\FiddlerHook [2011/02/09 16:07:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 11:41:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 23:10:51 | 000,000,000 | ---D | M]

[2011/09/05 20:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Extensions
[2011/09/05 20:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/12/27 22:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions
[2011/11/29 11:35:04 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/05/27 13:59:30 | 000,000,000 | ---D | M] (Playboost Gamebar) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\{A79D8B60-1FF0-47F0-8E79-8CDE1FECB0FD}
[2011/11/30 11:37:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/29 11:45:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/01 05:56:37 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/05/01 05:56:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\[email protected]
[2010/09/23 09:29:08 | 000,000,000 | ---D | M] (Multiply Toolbar) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\[email protected]
[2011/05/01 05:56:38 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\tbd7h4k8.default\extensions\[email protected]
[2011/12/27 22:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/13 11:37:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/28 20:22:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/23 12:02:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/03 09:22:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/18 12:12:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/17 17:29:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/26 10:40:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/24 18:51:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/05/11 11:41:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/13 00:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/05/11 11:41:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/10/15 15:36:28 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = D:\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Picasa (Enabled) = G:\Photo Editor\Picasa3\npPicasa3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: We Heart It = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae\1.2.6_0\
CHR - Extension: Picnik = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\
CHR - Extension: Blog This! = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pengoopmcjnbflcjbmoeodbmoflcgjlk\0.2_0\
CHR - Extension: WWF Indonesia = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifcghcdmgljhjflhabcieaojeihllap\1.0\

O1 HOSTS File: ([2011/12/29 09:47:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [LFService] C:\Program Files\Lock Folder XP\LFService.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Windows\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MyWirelessCard] C:\Program Files\PROLINK\PHS100\PROLINK HSDPA Modem.exe ()
O4 - HKCU..\Run: [SMΔRT-Protection] C:\Program Files\Smadav\SMΔRTP.exe (Smadsoft)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [WebcamMaxAutoRun] G:\Photo Editor\WebcamMax\WebcamMax.exe (CoolwareMax)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Masters%20of%20Mystery%20-%20Crime%20of%20Fashion/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Masters%20of%20Mystery%20-%20Crime%20of%20Fashion/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F6B46FA-DDBD-4880-AE97-5666AABDB098}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53C304F5-89F5-4BE2-88E3-F91835F08E80}: NameServer = 192.168.39.28 10.11.12.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A98DCD0E-AC95-439D-AF39-F6F059F4C521}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/07/04 07:11:23 | 000,000,000 | ---D | M] - D:\auto -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 09:47:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/29 09:44:47 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\temp
[2011/12/29 09:44:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/29 08:46:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/29 08:46:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/29 08:46:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/29 08:46:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/29 08:45:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 08:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/29 08:39:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/29 08:30:29 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Windows\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/29 08:15:55 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Users\Windows\Desktop\aswMBR.exe
[2011/12/29 08:12:09 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Windows\Desktop\tdsskiller.exe
[2011/12/29 08:10:20 | 004,354,974 | R--- | C] (Swearware) -- C:\Users\Windows\Desktop\ComboFix.exe
[2011/12/28 17:04:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2011/12/28 09:19:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/28 09:19:55 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/28 09:19:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/28 09:19:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/28 09:19:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/28 09:19:51 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/28 09:00:50 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/28 01:36:27 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/12/28 01:36:27 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/12/28 01:36:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/12/28 01:36:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/28 01:36:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/28 01:36:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/28 01:36:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/12/28 01:36:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/12/28 01:36:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/28 01:36:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/28 01:36:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/12/28 01:36:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/28 01:36:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/12/28 01:36:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/28 01:36:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/28 01:36:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/28 01:36:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/28 01:36:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/12/28 01:36:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/28 01:36:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/12/28 01:36:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/12/28 01:36:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/28 01:36:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/28 01:36:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/28 01:36:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/12/28 01:36:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/12/28 01:36:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/12/28 01:36:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/12/28 01:36:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/12/28 01:36:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/12/28 01:18:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/28 01:05:44 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/28 01:04:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/28 00:55:42 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/12/28 00:55:42 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/12/28 00:55:41 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/12/28 00:55:40 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/12/28 00:55:40 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/12/28 00:55:40 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/12/28 00:55:33 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/28 00:18:39 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/12/28 00:18:38 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/12/27 23:46:29 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/27 23:46:29 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/27 22:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/12/27 22:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2011/12/27 22:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/12/27 21:49:33 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/12/27 21:49:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/12/27 21:49:32 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/12/27 21:49:32 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/12/27 21:49:32 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/12/27 21:47:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/12/27 21:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/12/27 21:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2011/12/27 21:11:56 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\IObit
[2011/12/27 21:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/12/27 19:57:22 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/12/27 19:50:54 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/12/10 15:08:50 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2011/12/10 15:08:50 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\FixTDSS
[2011/12/04 19:08:10 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Windows\Desktop\FixTDSS.exe
[2011/12/01 17:21:52 | 029,622,600 | ---- | C] (Rovio) -- C:\Users\Windows\AppData\Roaming\AngryBirdsSeasonsInstaller_2.0.0.exe
[2011/11/30 12:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio

========== Files - Modified Within 30 Days ==========

[2011/12/29 12:10:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 12:01:06 | 000,006,650 | ---- | M] () -- C:\Windows\PROLINK HSDPA Modem.INI
[2011/12/29 12:00:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 12:00:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 12:00:04 | 1608,216,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/29 11:59:15 | 000,013,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 11:59:14 | 000,013,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 11:49:53 | 000,000,512 | ---- | M] () -- C:\Users\Windows\Desktop\MBR.dat
[2011/12/29 11:28:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000UA.job
[2011/12/29 10:22:05 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000UA.job
[2011/12/29 09:47:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/29 08:39:20 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 08:24:42 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWindows.job
[2011/12/29 08:16:01 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Windows\Desktop\aswMBR.exe
[2011/12/29 08:07:46 | 000,698,228 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/29 08:07:46 | 000,132,610 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/28 22:22:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000Core.job
[2011/12/28 22:10:45 | 004,354,974 | R--- | M] (Swearware) -- C:\Users\Windows\Desktop\ComboFix.exe
[2011/12/28 17:34:15 | 000,007,607 | ---- | M] () -- C:\Users\Windows\AppData\Local\Resmon.ResmonCfg
[2011/12/28 16:35:08 | 000,409,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/28 09:02:03 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Windows\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/28 01:43:24 | 000,002,373 | ---- | M] () -- C:\Users\Windows\Desktop\Google Chrome.lnk
[2011/12/27 21:12:01 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/12/27 21:11:58 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2011/12/23 20:01:10 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Windows\Desktop\tdsskiller.exe
[2011/12/20 21:40:56 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2011/12/11 07:43:04 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000Core.job
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/05 21:20:54 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/12/04 19:14:25 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Windows\Desktop\FixTDSS.exe
[2011/12/04 13:42:04 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/12/04 00:37:04 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSEVEN-PC$.job
[2011/12/01 17:21:52 | 029,622,600 | ---- | M] (Rovio) -- C:\Users\Windows\AppData\Roaming\AngryBirdsSeasonsInstaller_2.0.0.exe
[2011/12/01 09:14:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/30 12:50:24 | 000,001,641 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk

========== Files Created - No Company Name ==========

[2011/12/29 11:49:53 | 000,000,512 | ---- | C] () -- C:\Users\Windows\Desktop\MBR.dat
[2011/12/29 08:46:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/29 08:46:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/29 08:46:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/29 08:46:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/29 08:46:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/29 08:39:20 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 21:12:01 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/12/27 21:11:58 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2011/12/10 15:47:33 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForWindows.job
[2011/12/04 13:42:04 | 000,001,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011/12/04 13:42:04 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/11/30 12:50:24 | 000,001,641 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2011/10/05 22:10:39 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2011/10/05 22:10:39 | 000,004,153 | ---- | C] () -- C:\Windows\unins000.dat
[2011/07/27 11:37:37 | 000,000,000 | ---- | C] () -- C:\Users\Windows\AppData\Local\{B5FDDFDB-1CEA-4BD4-ADDA-1A0FEC47C3CD}
[2011/06/30 23:36:40 | 000,000,000 | ---- | C] () -- C:\Users\Windows\AppData\Local\{8A69D9AB-51D4-4B6A-90FC-AAD3EFEF5A45}
[2011/05/30 11:13:33 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2011/05/30 11:13:28 | 000,047,104 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2011/05/30 11:13:24 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2011/05/30 11:13:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2011/05/09 07:32:29 | 000,000,000 | ---- | C] () -- C:\Users\Windows\AppData\Local\{1F8AA570-28C0-445A-B9AD-890D17541DC1}
[2011/04/27 14:27:07 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/04/27 14:25:32 | 000,074,752 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2011/04/27 14:25:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/03 13:11:57 | 000,000,082 | ---- | C] () -- C:\Windows\mafosav.INI
[2011/02/26 07:58:43 | 000,000,064 | -H-- | C] () -- C:\Windows\pb.dat
[2011/01/10 11:23:38 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/11/09 18:28:32 | 000,000,000 | ---- | C] () -- C:\Windows\Player.INI
[2010/11/08 19:30:04 | 000,147,456 | ---- | C] () -- C:\Windows\autoclk.exe
[2010/11/08 19:30:04 | 000,049,152 | ---- | C] () -- C:\Windows\pnpclk.dll
[2010/10/15 15:48:50 | 000,001,227 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010/10/15 15:36:21 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2010/10/09 21:38:06 | 000,139,776 | ---- | C] () -- C:\Windows\System32\RTPScan.dll
[2010/10/09 21:38:06 | 000,133,632 | ---- | C] () -- C:\Windows\System32\PCMAVext.dll
[2010/08/01 22:56:10 | 000,000,045 | ---- | C] () -- C:\Windows\AutoScreenRecorder.INI
[2010/07/27 12:40:12 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/21 10:00:31 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/07/21 10:00:30 | 000,139,152 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\PnkBstrK.sys
[2010/07/21 10:00:19 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/07/21 10:00:14 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/07/21 10:00:14 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/07/10 14:30:21 | 000,003,584 | ---- | C] () -- C:\Users\Windows\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/30 09:30:35 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/06/26 22:59:07 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/06/19 11:32:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/06/02 19:17:19 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/04/05 13:03:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2010/03/05 20:57:58 | 000,000,990 | -HS- | C] () -- C:\Users\Windows\AppData\Roaming\systemfl.$dk
[2010/03/05 15:03:20 | 000,284,160 | R--- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2010/02/27 14:48:03 | 000,007,607 | ---- | C] () -- C:\Users\Windows\AppData\Local\Resmon.ResmonCfg
[2010/01/09 19:27:17 | 000,000,008 | ---- | C] () -- C:\Windows\System32\F73859.bin
[2010/01/09 19:27:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\e9243f.bin
[2010/01/09 19:01:53 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe
[2009/11/24 05:16:18 | 000,006,650 | ---- | C] () -- C:\Windows\PROLINK HSDPA Modem.INI
[2009/10/25 22:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:33:53 | 000,409,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,698,228 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,132,610 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/01 10:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
[2007/11/15 08:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll

========== Files - Unicode (All) ==========
[2011/12/20 18:36:55 | 000,000,692 | ---- | M] ()(C:\Users\Public\Desktop\SMAD?V.lnk) -- C:\Users\Public\Desktop\SMADΔV.lnk
[2010/10/13 08:20:16 | 000,000,692 | ---- | C] ()(C:\Users\Public\Desktop\SMAD?V.lnk) -- C:\Users\Public\Desktop\SMADΔV.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 842 bytes -> C:\ProgramData\Temp:35E5AF34
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8FF81EB0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:CFA8C6E3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:3B5038B1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:7E6454EB

< End of report >

Extras


OTL Extras logfile created on: 29/12/2011 12:19:20 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Windows\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.35% Memory free
3.99 Gb Paging File | 2.71 Gb Available in Paging File | 67.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.50 Gb Total Space | 3.06 Gb Free Space | 5.23% Space Free | Partition Type: NTFS
Drive D: | 101.17 Gb Total Space | 16.07 Gb Free Space | 15.89% Space Free | Partition Type: NTFS
Drive E: | 13.05 Gb Total Space | 2.04 Gb Free Space | 15.60% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 62.60 Gb Total Space | 9.48 Gb Free Space | 15.14% Space Free | Partition Type: NTFS
Drive H: | 62.67 Gb Total Space | 6.46 Gb Free Space | 10.31% Space Free | Partition Type: NTFS

Computer Name: SEVEN-PC | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{06283453-7826-2168-5324-689421793582}" = MessengerData WMP Plugin
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 29
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{395AB8C5-F3A8-4380-8718-7A11EC5829F9}" = PHS100
"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4933D2E2-B621-487F-A7E7-96DA7312BCFE}" = Angry Birds Rio
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57CDBAE6-0896-4E78-88F0-C673E4BB44FD}" = Lock Folder XP
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71381523-BEA1-4410-954E-36EEF570DBA8}_is1" = Empires & Allies version 2.2a
"{724D7BEE-883D-452E-B8DA-26E88343CAE9}" = ADSL MODEM USB Driver
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EC63FE1-D017-460D-90B1-CCC97239AF73}" = Media Go
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA668889-AA01-AA01-AADC-65462C3DE344}" = FreeFixer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.173
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}" = YouTube Downloader Toolbar v4.9
"5B73F775A90397BAF80173B8A6C0B327BE3872FB" = ENE CIR Receiver Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"AVerMedia TV Tuner Card" = AVerMedia TV Tuner Card 1.0.0.4
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CanonMyPrinter" = Canon Utilities My Printer
"cFosSpeed" = cFosSpeed v4.50
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Dapyx Messenger Archive_is1" = Dapyx Messenger Archive v1.02
"Dream Day Wedding - Viva Las Vegas 1.00" = Dream Day Wedding - Viva Las Vegas 1.00
"Dream Day Wedding Bella ItaliaJust For Fun Games" = Dream Day Wedding Bella ItaliaJust For Fun Games
"Dream Day Wedding Married in Manhattan" = Dream Day Wedding Married in Manhattan
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Family Tree Builder" = MyHeritage Family Tree Builder
"Fiddler2" = Fiddler2
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"GOM Player" = GOM Player
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Basic)
"Latihan Soal CPNS4.5" = Latihan Soal CPNS
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"LSI Soft Modem" = LSI HDA Modem
"Luxor" = Luxor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MiniLyrics" = Minilyrics(remove only)
"Mobile Partner" = Mobile Partner
"Money Manager Ex_is1" = Money Manager Ex 0.9.5.1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MPE" = MyPhoneExplorer
"Nero8Lite_is1" = Nero 8 Micro 8.3.6.0
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.52.1100" = Opera 11.52
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Pidgin" = Pidgin
"Pidgin-Musictracker" = Pidgin-Musictracker plugin (remove only)
"Plants Vs Zombies" = Plants Vs Zombies
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2 Lite
"Recover My Files_is1" = Recover My Files
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"ST6UNST #1" = Simple Chat
"The Poppit Show 1.3.41o" = The Poppit Show 1.3.41o
"WebcamMax" = WebcamMax
"Winamp" = Winamp
"WinCDEmu" = WinCDEmu
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft Set up ASR 3.1 Pro" = Wisdom-soft Set up ASR 3.1 Pro
"xVideos Video Downloader_is1" = xVideos Video Downloader 3.22
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FolderLock6" = Folder Lock
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/12/2011 10:10:10 | Computer Name = Seven-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Set Information Process Action Taken: Logged Actor
Process: C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (PID 784) Time:
Wednesday, December 28, 2011 10:10:10 PM

Error - 28/12/2011 11:10:22 | Computer Name = Seven-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Set Information Process Action Taken: Logged Actor
Process: C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (PID 784) Time:
Wednesday, December 28, 2011 11:10:22 PM

Error - 28/12/2011 12:10:35 | Computer Name = Seven-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Set Information Process Action Taken: Logged Actor
Process: C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (PID 784) Time:
Thursday, December 29, 2011 12:10:35 AM

Error - 28/12/2011 20:07:03 | Computer Name = Seven-PC | Source = RasClient | ID = 20227
Description =

Error - 28/12/2011 20:14:05 | Computer Name = Seven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: orbitdm.exe, version: 3.0.0.5, time stamp:
0x4be27e85 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b96e Exception code: 0xc0150010 Fault offset: 0x00083e3c Faulting process id:
0xc4 Faulting application start time: 0x01ccc5be3a528710 Faulting application path:
C:\Program Files\Orbitdownloader\orbitdm.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 047eead0-31b2-11e1-9d37-002622994ba7

Error - 28/12/2011 20:45:21 | Computer Name = Seven-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Set Information Process Action Taken: Logged Actor
Process: C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (PID 820) Time:
Thursday, December 29, 2011 8:45:21 AM

Error - 28/12/2011 20:59:25 | Computer Name = Seven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swxcacls.3XE, version: 1.0.1.1, time stamp:
0x2a425e19 Faulting module name: swxcacls.3XE, version: 1.0.1.1, time stamp: 0x2a425e19
Exception
code: 0xc0000005 Fault offset: 0x00004b2a Faulting process id: 0x1f24 Faulting application
start time: 0x01ccc5c3a9bac082 Faulting application path: C:\ComboFix\swxcacls.3XE
Faulting
module path: C:\ComboFix\swxcacls.3XE Report Id: 59a77521-31b8-11e1-a65b-002622994ba7

Error - 28/12/2011 21:10:21 | Computer Name = Seven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swxcacls.3XE, version: 1.0.1.1, time stamp:
0x2a425e19 Faulting module name: swxcacls.3XE, version: 1.0.1.1, time stamp: 0x2a425e19
Exception
code: 0xc0000005 Fault offset: 0x00004b2a Faulting process id: 0x12b8 Faulting application
start time: 0x01ccc5c52be15b55 Faulting application path: C:\ComboFix\swxcacls.3XE
Faulting
module path: C:\ComboFix\swxcacls.3XE Report Id: e0a89e43-31b9-11e1-a65b-002622994ba7

Error - 28/12/2011 21:14:24 | Computer Name = Seven-PC | Source = Schedule | ID = 0
Description =

Error - 28/12/2011 21:14:28 | Computer Name = Seven-PC | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.



[ Hewlett-Packard Events ]
Error - 31/10/2010 18:57:27 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 14/12/2010 02:40:57 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 19/12/2010 14:59:50 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. Configurator

at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

Error - 22/12/2010 20:27:21 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 19/03/2011 20:34:36 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US String was not recognized as a valid DateTime. mscorlib at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles) at HPAssistant.Pages.MaintainHistory.loadApplied(Boolean
bUseHistory) at HPAssistant.Pages.MaintainHistory.Page_Loaded(Object sender,
RoutedEventArgs e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 19/03/2011 20:34:53 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US String was not recognized as a valid DateTime. mscorlib at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles) at HPAssistant.Pages.MaintainHistory.loadApplied(Boolean
bUseHistory) at HPAssistant.Pages.MaintainHistory.Page_Loaded(Object sender,
RoutedEventArgs e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 20/04/2011 20:29:51 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 07/09/2011 20:29:15 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 15/09/2011 04:47:52 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 10/11/2011 04:02:43 | Computer Name = Seven-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

[ Media Center Events ]
Error - 24/02/2011 01:56:40 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 1:56:40 PM - Error connecting to the internet. 1:56:40 PM - Unable
to contact server..

Error - 24/02/2011 01:57:00 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 1:56:45 PM - Error connecting to the internet. 1:56:45 PM - Unable
to contact server..

Error - 26/03/2011 09:37:35 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 9:37:30 PM - Error connecting to the internet. 9:37:31 PM - Unable
to contact server..

Error - 10/09/2011 03:18:20 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 3:18:19 PM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 25/09/2011 20:05:17 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 8:05:17 AM - Error connecting to the internet. 8:05:17 AM - Unable
to contact server..

Error - 26/09/2011 07:00:10 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 7:00:08 PM - Error connecting to the internet. 7:00:08 PM - Unable
to contact server..

Error - 02/10/2011 07:39:02 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 7:39:01 PM - Error connecting to the internet. 7:39:01 PM - Unable
to contact server..

Error - 18/10/2011 09:09:27 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 9:09:25 PM - Error connecting to the internet. 9:09:25 PM - Unable
to contact server..

Error - 23/10/2011 21:34:15 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 9:34:14 AM - Error connecting to the internet. 9:34:14 AM - Unable
to contact server..

Error - 03/11/2011 09:28:29 | Computer Name = Seven-PC | Source = MCUpdate | ID = 0
Description = 9:28:25 PM - Error connecting to the internet. 9:28:25 PM - Unable
to contact server..

[ OSession Events ]
Error - 14/01/2010 03:48:57 | Computer Name = Seven-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 856 seconds with 540 seconds of active time. This session ended with a crash.

Error - 02/08/2011 02:21:28 | Computer Name = Seven-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22357
seconds with 11160 seconds of active time. This session ended with a crash.

Error - 18/10/2011 21:59:21 | Computer Name = Seven-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29/12/2011 00:00:43 | Computer Name = Seven-PC | Source = DCOM | ID = 10005
Description =

Error - 29/12/2011 00:00:43 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Symantec
Settings Manager service to connect.

Error - 29/12/2011 00:00:43 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Symantec
Settings Manager service to connect.

Error - 29/12/2011 00:00:43 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Symantec
Settings Manager service to connect.

Error - 29/12/2011 00:00:43 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Symantec
Settings Manager service to connect.

Error - 29/12/2011 00:00:43 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Symantec
Settings Manager service to connect.

Error - 29/12/2011 00:00:43 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Symantec
Settings Manager service to connect.

Error - 29/12/2011 00:01:30 | Computer Name = Seven-PC | Source = PNRPSvc | ID = 102
Description =

Error - 29/12/2011 00:01:30 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 29/12/2011 00:03:30 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >


Disk management screenshot is attached.
I have another problem now. Since I disable the antivirus and do all the scans, I can't enable it again. even after rebooting :(

Attached Thumbnails

  • disk management.jpg

Edited by chelsq, 28 December 2011 - 11:21 PM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Uninstall
Adobe Flash Player 10 ActiveX - Get latest from adobe.com with IE
Adobe Reader 9.4.6 - Get latest from adobe.com
Advanced SystemCare 5 - it is fighting with Symantec
BitTorrent - P2P programs are dangerous
BitTorrentBar Toolbar - foistware
Conduit Engine - foistware
Orbit Downloader - unneeded

Also uninstall the Smadav SMΔRTP.exe (Indonesian anti-virus I think. IF you don't know how it got there then let me know and I will let the next scan remove it.


Copy the text in the code box:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg 
%systemroot%\*.jpg 
%systemroot%\*.png 
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x 
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
DMIcall.sys
beep.sys
Netshell.dll
netcfgx.dll
Netman.dll
connect.dll
mswsock.dll
mmswsock.dll 
tdx.sys
user32.dll
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Run Scan.

You should get one log. Please copy and paste it to a reply.
  • 0

#7
chelsq

chelsq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I've uninstalled all the programs you listed above (include SMΔRTP.exe), and installed Adobe Flash Player 11 ActiveX.
In the middle of scanning with OTL, I got blue screen of death (image below)

Posted Image

Then I tried to run scan again, but it crashed again :/

Posted Image

And I still can't enable my AV. What should I do next?

Edited by chelsq, 29 December 2011 - 01:05 AM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Try the scan with just this:

/md5start
tdx.sys
user32.dll
/md5stop
  • 0

#9
chelsq

chelsq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It didn't work either. I still got the BSoD, similar with the first crash image above. Should I uninstall cFosSpeed?
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Yes. Don't know what it is but if you can live without it please uninstall it.

An alternate method if OTL still can't do the custom scan without a BSOD:

Start, (All) Programs, Accessories then right click on Command Prompt and Run As Admin.

Type with an Enter after each line:

cd  \

dir  /a  /s  tdx.sys  >>  \junk.txt

dir  /a  /s  user32.dll  >>  \junk.txt

notepad  \junk.txt

Each dir command will take up to 10 minutes to finish. Wait for the prompt to return before trying to type the next command.
Copy and paste the text from notepad.
  • 0

Advertisements


#11
chelsq

chelsq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I use the command prompt option, and here's the contents of junk.txt:

Volume in drive C has no label.
Volume Serial Number is 1CD7-31E2

Directory of C:\Documents and Settings\Windows\AppData\Roaming\FixTDSS\Archive

20/11/2010 16:39 74,752 tdx.sys
1 File(s) 74,752 bytes

Directory of C:\Users\Windows\AppData\Roaming\FixTDSS\Archive

20/11/2010 16:39 74,752 tdx.sys
1 File(s) 74,752 bytes

Directory of C:\Windows\System32\drivers

20/11/2010 16:39 74,752 tdx.sys
1 File(s) 74,752 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28

14/07/2009 07:12 74,240 tdx.sys
1 File(s) 74,240 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2

20/11/2010 16:39 74,752 tdx.sys
1 File(s) 74,752 bytes

Total Files Listed:
5 File(s) 373,248 bytes
0 Dir(s) 4,552,912,896 bytes free
Volume in drive C has no label.
Volume Serial Number is 1CD7-31E2

Directory of C:\Windows\System32

28/05/2011 18:19 811,520 user32.dll
1 File(s) 811,520 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3

14/07/2009 09:16 811,520 user32.dll
1 File(s) 811,520 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d

20/11/2010 20:21 811,520 user32.dll
1 File(s) 811,520 bytes

Total Files Listed:
3 File(s) 2,434,560 bytes
0 Dir(s) 4,552,990,720 bytes free

Edited by chelsq, 29 December 2011 - 08:15 PM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
The files appear ok but let's submit both of them to http://virustotal.com and make sure:

C:\Windows\System32\drivers\tdx.sys

C:\Windows\System32\user32.dll

if you don't get 0/43 as a result then copy and paste the report.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#13
chelsq

chelsq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
user32.dll is clean (0/43)

here's the report for tdx.sys:

File name: tdx.sys
Submission date: 2011-12-30 06:12:40 (UTC)
Current status: finished
Result: 20/ 43 (46.5%)

Antivirus Version Last Update Result
AhnLab-V3 2011.12.29.04 2011.12.29 Backdoor/Win32.ZAccess
AntiVir 7.11.20.90 2011.12.30 BDS/Backdoor.Gen5
Antiy-AVL 2.0.3.7 2011.12.30 -
Avast 6.0.1289.0 2011.12.29 Win32:Smadow [Rtk]
AVG 10.0.0.1190 2011.12.30 BackDoor.Generic14.CGKH
BitDefender 7.2 2011.12.30 Gen:[email protected]
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.30 -
ClamAV 0.97.3.0 2011.12.29 -
Commtouch 5.3.2.6 2011.12.29 W32/Sirefef.Q.gen!Eldorado
Comodo 11133 2011.12.30 TrojWare.Win32.Rootkit.ZAccess.H
DrWeb 5.0.2.03300 2011.12.30 -
Emsisoft 5.1.0.11 2011.12.30 -
eSafe 7.0.17.0 2011.12.29 -
eTrust-Vet 37.0.9653 2011.12.29 Win32/Sirefef.G!generic
F-Prot 4.6.5.141 2011.12.29 W32/Sirefef.Q.gen!Eldorado
F-Secure 9.0.16440.0 2011.12.30 Gen:[email protected]
Fortinet 4.3.388.0 2011.12.29 W32/ZAccess.H!tr.rkit
GData 22 2011.12.30 Gen:[email protected]
Ikarus T3.1.1.109.0 2011.12.30 -
Jiangmin 13.0.900 2011.12.29 -
K7AntiVirus 9.120.5806 2011.12.29 Riskware
Kaspersky 9.0.0.837 2011.12.30 Rootkit.Win32.ZAccess.h
McAfee 5.400.0.1158 2011.12.30 ZeroAccess.s
McAfee-GW-Edition 2010.1E 2011.12.29 -
Microsoft 1.7903 2011.12.30 TrojanDropper:Win32/Sirefef.B
NOD32 6753 2011.12.30 a variant of Win32/Rootkit.Kryptik.FQ
Norman 6.07.13 2011.12.30 -
nProtect 2011-12-30.01 2011.12.30 Gen:[email protected]
Panda 10.0.3.5 2011.12.29 -
PCTools 8.0.0.5 2011.12.30 -
Prevx 3.0 2011.12.30 -
Rising 23.90.04.01 2011.12.30 -
Sophos 4.72.0 2011.12.30 -
SUPERAntiSpyware 4.40.0.1006 2011.12.29 -
Symantec 20111.2.0.82 2011.12.30 -
TheHacker 6.7.0.1.367 2011.12.29 -
TrendMicro 9.500.0.1008 2011.12.29 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.30 -
VBA32 3.12.16.4 2011.12.29 -
VIPRE 11324 2011.12.30 Trojan.Win32.FakeAV.oq (v)
ViRobot 2011.12.30.4854 2011.12.30 -
VirusBuster 14.1.140.0 2011.12.29 Rootkit.Kryptik!EE7MpoV1OpA

Additional information
MD5 : 046be59748e24bef1f610ddb1240a4e8
SHA1 : 2c0da3d5c9a5c610a17dc28bd32ecd9b50c0d465
SHA256: 463559a56d4e4413b0aa55590f717b19b9e7307e59987d941c4ead8d6edfc6e7
ssdeep: 768:Eg4s+VncIAycM3SbsEnjNvbTpwibYV7Q3NFSBjXrSxXJgLtmt2O:54s+nqRbsGJvbZYVYvS
dXrSVcmt
File size : 74752 bytes
First seen: 2011-12-30 06:12:40
Last seen : 2011-12-30 06:12:40
TrID:
Win32 Executable Generic (58.5%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1748
timedatestamp....: 0x4ED7CCE3 (Thu Dec 01 18:52:19 2011)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x8590, 0x8600, 2.65, 75dd2c5aeed36828f6834dbd6d9a3591
.idata, 0xA000, 0xC30C, 0x6000, 7.66, 1d31f1b841aa32cabb55dd39a718ebfb
.rdata, 0x17000, 0x258, 0x400, 0.00, 0f343b0931126a20f133d67c2b018a3b
.rdata, 0x18000, 0x1658, 0x1800, 7.76, 37edd0c46491b30a223f333adf6fbed8
.reloc, 0x1A000, 0xA14, 0xC00, 1.71, 5407d69831c07dfcff19a39192d1ca75

[[ 5 import(s) ]]
ntoskrnl.exe: RtlLargeIntegerNegate, NtGlobalFlag, MmIsThisAnNtAsSystem, PoRegisterDeviceNotify, RtlIpv4StringToAddressA, CcSetBcbOwnerPointer, MmIsVerifierEnabled, FsRtlNumberOfRunsInLargeMcb, RtlInitializeGenericTableAvl, MmUnsecureVirtualMemory, RtlDestroyAtomTable, RtlCopyString, RtlInitAnsiString, WmiGetClock, MmCreateMdl, KdDisableDebugger, RtlCopyLuid, ZwSetSystemInformation, RtlHashUnicodeString, PsRemoveLoadImageNotifyRoutine, PsSetCreateThreadNotifyRoutine, ProbeForWrite, RtlInvertRangeList, ZwQueryDefaultUILanguage, RtlGenerate8dot3Name, mbstowcs, IoReuseIrp, ExAllocatePoolWithQuotaTag, PsSetCreateProcessNotifyRoutine, IoMakeAssociatedIrp, ZwSetValueKey, SeTokenIsAdmin, CcInitializeCacheMap, FsRtlInitializeTunnelCache, CcMapData, CmUnRegisterCallback, toupper, NtQueryInformationToken, RtlCompressBuffer, RtlGUIDFromString, ZwFlushVirtualMemory, RtlFreeHeap, FsRtlInsertPerStreamContext, _strlwr, PsAssignImpersonationToken, CcGetFileObjectFromBcb, KeI386ReleaseGdtSelectors, KeInsertQueue, KeWaitForSingleObject, ObReferenceSecurityDescriptor
HAL.dll: KfRaiseIrql, HalDisplayString, HalSystemVectorDispatchEntry, WRITE_PORT_UCHAR, HalFlushCommonBuffer, HalReadDmaCounter, IoFreeAdapterChannel, HalDisplayString, HalMakeBeep, KeTryToAcquireQueuedSpinLock, IoFreeMapRegisters, HalProcessorIdle, IoFlushAdapterBuffers, HalMakeBeep, HalReadDmaCounter, KfRaiseIrql, HalStartProfileInterrupt, HalReadDmaCounter, KeFlushWriteBuffer, HalDisplayString, WRITE_PORT_BUFFER_UCHAR, HalGetEnvironmentVariable, KeStallExecutionProcessor, KfRaiseIrql, KfReleaseSpinLock, HalReportResourceUsage, WRITE_PORT_UCHAR, IoMapTransfer, HalDisplayString, KeRaiseIrql, KeLowerIrql, IoFlushAdapterBuffers, HalEndSystemInterrupt, KeStallExecutionProcessor, IoMapTransfer, KeRaiseIrqlToSynchLevel, IoMapTransfer, WRITE_PORT_ULONG, ExReleaseFastMutex, HalTranslateBusAddress, HalAdjustResourceList
videoprt.sys: VideoPortWritePortBufferUchar, VideoPortRegisterBugcheckCallback, VideoPortSetEvent, VideoPortReleaseCommonBuffer, VideoPortReadRegisterUlong, VideoPortReadPortUshort, VideoPortCreateSecondaryDisplay, VideoPortReleaseDeviceLock, VideoPortUnlockPages, VideoPortReleaseDeviceLock, VideoPortDebugPrint, VideoPortUnmapDmaMemory, VideoPortMapBankedMemory, VideoPortReadRegisterUshort, VideoPortWriteRegisterUchar, VideoPortInterlockedExchange, VideoPortWritePortBufferUlong, VideoPortGetBytesUsed, VideoPortDDCMonitorHelper, VideoPortDisableInterrupt, VideoPortSetEvent, VideoPortReadRegisterUlong, VideoPortAssociateEventsWithDmaHandle, VideoPortCreateEvent, VideoPortZeroDeviceMemory, VideoPortUnlockPages, VideoPortLogError, VideoPortGetDeviceBase, VideoPortGetRegistryParameters, VideoPortSynchronizeExecution, VideoPortWritePortBufferUlong, VideoPortReleaseDeviceLock, VideoPortFreeCommonBuffer, VideoPortGetAssociatedDeviceExtension, VideoPortSetDmaContext, VideoPortFreePool, VideoPortReadRegisterUchar, VideoPortStartTimer, VideoPortLockPages, VideoPortDeleteEvent, VideoPortWritePortUlong, VideoPortRegisterBugcheckCallback, VideoPortWaitForSingleObject, VideoPortInterlockedIncrement, VideoPortWritePortUshort, VideoPortQuerySystemTime, VideoPortGetBytesUsed, VideoPortPutDmaAdapter, VideoPortUnlockPages, VideoPortSynchronizeExecution
tdi.sys: CTEAllocateString, TdiDeregisterNotificationHandler, TdiDefaultErrorHandler, TdiDefaultDisconnectHandler, CTEAllocateString, TdiRegisterAddressChangeHandler, TdiDeregisterDeviceObject, TdiReturnChainedReceives, TdiDefaultChainedRcvDatagramHandler, TdiDeregisterAddressChangeHandler, TdiDefaultReceiveHandler, CTELogEvent, TdiDeregisterDeviceObject, CTEInitString, TdiDeregisterNotificationHandler, CTEBlock, TdiPnPPowerComplete, CTEInitialize, TdiDefaultErrorHandler, TdiDefaultErrorHandler, CTEStartTimer, TdiCopyBufferToMdl, TdiDeregisterDeviceObject, TdiDeregisterNotificationHandler, TdiDefaultChainedReceiveHandler, TdiRegisterDeviceObject, TdiDefaultChainedReceiveHandler, TdiDefaultErrorHandler, TdiEnumerateAddresses, TdiBuildNetbiosAddress, TdiEnumerateAddresses, TdiDefaultDisconnectHandler, TdiDefaultRcvDatagramHandler, TdiBuildNetbiosAddress, TdiBuildNetbiosAddressEa, TdiDefaultConnectHandler, CTEInitString, TdiProviderReady, TdiRegisterNotificationHandler, TdiBuildNetbiosAddress, TdiBuildNetbiosAddress, TdiDefaultErrorHandler, TdiDefaultChainedRcvExpeditedHandler
ndis.sys: NdisAllocateBuffer, NdisClCloseAddressFamily, NdisOpenAdapter, NdisCloseAdapter, NdisMCmActivateVc, NdisMDeregisterIoPortRange, NdisCoSendPackets, NdisSendPackets, NdisDprFreePacket, NdisWritePciSlotInformation, NdisCompleteBindAdapter, NdisMDeregisterDevice, NdisSetTimer, NdisGetCurrentProcessorCounts, NdisAcquireReadWriteLock, NdisInitializeEvent, NdisMCompleteBufferPhysicalMapping, NdisMSetTimer, NdisSetTimerEx, NdisDprReleaseSpinLock, NdisMRegisterMiniport, NdisOpenConfiguration, NdisIMRegisterLayeredMiniport, NdisMResetComplete, NdisCmMakeCallComplete, NdisUnmapFile, NdisAllocateBufferPool, NdisMSendResourcesAvailable, NdisIMInitializeDeviceInstance, NdisImmediateReadPciSlotInformation, NdisMGetDmaAlignment, NdisSend, NdisMMapIoSpace, NdisUpdateSharedMemory, NdisMDeregisterDevice, NdisAcquireReadWriteLock, NdisMRegisterDmaChannel, NdisMStartBufferPhysicalMapping, NdisMSetTimer, NdisDprFreePacket, NdisAllocateBuffer, NdisDeregisterProtocol, NdisInterlockedInsertTailList, NdisMIndicateStatus

[[ 4 export(s) ]]
Btovymflrj, Ggmqbrxhtjd, AddKfwkvmj, EndTfngdet
ExifTool:
file metadata
CodeSize: 34304
EntryPoint: 0x1748
FileSize: 73 kB
FileType: Win32 DLL
ImageVersion: 0.0
InitializedDataSize: 34816
LinkerVersion: 0.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.0
PEType: PE32
Subsystem: Native
SubsystemVersion: 5.0
TimeStamp: 2011:12:01 19:52:19+01:00
UninitializedDataSize: 0

Symantec reputation:Suspicious.Insight
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

FCopy::
c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys | C:\Windows\System32\drivers\tdx.sys
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll | c:\windows\System32\user32.dll


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

#15
chelsq

chelsq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron


I've tried to run scan with command prompt, but it's always stuck at 68% verification stage and said couldn't continue (tried three times).

Do you still need to see VEW.exe log? After I ran scan via command prompt above, I think VEW.exe didn't work correctly because there were no data in its logs. But I try it again just now, and it works.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/12/2011 21:50:47

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/12/2011 13:30:57
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 30/12/2011 13:30:57
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 30/12/2011 13:30:46
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.

Log: 'System' Date/Time: 30/12/2011 13:30:46
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.

Log: 'System' Date/Time: 30/12/2011 13:30:46
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.

Log: 'System' Date/Time: 30/12/2011 13:30:46
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.

Log: 'System' Date/Time: 30/12/2011 13:30:46
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.

Log: 'System' Date/Time: 30/12/2011 13:30:46
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.

Log: 'System' Date/Time: 30/12/2011 13:30:46
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service Symantec AntiVirus with arguments "" in order to run the server: {98694799-6891-4FD7-A91D-FB43B78AEC8C}

Log: 'System' Date/Time: 30/12/2011 13:30:45
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.

Log: 'System' Date/Time: 30/12/2011 13:30:45
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service Symantec AntiVirus with arguments "" in order to run the server: {5CEC0E13-CF22-414C-8D67-D44B06420FC1}

Log: 'System' Date/Time: 30/12/2011 13:30:16
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 30/12/2011 13:30:16
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 30/12/2011 13:30:16
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 30/12/2011 13:30:15
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 30/12/2011 13:30:14
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.

Log: 'System' Date/Time: 30/12/2011 13:30:12
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Validity Fingerprint Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 30/12/2011 13:30:12
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Validity Fingerprint Service service to connect.

Log: 'System' Date/Time: 30/12/2011 13:14:37
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 30/12/2011 13:14:37
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/12/2011 13:48:47
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.google.co.id timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 30/12/2011 13:29:07
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 30/12/2011 13:29:07
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

Log: 'System' Date/Time: 30/12/2011 12:42:40
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 30/12/2011 12:42:40
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

Log: 'System' Date/Time: 30/12/2011 12:26:46
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name fbcdn-photos-a.akamaihd.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 30/12/2011 07:32:51
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 30/12/2011 07:32:51
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

Log: 'System' Date/Time: 30/12/2011 07:20:45
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 30/12/2011 07:20:44
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

============================

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/12/2011 22:04:13

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/12/2011 13:33:56
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3626651802-3374829526-3147755075-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The object was not found. (HRESULT : 0x80041201) (0x80041201)


Log: 'Application' Date/Time: 30/12/2011 13:30:35
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 30/12/2011 13:30:16
Type: Warning Category: 0
Event: 100 Source: MySQL
mysql.user table is not updated to new password format; Disabling new password usage until mysql_fix_privilege_tables is run For more information, see Help and Support Center at http://www.mysql.com.

Log: 'Application' Date/Time: 30/12/2011 13:21:50
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3626651802-3374829526-3147755075-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The object was not found. (HRESULT : 0x80041201) (0x80041201)


Log: 'Application' Date/Time: 30/12/2011 13:18:33
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3626651802-3374829526-3147755075-1003}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 30/12/2011 13:18:33
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3626651802-3374829526-3147755075-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The object was not found. (HRESULT : 0x80041201) (0x80041201)


Log: 'Application' Date/Time: 30/12/2011 13:14:15
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 30/12/2011 13:12:57
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 30/12/2011 13:12:50
Type: Warning Category: 0
Event: 100 Source: MySQL
mysql.user table is not updated to new password format; Disabling new password usage until mysql_fix_privilege_tables is run For more information, see Help and Support Center at http://www.mysql.com.

Log: 'Application' Date/Time: 30/12/2011 12:44:19
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 30/12/2011 12:44:00
Type: Warning Category: 0
Event: 100 Source: MySQL
mysql.user table is not updated to new password format; Disabling new password usage until mysql_fix_privilege_tables is run For more information, see Help and Support Center at http://www.mysql.com.

Log: 'Application' Date/Time: 30/12/2011 12:08:34
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3626651802-3374829526-3147755075-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The object was not found. (HRESULT : 0x80041201) (0x80041201)


Log: 'Application' Date/Time: 30/12/2011 12:08:02
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 30/12/2011 12:07:47
Type: Warning Category: 0
Event: 100 Source: MySQL
mysql.user table is not updated to new password format; Disabling new password usage until mysql_fix_privilege_tables is run For more information, see Help and Support Center at http://www.mysql.com.

Log: 'Application' Date/Time: 30/12/2011 07:22:47
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3626651802-3374829526-3147755075-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The object was not found. (HRESULT : 0x80041201) (0x80041201)


Log: 'Application' Date/Time: 30/12/2011 07:22:17
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 30/12/2011 07:22:12
Type: Warning Category: 0
Event: 100 Source: MySQL
mysql.user table is not updated to new password format; Disabling new password usage until mysql_fix_privilege_tables is run For more information, see Help and Support Center at http://www.mysql.com.

=============================

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

FCopy::
c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys | C:\Windows\System32\drivers\tdx.sys
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll | c:\windows\System32\user32.dll


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron


Here's the log:


ComboFix 11-12-28.03 - Windows 12/30/2011 20:45:36.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2045.1369 [GMT 8:00]
Running from: c:\users\Windows\Desktop\ComboFix.exe
Command switches used :: c:\users\Windows\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB44520$
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys --> c:\windows\System32\drivers\tdx.sys
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-29 01:33 . 2011-12-29 01:33 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2011-12-29 01:11 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-29 00:39 . 2011-12-10 07:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 09:18 . 2011-04-28 03:15 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-12-28 09:18 . 2011-04-28 03:15 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-12-27 17:18 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-27 17:05 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-12-27 17:05 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-12-27 17:05 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-12-27 17:05 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-27 17:05 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-27 17:05 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-27 17:05 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-12-27 17:04 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-27 17:01 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-27 17:01 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-27 17:01 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-27 17:01 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-27 17:01 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-12-27 16:55 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-12-27 16:55 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-12-27 16:55 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-12-27 16:55 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-12-27 16:55 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-12-27 16:55 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-12-27 16:55 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-12-27 16:55 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-12-27 16:55 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-12-27 16:55 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-27 16:18 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-27 16:18 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-27 15:46 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-27 15:46 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-27 14:11 . 2011-12-27 14:11 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-27 14:03 . 2011-12-27 14:03 -------- d-----w- c:\program files\Application Updater
2011-12-27 14:03 . 2011-12-27 14:03 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-12-27 14:03 . 2011-12-27 14:03 -------- d-----w- c:\program files\Common Files\Spigot
2011-12-27 13:49 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-12-27 13:49 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-12-27 13:49 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-12-27 13:49 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-12-27 13:49 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-12-27 13:49 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-12-27 13:47 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-12-27 13:14 . 2011-12-27 13:14 -------- d-----w- c:\programdata\IObit
2011-12-27 13:11 . 2011-12-27 13:11 -------- d-----w- c:\users\Windows\AppData\Roaming\IObit
2011-12-27 13:11 . 2011-12-27 13:11 -------- d-----w- c:\program files\IObit
2011-12-27 11:57 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-12-27 11:50 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-10 07:08 . 2011-12-20 13:40 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2011-12-10 07:08 . 2011-12-10 07:08 -------- d-----w- c:\users\Windows\AppData\Roaming\FixTDSS
2011-12-01 09:21 . 2011-12-01 09:21 29622600 ----a-w- c:\users\Windows\AppData\Roaming\AngryBirdsSeasonsInstaller_2.0.0.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 05:54 . 2009-11-23 04:49 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-29 05:59 . 2011-05-19 23:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-05 14:10 . 2011-10-05 14:10 794906 ----a-w- c:\windows\unins000.exe
2011-10-02 21:06 . 2010-04-28 12:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-11 03:41 . 2011-05-11 03:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-25 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"WebcamMaxAutoRun"="g:\photo editor\WebcamMax\WebcamMax.exe" [2010-10-13 6046960]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-04-14 428544]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-08 221184]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Facebook Update"="c:\users\Windows\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-21 137536]
"MyWirelessCard"="c:\program files\PROLINK\PHS100\PROLINK HSDPA Modem.exe" [2010-10-12 2043904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 282624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2009-02-10 876760]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"LFService"="c:\program files\Lock Folder XP\LFService.exe" [2009-07-23 40960]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
.
c:\users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 03:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 19:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-21 04:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 136176]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-06-03 599344]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-11-19 23888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-23 116136]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-06 17408]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 98672]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 14960]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 124016]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 117872]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 25456]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 113904]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 123504]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TIDHOOK;TIDHOOK;c:\users\Windows\AppData\Local\Temp\fxxoksm8.tmp\tidhook.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USB_RNDIS_51;%USBServiceDisplayName%;c:\windows\system32\DRIVERS\usb8023.sys [2009-07-13 15872]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-28 1343400]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2011-12-20 26872]
S0 LFSys;LFSys;c:\windows\System32\Drivers\LFSys.sys [2009-07-09 77312]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 99896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-05-15 107616]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 59904]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-15 106104]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]
S3 plkusbser;PROLiNKU6 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\plkusbser.sys [2008-01-23 99456]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv.sys [2009-03-25 2340224]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 03:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000Core.job
- c:\users\Windows\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 14:17]
.
2011-12-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000UA.job
- c:\users\Windows\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 14:17]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 20:54]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 20:54]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000Core.job
- c:\users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 13:02]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3626651802-3374829526-3147755075-1000UA.job
- c:\users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 13:02]
.
2011-12-03 c:\windows\Tasks\HPCeeScheduleForSEVEN-PC$.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-06 20:22]
.
2011-12-29 c:\windows\Tasks\HPCeeScheduleForWindows.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-06 20:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.dapyx.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.myheritage.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{A98DCD0E-AC95-439D-AF39-F6F059F4C521}\86F64756C6020716255602759637144716: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\tbd7h4k8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - hxxp://id.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.http - 110.8.253.100
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3626651802-3374829526-3147755075-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5863CD10-1023-8CED-6756-D963894E948C}*]
"manbamldlpfipdaodophomkcci"=hex:61,61,00,00
"abacjmjemopampobliiiakanjokadidcge"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000054
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0024\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0025\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0026\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0027\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0028\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0029\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0030\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0031\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0032\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0033\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0034\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0035\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\cFosSpeed\spd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\dbbmn\bin\mysqld.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\conhost.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-12-30 21:23:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-30 13:23
ComboFix2.txt 2011-12-29 01:57
.
Pre-Run: 4,265,725,952 bytes free
Post-Run: 3,956,047,872 bytes free
.
- - End Of File - - 0987C2D4D7EF0CA74129D86E3E95D8C3
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP