Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Smitfraud -C Generic

Started by Seran , Jan 26 2012 03:47 AM

Please log in to reply

#31
Seran

Posted 29 January 2012 - 06:41 PM

Member

Topic Starter
Member
37 posts

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 29/01/2012 18:41:08

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/01/2012 00:39:26
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 30/01/2012 00:38:03
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

Log: 'System' Date/Time: 30/01/2012 00:38:03
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AirPrint service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/01/2012 00:38:03
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Media Center Extender Service service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 30/01/2012 00:37:36
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 30/01/2012 00:37:28
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/01/2012 00:37:09
Type: Warning Category: 0
Event: 2506 Source: Server
The value named Hidden in the server's registry key LanmanServer\Parameters was not valid, and was ignored. If you want to change the value, change it to one that is the correct type and is within the acceptable range, or delete the value to use the default. This value might have been set up by an older program that did not use the correct boundaries.

#32
Seran

Posted 29 January 2012 - 06:42 PM

Member

Topic Starter
Member
37 posts

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 29/01/2012 18:42:08

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/01/2012 00:38:01
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/01/2012 00:34:55
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-2836959131-4068810153-2499601522-1000:
Process 1620 (\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\ISWSVC.exe) has opened key \REGISTRY\USER\S-1-5-21-2836959131-4068810153-2499601522-1000
Process 1620 (\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\ISWSVC.exe) has opened key \REGISTRY\USER\S-1-5-21-2836959131-4068810153-2499601522-1000
Process 1620 (\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\ISWSVC.exe) has opened key \REGISTRY\USER\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\CheckPoint\ISW\Stats

#33
Seran

Posted 29 January 2012 - 06:44 PM

Member

Topic Starter
Member
37 posts

Um, yeah, I dled ZA and uninstalled Spybot S&D as well. Why? Um........

Edited by Seran, 29 January 2012 - 06:49 PM.

#34
Seran

Posted 29 January 2012 - 06:48 PM

Member

Topic Starter
Member
37 posts

By the way, I'm so confused because I reinstalled Microsoft Security Essentials so I don't know why it was giving me that error...

Unless it's something else that I have to uninstall? Btw, I don't see Microsoft Antimalware anywhere on my computer, even through a search... but I do see Microsoft Security Essentials.

#35
RKinner

Posted 30 January 2012 - 01:01 AM

Malware Expert

Expert
24,625 posts

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download

Uninstall Microsoft Security Essentials

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#36
Seran

Posted 31 January 2012 - 05:35 AM

Member

Topic Starter
Member
37 posts

Yes, Avast found 5 things. Log of them below.

Edited by Seran, 31 January 2012 - 05:49 AM.

#37
Seran

Posted 31 January 2012 - 05:45 AM

Member

Topic Starter
Member
37 posts

C:\Users\Myname\DoctorWeb\Quarantine\f_002980|>[UPX]
C:\Users\Myname\Downloads\NetTools5.0.70\Setup.exe|>{app}\IPscanner\ipscanner.exe
C:\Users\Myname\Downloads\NetTools5.0.70\Setup.exe|>{app}\IPscanner\PortScanner.exe
C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\search[1].htm
H:\Myname_2\Downloads_2\NetTools5.0.70\Setup.exe|>{app}\IPscanner\ipscanner.exe
H:\Myname_2\Downloads_2\NetTools5.0.70\Setup.exe|>{app}\IPscanner\PortScanner.exe

#38
Seran

Posted 31 January 2012 - 05:48 AM

Member

Topic Starter
Member
37 posts

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 31/01/2012 05:52:31

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by Seran, 31 January 2012 - 05:54 AM.

#39
Seran

Posted 31 January 2012 - 05:49 AM

Member

Topic Starter
Member
37 posts

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 31/01/2012 05:54:35

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/01/2012 11:33:18
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 31/01/2012 11:29:31
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 31/01/2012 11:28:27
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

Log: 'System' Date/Time: 31/01/2012 11:28:27
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AirPrint service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 31/01/2012 11:28:27
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Media Center Extender Service service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 31/01/2012 07:41:04
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 31/01/2012 07:40:04
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 31/01/2012 07:39:46
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

Log: 'System' Date/Time: 31/01/2012 07:39:46
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AirPrint service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 31/01/2012 07:39:46
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 31/01/2012 07:39:46
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.

Log: 'System' Date/Time: 31/01/2012 07:39:46
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Media Center Extender Service service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 31/01/2012 07:19:30
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 31/01/2012 07:18:22
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

Log: 'System' Date/Time: 31/01/2012 07:18:22
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AirPrint service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 31/01/2012 07:18:22
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Media Center Extender Service service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 31/01/2012 07:17:36
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 31/01/2012 07:16:44
Type: Error Category: 0
Event: 1048 Source: Microsoft-Windows-TerminalServices-LocalSessionManager
Terminal Service start failed. The relevant status code was The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. .

Log: 'System' Date/Time: 31/01/2012 03:15:05
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 31/01/2012 03:13:58
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/01/2012 11:27:27
Type: Warning Category: 0
Event: 2506 Source: Server
The value named Hidden in the server's registry key LanmanServer\Parameters was not valid, and was ignored. If you want to change the value, change it to one that is the correct type and is within the acceptable range, or delete the value to use the default. This value might have been set up by an older program that did not use the correct boundaries.

Log: 'System' Date/Time: 31/01/2012 07:38:35
Type: Warning Category: 0
Event: 2506 Source: Server
The value named Hidden in the server's registry key LanmanServer\Parameters was not valid, and was ignored. If you want to change the value, change it to one that is the correct type and is within the acceptable range, or delete the value to use the default. This value might have been set up by an older program that did not use the correct boundaries.

Log: 'System' Date/Time: 31/01/2012 07:17:09
Type: Warning Category: 0
Event: 2506 Source: Server
The value named Hidden in the server's registry key LanmanServer\Parameters was not valid, and was ignored. If you want to change the value, change it to one that is the correct type and is within the acceptable range, or delete the value to use the default. This value might have been set up by an older program that did not use the correct boundaries.

Log: 'System' Date/Time: 31/01/2012 07:11:13
Type: Warning Category: 0
Event: 1002 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 31/01/2012 03:12:57
Type: Warning Category: 0
Event: 2506 Source: Server
The value named Hidden in the server's registry key LanmanServer\Parameters was not valid, and was ignored. If you want to change the value, change it to one that is the correct type and is within the acceptable range, or delete the value to use the default. This value might have been set up by an older program that did not use the correct boundaries.

Log: 'System' Date/Time: 30/01/2012 01:11:46
Type: Warning Category: 0
Event: 1002 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 30/01/2012 00:37:09
Type: Warning Category: 0
Event: 2506 Source: Server
The value named Hidden in the server's registry key LanmanServer\Parameters was not valid, and was ignored. If you want to change the value, change it to one that is the correct type and is within the acceptable range, or delete the value to use the default. This value might have been set up by an older program that did not use the correct boundaries.

Edited by Seran, 31 January 2012 - 05:55 AM.

#40
RKinner

Posted 31 January 2012 - 11:18 AM

Malware Expert

Expert
24,625 posts

Copy the next line:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AirPrint > \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and select Paste or Edit then Paste and the copied line should appear. Hit Enter.

Now type(with an Enter after the line):

notepad  \junk.txt

Copy and paste the text from notepad.

Also run OTL, Quickscan and post the log.

#41
Seran

Posted 31 January 2012 - 04:42 PM

Member

Topic Starter
Member
37 posts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AirPrint
Type REG_DWORD 0x10
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ C:\Program Files<x86>\AirPrint\airprint.exe-s
DependOnService REG_MULTI_SZ Bonjour Service
ObjectName REG_SZ LocalSystem

I'd like to actually just get rid of this airprint btw.

#42
Seran

Posted 31 January 2012 - 05:17 PM

Member

Topic Starter
Member
37 posts

OTL logfile created on: 1/31/2012 16:44:16 - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.19% Memory free
8.16 Gb Paging File | 6.04 Gb Available in Paging File | 74.04% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 52.13 Gb Free Space | 22.38% Space Free | Partition Type: NTFS
Drive F: | 221.45 Gb Total Space | 24.90 Gb Free Space | 11.24% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 251.12 Gb Free Space | 84.24% Space Free | Partition Type: NTFS

Computer Name: AWESOME | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 16:42:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.com
PRC - [2011/12/31 22:58:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/10/26 16:22:02 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/08/04 14:44:24 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/08/04 14:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/15 17:42:18 | 000,499,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
PRC - [2008/05/02 03:00:00 | 000,077,824 | ---- | M] () -- F:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/31 22:58:03 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/05/02 03:00:00 | 000,077,824 | ---- | M] () -- F:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 12:01:23 | 000,127,192 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/10/19 04:18:40 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2008/05/02 01:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/18 22:39:22 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/26 16:29:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/11 04:10:34 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- f:\Program Files (x86)\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2010/04/05 13:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 11:54:44 | 000,140,120 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 11:53:28 | 000,258,392 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/11/28 11:26:19 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2011/10/19 04:18:16 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/07 17:51:34 | 000,448,088 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/06/30 02:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/06/22 20:47:58 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/04/29 12:40:54 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/03 01:54:56 | 001,486,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atinavrr.sys -- (ATIAVPCI)
DRV:64bit: - [2009/06/02 18:11:05 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 00:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/04/01 12:43:00 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/05 14:14:40 | 000,135,168 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SaiK0728.sys -- (SaiK0728)
DRV:64bit: - [2009/01/13 19:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 19:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 19:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/01/13 19:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/11/04 12:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune)
DRV:64bit: - [2008/08/14 05:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2008/04/22 07:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/02/29 02:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008/02/29 02:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008/02/29 02:16:20 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008/02/18 08:20:21 | 000,041,216 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2008/02/18 08:20:21 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2008/01/20 20:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/09/28 23:30:46 | 000,091,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2007/06/25 04:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV - [2011/03/13 20:37:55 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2010/04/01 00:35:46 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/03/28 17:52:23 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007/09/07 13:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/01/29 04:39:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox [2010/09/07 14:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/01/29 04:24:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/31 01:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/31 22:58:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/30 21:12:14 | 000,000,000 | ---D | M]

[2008/09/03 11:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Extensions
[2012/01/26 21:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions
[2012/01/05 00:13:49 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/04/27 17:07:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/24 09:35:25 | 000,001,490 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\searchplugins\AIM Search.xml
[2009/02/25 12:31:58 | 000,000,682 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\searchplugins\ask.xml
[2011/02/11 19:08:19 | 000,002,572 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\searchplugins\askcom.xml
[2010/03/02 02:20:25 | 000,001,589 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\searchplugins\web-search.xml
[2012/01/24 23:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/22 17:02:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D69MVSBF.DEFAULT\EXTENSIONS\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D69MVSBF.DEFAULT\EXTENSIONS\[email protected]
[2011/12/31 22:58:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2009/08/24 09:35:25 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AIM Search.xml
[2011/10/05 19:00:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/13 19:50:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/27 19:31:47 | 000,440,303 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15161 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ISW] File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe (Samsung Electronics Co. Ltd.)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{570A8F11-512F-4F69-959F-B51B1B99A90B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/31 16:42:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.com
[2012/01/31 05:46:57 | 000,061,440 | ---- | C] ( ) -- C:\Users\Martin\Desktop\VEW.exe
[2012/01/31 01:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/01/31 01:31:44 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/01/31 01:31:44 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/01/31 01:31:36 | 000,140,120 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/01/31 01:30:34 | 000,258,392 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/01/31 01:30:34 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/01/31 01:30:33 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/01/31 01:30:33 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/01/31 01:30:32 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/01/31 01:30:28 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/01/31 01:29:50 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012/01/31 01:29:40 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/01/31 01:29:40 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/31 01:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/31 01:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/29 19:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/01/29 19:14:10 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/01/29 19:14:10 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/01/29 19:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/01/29 19:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/01/29 04:24:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\ForceField Shared Files
[2012/01/29 04:24:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\CheckPoint
[2012/01/29 04:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/01/29 04:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/01/29 04:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/01/29 04:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2012/01/27 17:15:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/27 17:15:29 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\temp
[2012/01/27 17:08:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/27 16:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/27 16:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/27 16:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/26 22:25:58 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2012/01/26 22:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/26 16:48:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/26 16:27:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/26 03:50:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\DoctorWeb
[2012/01/25 05:59:15 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\omg
[2012/01/25 05:27:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/01/24 00:03:36 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/01/24 00:03:06 | 000,000,000 | ---D | C] -- C:\Windows\Windows Defender Offline
[2012/01/20 20:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(24)
[2012/01/16 09:18:13 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{147F3C47-C3C8-415A-9D09-AA87B05DB04B}
[2012/01/16 09:17:58 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{C897CB32-FAA0-4B97-90F4-9C7B87C080BD}
[2012/01/11 19:54:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\SanctionedMedia
[2012/01/06 04:22:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2012/01/06 04:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/01/06 04:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series
[2012/01/02 08:59:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\PCPro
[2012/01/02 08:59:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\PC Cleaners
[2012/01/02 08:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/01/02 08:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleaners
[2012/01/02 08:30:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\DriverCure
[2012/01/02 08:30:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\SpeedyPC Software
[2012/01/02 08:29:00 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/02 03:34:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{49399A44-1A4F-4089-86BB-40988C4B4805}
[2012/01/02 03:34:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{B2D07F23-E548-4645-9C27-F60D7FDB4A35}

========== Files - Modified Within 30 Days ==========

[2012/01/31 16:51:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C981F5F3-A80C-4717-8C57-AC69E0E9BED3}.job
[2012/01/31 16:42:56 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/31 16:42:56 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/31 16:42:56 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/31 16:42:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.com
[2012/01/31 16:36:07 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 16:36:07 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 16:35:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/31 05:47:02 | 000,061,440 | ---- | M] ( ) -- C:\Users\Martin\Desktop\VEW.exe
[2012/01/31 01:31:45 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/01/31 01:30:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/01/31 01:27:23 | 087,604,152 | ---- | M] () -- C:\Users\Martin\Desktop\setup_ais.exe
[2012/01/31 01:14:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/29 18:34:39 | 001,118,208 | ---- | M] () -- C:\Users\Martin\Desktop\We2.evtx
[2012/01/29 18:34:26 | 001,118,208 | ---- | M] () -- C:\Users\Martin\Desktop\We1.evtx
[2012/01/29 04:25:07 | 000,415,859 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/01/29 03:53:12 | 000,721,296 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/27 19:31:47 | 000,440,303 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/27 19:27:51 | 020,975,616 | ---- | M] () -- C:\Users\Martin\Documents\WeSys.evtx
[2012/01/27 17:08:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120127-193147.backup
[2012/01/27 16:41:32 | 000,001,516 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/27 09:03:00 | 000,000,732 | ---- | M] () -- C:\Users\Martin\AppData\Local\d3d9caps64.dat
[2012/01/26 22:37:59 | 020,975,616 | ---- | M] () -- C:\Users\Martin\Documents\Desktop.evtx
[2012/01/26 03:34:38 | 000,001,356 | ---- | M] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat
[2012/01/26 03:34:34 | 000,002,277 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/19 11:50:31 | 000,440,236 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120125-055126.backup
[2012/01/12 09:48:53 | 000,440,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120119-115031.backup
[2012/01/06 04:13:35 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2012/01/06 04:05:54 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2012/01/06 03:46:48 | 000,439,959 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120112-094853.backup

========== Files Created - No Company Name ==========

[2012/01/31 01:31:45 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/01/31 01:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/01/31 01:20:16 | 087,604,152 | ---- | C] () -- C:\Users\Martin\Desktop\setup_ais.exe
[2012/01/29 18:34:38 | 001,118,208 | ---- | C] () -- C:\Users\Martin\Desktop\We2.evtx
[2012/01/29 18:34:26 | 001,118,208 | ---- | C] () -- C:\Users\Martin\Desktop\We1.evtx
[2012/01/29 04:24:17 | 000,415,859 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/01/27 19:27:51 | 020,975,616 | ---- | C] () -- C:\Users\Martin\Documents\WeSys.evtx
[2012/01/27 16:41:32 | 000,001,516 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/26 22:37:57 | 020,975,616 | ---- | C] () -- C:\Users\Martin\Documents\Desktop.evtx
[2012/01/12 07:10:43 | 000,000,732 | ---- | C] () -- C:\Users\Martin\AppData\Local\d3d9caps64.dat
[2012/01/06 04:13:35 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2012/01/06 04:05:54 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2011/11/15 22:38:15 | 000,001,356 | ---- | C] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/01/26 09:45:32 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/23 20:41:22 | 000,000,291 | ---- | C] () -- C:\Windows\vtmb.ini
[2011/01/20 03:01:57 | 000,000,174 | ---- | C] () -- C:\Users\Martin\AppData\Local\RAExpertHistory.xml
[2011/01/20 03:01:20 | 000,000,174 | ---- | C] () -- C:\Users\Martin\AppData\Local\rahistory.xml
[2011/01/04 16:37:46 | 000,024,576 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/08 15:23:28 | 000,204,848 | ---- | C] () -- C:\Windows\SysWow64\gswin32c.exe
[2009/06/22 14:21:44 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/11 19:25:39 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2009/06/08 18:51:10 | 000,000,760 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\setup_ldm.iss
[2009/05/26 12:19:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/26 12:18:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/05/26 12:18:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/30 22:10:58 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/04/09 09:23:57 | 000,084,362 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/03/01 23:54:34 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2009/03/01 23:54:34 | 000,036,110 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat
[2008/09/29 18:41:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/25 15:52:38 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/09/19 00:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008/09/19 00:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2008/09/05 19:29:14 | 000,000,328 | ---- | C] () -- C:\Windows\game.ini
[2008/09/03 08:58:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/09/02 21:05:14 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/21 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/09/23 06:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\SysWow64\cygxml2-2.dll
[2003/08/10 08:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\SysWow64\cygiconv-2.dll
[2003/08/08 18:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll

========== LOP Check ==========

[2009/02/10 04:23:36 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\acccore
[2009/12/08 21:06:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Amazon
[2008/09/27 12:41:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Bioshock
[2010/09/28 05:54:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Bioshock2
[2009/05/17 12:39:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Braid
[2012/01/06 04:14:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canon
[2012/01/29 04:24:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\CheckPoint
[2011/12/30 03:45:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/10/31 14:50:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/05 18:15:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012/01/02 08:30:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DriverCure
[2011/02/15 21:52:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FKRMonitor
[2009/02/18 23:20:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Games
[2012/01/12 06:36:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GlarySoft
[2010/12/07 20:07:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\gtk-2.0
[2008/09/03 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech
[2010/06/16 01:33:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LolClient
[2011/02/28 18:22:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MAGIX
[2010/08/31 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ManyCam
[2009/01/10 16:59:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org
[2009/04/07 02:06:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Opera
[2010/08/28 01:15:15 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Pamela
[2012/01/02 08:59:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PC Cleaners
[2012/01/02 09:05:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PCPro
[2012/01/02 08:30:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SpeedyPC Software
[2012/01/24 22:38:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SystemRequirementsLab
[2008/09/06 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\The Longest Journey
[2010/01/13 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Tropico 3 Demo
[2010/03/09 12:20:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ubisoft
[2011/04/18 04:12:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Unity
[2009/04/07 01:18:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Windows Live Writer
[2010/08/24 23:12:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\WNR
[2012/01/31 05:55:58 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/31 16:51:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C981F5F3-A80C-4717-8C57-AC69E0E9BED3}.job
[2011/05/13 17:09:16 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{3A203E6F-0710-43F9-A55E-2D9EBC8FF01A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

#43
RKinner

Posted 31 January 2012 - 05:47 PM

Malware Expert

Expert
24,625 posts

Getting rid of Airprint

should be easy:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

sc  delete  AirPrint

#44
Seran

Posted 31 January 2012 - 06:17 PM

Member

Topic Starter
Member
37 posts

Ok thank you. Um, so do you see any other problems?

Btw, what about the Avast scan reports? Can I delete any of those?

#45
RKinner

Posted 31 January 2012 - 09:59 PM

Malware Expert

Expert
24,625 posts

I think we are pretty much done.

We need to cleanup System Restore (if we haven't already):

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron