Jump to content

DDS/


Recommended Posts

I am posting this because I have downloaded some malware. It requests that I install win_protection.update.exe to get rid of it. Right. So, the instructions from this site ask me to post my DDS.txt and attaching attach.txt & ark.txt. It also asks that I post the Malwarebytes' Anti-Malware log file.

DDS (Ver_09-12-01.01) - NTFSX64

Run by boxes at 21:58:24.98 on Sat 12/26/2009

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4230 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\ASUS.SYS\CONFIG\DVMExportService.exe

C:\Program Files (x86)\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\AceBIT\WISE-FTP 5\wf_tp.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

\fumuy.exe

C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe

C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe

C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe

C:\Program Files (x86)\ASUS\TurboV\TurboV.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\sppsvc.exe

C:\Users\boxes\BicBny.exe

C:\Windows\system32\conhost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Users\boxes\Desktop\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\nero\lib\NMBgMonitor.exe"

uRun: [WISE-FTP Task Planner] "c:\program files (x86)\acebit\wise-ftp 5\wf_tp.exe" /bg

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [RocketDock] "c:\program files (x86)\rocketdock\RocketDock.exe"

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [fumuy] c:\users\boxes\fumuy.exe

mRun: [soundMAXPnP] c:\program files (x86)\analog devices\core\smax4pnp.exe

mRun: [Ai Nap] "c:\program files (x86)\asus\ai suite\ainap\AiNap.exe"

mRun: [QFan Help] "c:\program files (x86)\asus\ai suite\qfan3\QFanHelp.exe"

mRun: [Cpu Level Up help] "c:\program files (x86)\asus\ai suite\CpuLevelUpHelp.exe"

mRun: [TurboV] "c:\program files (x86)\asus\turbov\TurboV.exe"

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [NBKeyScan] "c:\program files (x86)\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"

mRun: [VolPanel] "c:\program files (x86)\creative\volume panel\VolPanlu.exe" /r

mRun: [TrueImageMonitor.exe] c:\program files (x86)\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files (x86)\acronis\trueimagehome\TimounterMonitor.exe

mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE

mRun: [sprint SmartView] "c:\program files (x86)\sprint\sprint smartview\SprintSV.exe" -a

mRun: [RDVCHG] "c:\program files (x86)\sprint\sprint smartview\RDVCHG.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"

StartupFolder: c:\users\boxes\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files (x86)\stardock\objectdock\ObjectDock.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000

IE: Open Picture in &Microsoft PhotoDraw - c:\progra~2\micros~1\office\1033\phdintl.dll/phdContext.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL

LSP: bmnet.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files (x86)\dvd region+css free\DVDShell.dll

LSA: Authentication Packages = msv1_0 relog_ap

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

mRun-x64: [soundMAX] c:\program files (x86)\analog devices\soundmax\soundmax.exe /tray

mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"

mRun-x64: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui

mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\boxes\appdata\roaming\mozilla\firefox\profiles\i68w4g09.default\

FF - prefs.js: browser.startup.homepage - www.cnn.com

FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files (x86)\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\users\boxes\appdata\roaming\mozilla\firefox\profiles\i68w4g09.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-30 527464]

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2009-5-11 178728]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 164720]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-24 202752]

R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-8-17 90112]

R2 MDES;DVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-2-18 315392]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-8-17 1153368]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-9-28 395264]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-8-19 133104]

S3 CASprint;Sprint Con App Svc;c:\program files (x86)\sprint\sprint smartview\ConAppsSvc.exe [2009-5-26 124160]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2009-8-19 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-8-19 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744]

S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2009-8-20 12744]

S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.sys [2009-5-26 43032]

=============== Created Last 30 ================

2009-12-27 03:57:17 191 ----a-w- c:\users\boxes\VzqNEI.bat

2009-12-27 03:55:15 188928 ----a-w- c:\users\boxes\BicBny.exe

2009-12-27 03:55:10 53248 --sh--r- c:\users\boxes\rhgaq.exe

2009-12-27 03:52:13 119 ----a-w- c:\users\boxes\WtNWFK.bat

2009-12-27 03:52:05 32 ----a-w- c:\users\boxes\defogger_reenable

2009-12-27 03:46:07 425 ----a-w- c:\users\boxes\GTzsVM.bat

2009-12-27 03:44:06 188928 ----a-w- c:\users\boxes\WtNWFK.exe

2009-12-27 03:44:00 53248 --sh--r- c:\users\boxes\biixe.exe

2009-12-27 03:36:59 53248 --sh--r- c:\users\boxes\ceehun.exe

2009-12-27 02:50:07 119 ----a-w- c:\users\boxes\JiOJPS.bat

2009-12-27 02:49:09 191 ----a-w- c:\users\boxes\tkWlws.bat

2009-12-27 02:47:02 53248 --sh--r- c:\users\boxes\rxpaq.exe

2009-12-27 02:41:04 0 d-----w- c:\users\boxes\appdata\roaming\Malwarebytes

2009-12-27 02:41:00 0 d-----w- c:\programdata\Malwarebytes

2009-12-27 02:40:59 22104 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-27 02:40:59 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2009-12-27 02:34:34 53248 --sh--r- c:\users\boxes\fccuip.exe

2009-12-26 23:02:40 0 d-----w- c:\program files (x86)\common files\ATI Technologies

2009-12-26 22:33:39 53248 --sh--r- c:\users\boxes\nouqieg.exe

2009-12-26 22:30:13 119 ----a-w- c:\users\boxes\ByMBVo.bat

2009-12-26 22:28:58 191 ----a-w- c:\users\boxes\opFcSL.bat

2009-12-26 22:26:52 53248 --sh--r- c:\users\boxes\xooteu.exe

2009-12-26 22:25:41 114688 --sh--r- c:\users\boxes\fumuy.exe

2009-12-24 01:59:20 0 d-----w- c:\users\boxes\appdata\roaming\E-centives

2009-12-17 04:00:10 0 d-----w- c:\program files (x86)\Winamp Detect

2009-12-16 20:56:06 626688 ----a-w- c:\windows\syswow64\vp7vfw.dll

2009-12-16 20:56:06 1184984 ----a-w- c:\windows\syswow64\wvc1dmod.dll

2009-12-12 21:06:43 0 d-----w- c:\users\boxes\appdata\roaming\Thinstall

2009-12-08 20:31:10 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2009-12-08 20:31:10 5958656 ----a-w- c:\windows\syswow64\mshtml.dll

2009-12-08 04:29:40 0 d-----w- c:\programdata\Codemasters

2009-12-08 04:27:48 872448 ----a-w- c:\windows\syswow64\rapture3d_oal.dll

2009-12-08 04:27:48 839680 ----a-w- c:\windows\syswow64\mkl_vml_p4.dll

2009-12-08 04:27:48 532480 ----a-w- c:\windows\syswow64\mkl_vml_p3.dll

2009-12-08 04:27:48 512000 ----a-w- c:\windows\syswow64\mkl_vml_def.dll

2009-12-08 04:27:48 3485696 ----a-w- c:\windows\syswow64\mkl_p4.dll

2009-12-08 04:27:48 2793472 ----a-w- c:\windows\syswow64\mkl_p3.dll

2009-12-08 04:27:48 2441216 ----a-w- c:\windows\syswow64\mkl_def.dll

2009-12-08 04:27:48 2174976 ----a-w- c:\windows\syswow64\mkl_lapack32.dll

2009-12-08 04:27:48 2125824 ----a-w- c:\windows\syswow64\mkl_lapack64.dll

2009-12-08 04:27:48 184320 ----a-w- c:\windows\syswow64\libguide40.dll

2009-12-08 04:27:47 0 d-----w- c:\program files (x86)\BRS

2009-12-08 04:27:33 809560 ----a-r- c:\windows\syswow64\tmpD5D5.tmp

2009-12-08 04:27:33 109144 ----a-w- c:\windows\syswow64\OpenAL32.dll

2009-12-08 04:26:27 809560 ----a-r- c:\windows\syswow64\tmpD5B4.tmp

2009-12-01 17:25:20 149280 ----a-w- c:\windows\syswow64\javaws.exe

2009-12-01 17:25:20 145184 ----a-w- c:\windows\syswow64\javaw.exe

2009-12-01 17:25:20 145184 ----a-w- c:\windows\syswow64\java.exe

2009-12-01 16:37:21 2048 ----a-w- c:\windows\syswow64\tzres.dll

2009-12-01 16:37:21 2048 ----a-w- c:\windows\system32\tzres.dll

2009-12-01 00:02:40 171144 ----a-w- c:\windows\syswow64\xliveinstall.dll

2009-12-01 00:02:38 72840 ----a-w- c:\windows\syswow64\xliveinstallhost.exe

==================== Find3M ====================

2009-12-16 20:56:12 99384 ----a-w- c:\users\boxes\appdata\roaming\inst.exe

2009-12-16 20:56:12 82816 ----a-w- c:\users\boxes\appdata\roaming\pcouffin.sys

2009-12-08 04:27:33 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2009-12-08 04:27:33 445016 ----a-w- c:\windows\syswow64\wrap_oal.dll

2009-12-08 04:27:33 122968 ----a-w- c:\windows\system32\OpenAL32.dll

2009-11-25 03:52:14 6174720 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2009-11-25 03:18:02 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2009-11-25 03:17:52 446976 ----a-w- c:\windows\system32\atieclxx.exe

2009-11-25 03:17:16 202752 ----a-w- c:\windows\system32\atiesrxx.exe

2009-11-25 03:15:54 120320 ----a-w- c:\windows\system32\atitmm64.dll

2009-11-25 03:15:36 421376 ----a-w- c:\windows\system32\atipdl64.dll

2009-11-25 03:15:28 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll

2009-11-25 03:15:14 274432 ----a-w- c:\windows\syswow64\Oemdspif.dll

2009-11-25 03:15:06 12288 ----a-w- c:\windows\system32\atimuixx.dll

2009-11-25 03:15:02 59392 ----a-w- c:\windows\system32\atiedu64.dll

2009-11-25 03:14:58 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll

2009-11-25 03:12:12 3055616 ----a-w- c:\windows\syswow64\atidxx32.dll

2009-11-25 03:04:30 3661824 ----a-w- c:\windows\system32\atidxx64.dll

2009-11-25 03:02:20 17625088 ----a-w- c:\windows\system32\atio6axx.dll

2009-11-25 02:55:58 3617792 ----a-w- c:\windows\syswow64\atiumdag.dll

2009-11-25 02:50:14 4683776 ----a-w- c:\windows\system32\atiumd64.dll

2009-11-25 02:44:56 13487616 ----a-w- c:\windows\syswow64\atioglxx.dll

2009-11-25 02:43:54 2601984 ----a-w- c:\windows\system32\atiumd6a.dll

2009-11-25 02:37:58 2899968 ----a-w- c:\windows\syswow64\atiumdva.dll

2009-11-25 02:25:46 53248 ----a-w- c:\windows\system32\atimpc64.dll

2009-11-25 02:25:46 53248 ----a-w- c:\windows\system32\amdpcom64.dll

2009-11-25 02:25:38 52224 ----a-w- c:\windows\syswow64\atimpc32.dll

2009-11-25 02:25:38 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll

2009-11-25 02:25:16 312320 ----a-w- c:\windows\system32\atiadlxx.dll

2009-11-25 02:25:08 225280 ----a-w- c:\windows\syswow64\atiadlxy.dll

2009-11-25 02:21:54 43008 ----a-w- c:\windows\system32\aticalrt64.dll

2009-11-25 02:21:52 53248 ----a-w- c:\windows\syswow64\aticalrt.dll

2009-11-25 02:21:38 39936 ----a-w- c:\windows\system32\aticalcl64.dll

2009-11-25 02:21:36 53248 ----a-w- c:\windows\syswow64\aticalcl.dll

2009-11-25 02:21:24 4740096 ----a-w- c:\windows\system32\aticaldd64.dll

2009-11-25 02:20:26 3629056 ----a-w- c:\windows\syswow64\aticaldd.dll

2009-11-25 02:10:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2009-11-06 16:59:54 15406728 ----a-w- c:\windows\syswow64\xlive.dll

2009-11-06 16:59:54 13642888 ----a-w- c:\windows\syswow64\xlivefnt.dll

2009-11-04 08:58:42 22528 ----a-w- c:\windows\system32\drivers\dc3d.sys

2009-11-03 02:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe

2009-10-27 00:41:06 103736 ----a-w- c:\windows\syswow64\PnkBstrB.exe

2009-10-27 00:41:01 669184 ----a-w- c:\windows\syswow64\pbsvc.exe

2009-10-27 00:41:01 66872 ----a-w- c:\windows\syswow64\PnkBstrA.exe

2009-10-26 02:11:11 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll

2009-10-22 15:59:00 196565 ----a-w- c:\windows\system32\atiicdxx.dat

2009-10-14 23:07:50 174 --sh--w- c:\program files (x86)\desktop.ini

2009-10-14 19:17:26 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2009-10-11 10:17:27 411368 ----a-w- c:\windows\syswow64\deploytk.dll

2009-09-28 15:22:00 496128 ----a-w- c:\windows\system32\yk62x64.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-08-17 17:58:58 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:58:42.00 ===============

I've got four Malwarebytes' Anti-Malware log files:

DDS (Ver_09-12-01.01) - NTFSX64

Run by boxes at 21:58:24.98 on Sat 12/26/2009

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4230 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\ASUS.SYS\CONFIG\DVMExportService.exe

C:\Program Files (x86)\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\AceBIT\WISE-FTP 5\wf_tp.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

\fumuy.exe

C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe

C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe

C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe

C:\Program Files (x86)\ASUS\TurboV\TurboV.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\sppsvc.exe

C:\Users\boxes\BicBny.exe

C:\Windows\system32\conhost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Users\boxes\Desktop\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\nero\lib\NMBgMonitor.exe"

uRun: [WISE-FTP Task Planner] "c:\program files (x86)\acebit\wise-ftp 5\wf_tp.exe" /bg

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [RocketDock] "c:\program files (x86)\rocketdock\RocketDock.exe"

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [fumuy] c:\users\boxes\fumuy.exe

mRun: [soundMAXPnP] c:\program files (x86)\analog devices\core\smax4pnp.exe

mRun: [Ai Nap] "c:\program files (x86)\asus\ai suite\ainap\AiNap.exe"

mRun: [QFan Help] "c:\program files (x86)\asus\ai suite\qfan3\QFanHelp.exe"

mRun: [Cpu Level Up help] "c:\program files (x86)\asus\ai suite\CpuLevelUpHelp.exe"

mRun: [TurboV] "c:\program files (x86)\asus\turbov\TurboV.exe"

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [NBKeyScan] "c:\program files (x86)\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"

mRun: [VolPanel] "c:\program files (x86)\creative\volume panel\VolPanlu.exe" /r

mRun: [TrueImageMonitor.exe] c:\program files (x86)\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files (x86)\acronis\trueimagehome\TimounterMonitor.exe

mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE

mRun: [sprint SmartView] "c:\program files (x86)\sprint\sprint smartview\SprintSV.exe" -a

mRun: [RDVCHG] "c:\program files (x86)\sprint\sprint smartview\RDVCHG.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"

StartupFolder: c:\users\boxes\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files (x86)\stardock\objectdock\ObjectDock.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000

IE: Open Picture in &Microsoft PhotoDraw - c:\progra~2\micros~1\office\1033\phdintl.dll/phdContext.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL

LSP: bmnet.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files (x86)\dvd region+css free\DVDShell.dll

LSA: Authentication Packages = msv1_0 relog_ap

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

mRun-x64: [soundMAX] c:\program files (x86)\analog devices\soundmax\soundmax.exe /tray

mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"

mRun-x64: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui

mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\boxes\appdata\roaming\mozilla\firefox\profiles\i68w4g09.default\

FF - prefs.js: browser.startup.homepage - www.cnn.com

FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files (x86)\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\users\boxes\appdata\roaming\mozilla\firefox\profiles\i68w4g09.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-30 527464]

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2009-5-11 178728]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 164720]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-24 202752]

R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-8-17 90112]

R2 MDES;DVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-2-18 315392]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-8-17 1153368]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-9-28 395264]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-8-19 133104]

S3 CASprint;Sprint Con App Svc;c:\program files (x86)\sprint\sprint smartview\ConAppsSvc.exe [2009-5-26 124160]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2009-8-19 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-8-19 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744]

S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2009-8-20 12744]

S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.sys [2009-5-26 43032]

=============== Created Last 30 ================

2009-12-27 03:57:17 191 ----a-w- c:\users\boxes\VzqNEI.bat

2009-12-27 03:55:15 188928 ----a-w- c:\users\boxes\BicBny.exe

2009-12-27 03:55:10 53248 --sh--r- c:\users\boxes\rhgaq.exe

2009-12-27 03:52:13 119 ----a-w- c:\users\boxes\WtNWFK.bat

2009-12-27 03:52:05 32 ----a-w- c:\users\boxes\defogger_reenable

2009-12-27 03:46:07 425 ----a-w- c:\users\boxes\GTzsVM.bat

2009-12-27 03:44:06 188928 ----a-w- c:\users\boxes\WtNWFK.exe

2009-12-27 03:44:00 53248 --sh--r- c:\users\boxes\biixe.exe

2009-12-27 03:36:59 53248 --sh--r- c:\users\boxes\ceehun.exe

2009-12-27 02:50:07 119 ----a-w- c:\users\boxes\JiOJPS.bat

2009-12-27 02:49:09 191 ----a-w- c:\users\boxes\tkWlws.bat

2009-12-27 02:47:02 53248 --sh--r- c:\users\boxes\rxpaq.exe

2009-12-27 02:41:04 0 d-----w- c:\users\boxes\appdata\roaming\Malwarebytes

2009-12-27 02:41:00 0 d-----w- c:\programdata\Malwarebytes

2009-12-27 02:40:59 22104 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-27 02:40:59 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2009-12-27 02:34:34 53248 --sh--r- c:\users\boxes\fccuip.exe

2009-12-26 23:02:40 0 d-----w- c:\program files (x86)\common files\ATI Technologies

2009-12-26 22:33:39 53248 --sh--r- c:\users\boxes\nouqieg.exe

2009-12-26 22:30:13 119 ----a-w- c:\users\boxes\ByMBVo.bat

2009-12-26 22:28:58 191 ----a-w- c:\users\boxes\opFcSL.bat

2009-12-26 22:26:52 53248 --sh--r- c:\users\boxes\xooteu.exe

2009-12-26 22:25:41 114688 --sh--r- c:\users\boxes\fumuy.exe

2009-12-24 01:59:20 0 d-----w- c:\users\boxes\appdata\roaming\E-centives

2009-12-17 04:00:10 0 d-----w- c:\program files (x86)\Winamp Detect

2009-12-16 20:56:06 626688 ----a-w- c:\windows\syswow64\vp7vfw.dll

2009-12-16 20:56:06 1184984 ----a-w- c:\windows\syswow64\wvc1dmod.dll

2009-12-12 21:06:43 0 d-----w- c:\users\boxes\appdata\roaming\Thinstall

2009-12-08 20:31:10 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2009-12-08 20:31:10 5958656 ----a-w- c:\windows\syswow64\mshtml.dll

2009-12-08 04:29:40 0 d-----w- c:\programdata\Codemasters

2009-12-08 04:27:48 872448 ----a-w- c:\windows\syswow64\rapture3d_oal.dll

2009-12-08 04:27:48 839680 ----a-w- c:\windows\syswow64\mkl_vml_p4.dll

2009-12-08 04:27:48 532480 ----a-w- c:\windows\syswow64\mkl_vml_p3.dll

2009-12-08 04:27:48 512000 ----a-w- c:\windows\syswow64\mkl_vml_def.dll

2009-12-08 04:27:48 3485696 ----a-w- c:\windows\syswow64\mkl_p4.dll

2009-12-08 04:27:48 2793472 ----a-w- c:\windows\syswow64\mkl_p3.dll

2009-12-08 04:27:48 2441216 ----a-w- c:\windows\syswow64\mkl_def.dll

2009-12-08 04:27:48 2174976 ----a-w- c:\windows\syswow64\mkl_lapack32.dll

2009-12-08 04:27:48 2125824 ----a-w- c:\windows\syswow64\mkl_lapack64.dll

2009-12-08 04:27:48 184320 ----a-w- c:\windows\syswow64\libguide40.dll

2009-12-08 04:27:47 0 d-----w- c:\program files (x86)\BRS

2009-12-08 04:27:33 809560 ----a-r- c:\windows\syswow64\tmpD5D5.tmp

2009-12-08 04:27:33 109144 ----a-w- c:\windows\syswow64\OpenAL32.dll

2009-12-08 04:26:27 809560 ----a-r- c:\windows\syswow64\tmpD5B4.tmp

2009-12-01 17:25:20 149280 ----a-w- c:\windows\syswow64\javaws.exe

2009-12-01 17:25:20 145184 ----a-w- c:\windows\syswow64\javaw.exe

2009-12-01 17:25:20 145184 ----a-w- c:\windows\syswow64\java.exe

2009-12-01 16:37:21 2048 ----a-w- c:\windows\syswow64\tzres.dll

2009-12-01 16:37:21 2048 ----a-w- c:\windows\system32\tzres.dll

2009-12-01 00:02:40 171144 ----a-w- c:\windows\syswow64\xliveinstall.dll

2009-12-01 00:02:38 72840 ----a-w- c:\windows\syswow64\xliveinstallhost.exe

==================== Find3M ====================

2009-12-16 20:56:12 99384 ----a-w- c:\users\boxes\appdata\roaming\inst.exe

2009-12-16 20:56:12 82816 ----a-w- c:\users\boxes\appdata\roaming\pcouffin.sys

2009-12-08 04:27:33 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2009-12-08 04:27:33 445016 ----a-w- c:\windows\syswow64\wrap_oal.dll

2009-12-08 04:27:33 122968 ----a-w- c:\windows\system32\OpenAL32.dll

2009-11-25 03:52:14 6174720 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2009-11-25 03:18:02 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2009-11-25 03:17:52 446976 ----a-w- c:\windows\system32\atieclxx.exe

2009-11-25 03:17:16 202752 ----a-w- c:\windows\system32\atiesrxx.exe

2009-11-25 03:15:54 120320 ----a-w- c:\windows\system32\atitmm64.dll

2009-11-25 03:15:36 421376 ----a-w- c:\windows\system32\atipdl64.dll

2009-11-25 03:15:28 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll

2009-11-25 03:15:14 274432 ----a-w- c:\windows\syswow64\Oemdspif.dll

2009-11-25 03:15:06 12288 ----a-w- c:\windows\system32\atimuixx.dll

2009-11-25 03:15:02 59392 ----a-w- c:\windows\system32\atiedu64.dll

2009-11-25 03:14:58 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll

2009-11-25 03:12:12 3055616 ----a-w- c:\windows\syswow64\atidxx32.dll

2009-11-25 03:04:30 3661824 ----a-w- c:\windows\system32\atidxx64.dll

2009-11-25 03:02:20 17625088 ----a-w- c:\windows\system32\atio6axx.dll

2009-11-25 02:55:58 3617792 ----a-w- c:\windows\syswow64\atiumdag.dll

2009-11-25 02:50:14 4683776 ----a-w- c:\windows\system32\atiumd64.dll

2009-11-25 02:44:56 13487616 ----a-w- c:\windows\syswow64\atioglxx.dll

2009-11-25 02:43:54 2601984 ----a-w- c:\windows\system32\atiumd6a.dll

2009-11-25 02:37:58 2899968 ----a-w- c:\windows\syswow64\atiumdva.dll

2009-11-25 02:25:46 53248 ----a-w- c:\windows\system32\atimpc64.dll

2009-11-25 02:25:46 53248 ----a-w- c:\windows\system32\amdpcom64.dll

2009-11-25 02:25:38 52224 ----a-w- c:\windows\syswow64\atimpc32.dll

2009-11-25 02:25:38 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll

2009-11-25 02:25:16 312320 ----a-w- c:\windows\system32\atiadlxx.dll

2009-11-25 02:25:08 225280 ----a-w- c:\windows\syswow64\atiadlxy.dll

2009-11-25 02:21:54 43008 ----a-w- c:\windows\system32\aticalrt64.dll

2009-11-25 02:21:52 53248 ----a-w- c:\windows\syswow64\aticalrt.dll

2009-11-25 02:21:38 39936 ----a-w- c:\windows\system32\aticalcl64.dll

2009-11-25 02:21:36 53248 ----a-w- c:\windows\syswow64\aticalcl.dll

2009-11-25 02:21:24 4740096 ----a-w- c:\windows\system32\aticaldd64.dll

2009-11-25 02:20:26 3629056 ----a-w- c:\windows\syswow64\aticaldd.dll

2009-11-25 02:10:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2009-11-06 16:59:54 15406728 ----a-w- c:\windows\syswow64\xlive.dll

2009-11-06 16:59:54 13642888 ----a-w- c:\windows\syswow64\xlivefnt.dll

2009-11-04 08:58:42 22528 ----a-w- c:\windows\system32\drivers\dc3d.sys

2009-11-03 02:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe

2009-10-27 00:41:06 103736 ----a-w- c:\windows\syswow64\PnkBstrB.exe

2009-10-27 00:41:01 669184 ----a-w- c:\windows\syswow64\pbsvc.exe

2009-10-27 00:41:01 66872 ----a-w- c:\windows\syswow64\PnkBstrA.exe

2009-10-26 02:11:11 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll

2009-10-22 15:59:00 196565 ----a-w- c:\windows\system32\atiicdxx.dat

2009-10-14 23:07:50 174 --sh--w- c:\program files (x86)\desktop.ini

2009-10-14 19:17:26 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2009-10-11 10:17:27 411368 ----a-w- c:\windows\syswow64\deploytk.dll

2009-09-28 15:22:00 496128 ----a-w- c:\windows\system32\yk62x64.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-08-17 17:58:58 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:58:42.00 ===============

Malwarebytes' Anti-Malware 1.42

Database version: 3436

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

12/26/2009 9:21:53 PM

mbam-log-2009-12-26 (21-21-53).txt

Scan type: Full Scan (C:\|E:\|)

Objects scanned: 243168

Time elapsed: 22 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Archived proggies\Diskeeper 2009 Pro Premier x64 [13.0.844.0]\Keymaker.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Users\boxes\ByMBVo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\boxes\JiOJPS.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.42

Database version: 3436

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/26/2009 9:34:52 PM

mbam-log-2009-12-26 (21-34-52).txt

Scan type: Quick Scan

Objects scanned: 101555

Time elapsed: 1 minute(s), 11 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 1

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

C:\Users\boxes\plGpTn.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:

C:\Windows\System32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\J8RPLTROBQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\losalamos (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j8rpltrobq (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\boxes\plGpTn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\boxes\AppData\Local\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\boxes\AppData\Local\Temp\b.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\boxes\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\boxes\AppData\Local\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Windows\System32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.42

Database version: 3436

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/26/2009 9:41:51 PM

mbam-log-2009-12-26 (21-41-51).txt

Scan type: Quick Scan

Objects scanned: 101672

Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

C:\Users\boxes\CcbCHy.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

I appreciate any help. :)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\boxes\CcbCHy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Attach.zip

Link to post
Share on other sites

Hello bigboxes

Welcome to Malwarebytes.

=====================

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

Referring to this entry found in your logs:

C:\Archived proggies\Diskeeper 2009 Pro Premier x64 [13.0.844.0]\Keymaker.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Remove any other cracked or illegal software before proceeding.

--------------------------------

  • Download OTL to your desktop.
  • Right click on the icon and choose "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========

Link to post
Share on other sites

Here is the OTL.txt info:

OTL logfile created on: 12/28/2009 2:35:41 AM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\boxes\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.00% Memory free

12.00 Gb Paging File | 10.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 69.24 Gb Total Space | 4.73 Gb Free Space | 6.83% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 279.46 Gb Total Space | 254.67 Gb Free Space | 91.13% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive O: | 465.75 Gb Total Space | 251.89 Gb Free Space | 54.08% Space Free | Partition Type: NTFS

Drive P: | 279.46 Gb Total Space | 80.45 Gb Free Space | 28.79% Space Free | Partition Type: NTFS

Computer Name: VINCENTVEGA

Current User Name: boxes

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\boxes\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\boxes\meelau.exe (KQROECwW)

PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft)

PRC - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files (x86)\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

PRC - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()

PRC - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()

PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)

PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)

PRC - C:\Program Files (x86)\ASUS\TurboV\TurboV.exe ()

PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)

PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()

PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

PRC - C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM)

PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)

PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()

PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files (x86)\AceBIT\WISE-FTP 5\wf_tp.exe (AceBIT GmbH)

PRC - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)

========== Modules (SafeList) ==========

MOD - C:\Users\boxes\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()

MOD - C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)

SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)

SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)

SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)

SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)

SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)

SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)

SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)

SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)

SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)

SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)

SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)

SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)

SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)

SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)

SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)

SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)

SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)

SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)

SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)

SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)

SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)

SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)

SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)

SRV - (VSS) -- C:\Windows\Vss [2009/07/13 21:20:14 | 00,000,000 | ---D | M]

SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 21:20:14 | 00,000,000 | ---D | M]

SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)

SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (SprintRcAppSvc) -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe (SmithMicro Inc.)

SRV - (CASprint) -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe (SmithMicro Inc.)

SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()

SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

SRV - (MDES) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM)

SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (TryAndDecideService) -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (NMIndexingService) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)

SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()

DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)

DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)

DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)

DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)

DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)

DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)

DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)

DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)

DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)

DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)

DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)

DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)

DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)

DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)

DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)

DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)

DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)

DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)

DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)

DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)

DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)

DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)

DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)

DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)

DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)

DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)

DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)

DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)

DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)

DRV:64bit: - (WinUSB) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)

DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)

DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)

DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)

DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)

DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)

DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)

DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)

DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)

DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)

DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)

DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)

DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)

DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)

DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)

DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)

DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)

DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)

DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)

DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)

DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)

DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)

DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)

DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)

DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (CSC) -- C:\Windows\CSC [2009/08/17 11:42:57 | 00,000,000 | ---D | M]

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (WinUSB) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)

DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)

DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()

DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()

DRV - (tcpipBM) -- C:\Windows\SysWOW64\drivers\tcpipBM.sys (Bytemobile, Inc.)

DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys ()

DRV - (ENTECH64) -- C:\Windows\SysWOW64\drivers\Entech64.sys (EnTech Taiwan)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 5E 64 41 6B 85 CA 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.cnn.com"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 41

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6

FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.0.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/17 10:28:02 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/23 19:59:20 | 00,000,000 | ---D | M]

[2009/08/17 12:06:10 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\Mozilla\Extensions

[2009/08/17 12:06:10 | 00,000,000 | ---D | M] (No name found) -- C:\Users\boxes\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/12/27 21:43:43 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\extensions

[2009/08/17 12:08:43 | 00,000,000 | ---D | M] (Qute) -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}

[2009/12/19 15:42:56 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/08/24 19:13:19 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2009/12/14 12:33:09 | 00,001,626 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\searchplugins\mozilla-add-ons.xml

[2009/12/27 21:43:43 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2009/12/17 10:28:02 | 00,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/08/17 12:47:59 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009/12/01 11:25:20 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2009/12/17 10:28:01 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll

[2009/12/17 10:28:01 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

[2009/12/23 19:59:20 | 00,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll

[2009/12/17 10:28:02 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

[2009/12/16 17:03:36 | 00,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

[2009/08/07 11:44:18 | 00,030,400 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll

[2009/07/30 01:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/07/30 01:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml

[2009/07/30 01:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/07/30 01:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml

[2009/07/30 01:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml

[2009/07/30 01:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (370747 bytes) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123haustiereundmehr.com

O1 - Hosts: 12777 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [soundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)

O4:64bit: - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()

O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()

O4 - HKLM..\Run: [RDVCHG] C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [sprint SmartView] C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe (Sprint)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [TurboV] C:\Program Files (x86)\ASUS\TurboV\TurboV.exe ()

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [CarMD] C:\Program Files (x86)\CarMD\CarMD.exe (CarMD.com Corp)

O4 - HKCU..\Run: [fumuy] C:\Users\boxes\fumuy.exe ()

O4 - HKCU..\Run: [J8RPLTROBQ] C:\Users\boxes\AppData\Local\Temp\c.exe ()

O4 - HKCU..\Run: [LosAlamos] C:\Windows\SysWow64\sshnas.DLL ()

O4 - HKCU..\Run: [meelau] C:\Users\boxes\meelau.exe (KQROECwW)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [WISE-FTP Task Planner] C:\Program Files (x86)\AceBIT\WISE-FTP 5\wf_tp.exe (AceBIT GmbH)

O4 - Startup: C:\Users\boxes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15:64bit: - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ipp - No CLSID value found

O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files (x86)\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/27 20:46:58 | 00,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - comfile [open] -- "%1" %* File not found

64bit: O35 - exefile [open] -- "%1" %* File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/28 02:31:50 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\boxes\Desktop\OTL.exe

[2009/12/28 02:18:42 | 00,081,920 | RHS- | C] (KQROECwW) -- C:\Users\boxes\meelau.exe

[2009/12/28 00:46:47 | 00,081,920 | RHS- | C] (CYFkeTmG) -- C:\Users\boxes\xrraug.exe

[2009/12/27 23:37:55 | 00,081,920 | RHS- | C] (vUnFsLTG) -- C:\Users\boxes\deirus.exe

[2009/12/27 20:52:25 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2009/12/27 20:52:17 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Roaming\SUPERAntiSpyware.com

[2009/12/27 20:52:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware

[2009/12/27 20:46:41 | 00,000,000 | ---D | C] -- C:\Autoruns

[2009/12/27 20:19:30 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW

[2009/12/27 20:02:58 | 02,180,072 | ---- | C] (Trend Micro) -- C:\Users\boxes\Desktop\HousecallLauncher64.exe

[2009/12/27 19:38:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hijackthis

[2009/12/27 18:34:44 | 00,081,920 | RHS- | C] (QfMHzaLt) -- C:\Users\boxes\noaavir.exe

[2009/12/27 15:25:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CarMD

[2009/12/27 14:28:02 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Local\CarMD.com_Corp

[2009/12/26 20:41:04 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Roaming\Malwarebytes

[2009/12/26 20:41:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2009/12/26 20:41:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/12/26 20:40:59 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2009/12/26 20:40:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2009/12/26 17:02:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies

[2009/12/23 19:59:20 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Roaming\E-centives

[2009/12/16 22:00:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect

[2009/12/16 17:53:06 | 00,000,000 | ---D | C] -- C:\Windows\Minidump

[2009/12/16 14:56:06 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc1dmod.dll

[2009/12/16 14:56:06 | 00,626,688 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll

[2009/12/15 06:26:04 | 00,000,000 | ---D | C] -- C:\Users\boxes\Documents\Kerry

[2009/12/12 15:06:43 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Roaming\Thinstall

[2009/12/12 15:06:43 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Local\Thinstall

[2009/12/08 14:31:10 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll

[2009/12/08 14:31:10 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll

[2009/12/07 22:29:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Codemasters

[2009/12/07 22:27:48 | 03,485,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_p4.dll

[2009/12/07 22:27:48 | 02,793,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_p3.dll

[2009/12/07 22:27:48 | 02,441,216 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_def.dll

[2009/12/07 22:27:48 | 02,174,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_lapack32.dll

[2009/12/07 22:27:48 | 02,125,824 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_lapack64.dll

[2009/12/07 22:27:48 | 00,872,448 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll

[2009/12/07 22:27:48 | 00,839,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_vml_p4.dll

[2009/12/07 22:27:48 | 00,532,480 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_vml_p3.dll

[2009/12/07 22:27:48 | 00,512,000 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_vml_def.dll

[2009/12/07 22:27:48 | 00,184,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libguide40.dll

[2009/12/07 22:27:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\BRS

[2009/12/07 22:27:33 | 00,109,144 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2009/12/01 11:25:20 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2009/12/01 11:25:20 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2009/12/01 11:25:20 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2009/11/30 18:02:40 | 00,171,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstall.dll

[2009/11/30 18:02:38 | 00,072,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstallhost.exe

[2009/08/17 14:13:00 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\boxes\AppData\Roaming\pcouffin.sys

[2009/06/03 23:57:38 | 00,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/28 02:37:14 | 08,650,752 | ---- | M] () -- C:\Users\boxes\ntuser.dat

[2009/12/28 02:31:53 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\boxes\Desktop\OTL.exe

[2009/12/28 02:28:14 | 00,000,177 | -H-- | M] () -- C:\dvmexp.idx

[2009/12/28 02:25:44 | 00,717,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2009/12/28 02:25:44 | 00,619,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2009/12/28 02:25:44 | 00,104,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2009/12/28 02:25:20 | 00,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2009/12/28 02:25:20 | 00,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2009/12/28 02:19:14 | 00,000,240 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2009/12/28 02:19:12 | 00,000,282 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

[2009/12/28 02:19:05 | 00,175,616 | ---- | M] () -- C:\Windows\msa.exe

[2009/12/28 02:18:57 | 00,233,472 | ---- | M] () -- C:\Windows\SysWow64\sshnas.dll

[2009/12/28 02:18:49 | 00,081,920 | RHS- | M] (KQROECwW) -- C:\Users\boxes\meelau.exe

[2009/12/28 02:18:06 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2009/12/28 02:18:03 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/12/28 02:18:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/12/28 02:17:56 | 52,987,9039 | -HS- | M] () -- C:\hiberfil.sys

[2009/12/28 00:47:51 | 00,062,260 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000001-00001102-00000005-00211102}.rfx

[2009/12/28 00:47:51 | 00,062,260 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000001-00001102-00000005-00211102}.rfx

[2009/12/28 00:47:51 | 00,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000001-00001102-00000005-00211102}.rfx

[2009/12/28 00:46:55 | 00,081,920 | RHS- | M] (CYFkeTmG) -- C:\Users\boxes\xrraug.exe

[2009/12/27 23:38:06 | 00,081,920 | RHS- | M] (vUnFsLTG) -- C:\Users\boxes\deirus.exe

[2009/12/27 21:52:17 | 00,000,134 | ---- | M] () -- C:\Windows\SysWow64\yKUyPf.bat

[2009/12/27 21:51:33 | 00,000,194 | ---- | M] () -- C:\Windows\SysWow64\ftmYdE.bat

[2009/12/27 21:04:00 | 00,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2009/12/27 20:52:19 | 00,001,037 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009/12/27 20:03:33 | 00,000,036 | ---- | M] () -- C:\Users\boxes\AppData\Local\housecall.guid.cache

[2009/12/27 20:03:04 | 02,180,072 | ---- | M] (Trend Micro) -- C:\Users\boxes\Desktop\HousecallLauncher64.exe

[2009/12/27 19:39:00 | 00,000,967 | ---- | M] () -- C:\Users\boxes\Desktop\Hijackthis.lnk

[2009/12/27 19:04:01 | 00,000,194 | ---- | M] () -- C:\Windows\SysWow64\gvAjOQ.bat

[2009/12/27 18:34:44 | 00,081,920 | RHS- | M] (QfMHzaLt) -- C:\Users\boxes\noaavir.exe

[2009/12/26 21:55:10 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\rhgaq.exe

[2009/12/26 21:52:06 | 00,000,032 | ---- | M] () -- C:\Users\boxes\defogger_reenable

[2009/12/26 21:44:00 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\biixe.exe

[2009/12/26 21:36:59 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\ceehun.exe

[2009/12/26 20:47:02 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\rxpaq.exe

[2009/12/26 20:41:04 | 00,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2009/12/26 20:34:34 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\fccuip.exe

[2009/12/26 16:33:39 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\nouqieg.exe

[2009/12/26 16:26:52 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\xooteu.exe

[2009/12/26 06:40:48 | 00,042,011 | ---- | M] () -- C:\Users\boxes\Desktop\3813.jpg

[2009/12/26 06:29:26 | 00,043,744 | ---- | M] () -- C:\Users\boxes\Desktop\4139.jpg

[2009/12/25 21:52:02 | 00,001,041 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\vso_ts_preview.xml

[2009/12/24 04:19:00 | 00,370,747 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2009/12/23 21:51:52 | 01,357,328 | ---- | M] () -- C:\Users\boxes\Desktop\bump.gif

[2009/12/21 16:57:02 | 00,119,916 | ---- | M] () -- C:\Users\boxes\Desktop\festivus-card.gif

[2009/12/20 09:52:12 | 00,015,058 | ---- | M] () -- C:\Users\boxes\Desktop\tinkywinky.gif

[2009/12/17 23:31:26 | 00,028,097 | ---- | M] () -- C:\Users\boxes\Desktop\kid_is_jabba_the_hut1_400x332.jpg

[2009/12/17 19:17:45 | 00,954,368 | ---- | M] () -- C:\Users\boxes\Documents\Boxes Movies Collection.xls

[2009/12/16 14:56:12 | 00,099,384 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\inst.exe

[2009/12/16 14:56:12 | 00,082,816 | ---- | M] (VSO Software) -- C:\Users\boxes\AppData\Roaming\pcouffin.sys

[2009/12/16 14:56:12 | 00,007,859 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\pcouffin.cat

[2009/12/16 14:56:12 | 00,001,167 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\pcouffin.inf

[2009/12/15 22:15:21 | 00,026,624 | ---- | M] () -- C:\Users\boxes\Documents\Boxes TV Shows Collection.xls

[2009/12/12 17:45:32 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2009/12/07 22:27:33 | 00,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2009/12/07 22:27:33 | 00,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2009/12/07 22:27:33 | 00,122,968 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll

[2009/12/07 22:27:33 | 00,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2009/12/03 17:44:02 | 00,114,688 | RHS- | M] () -- C:\Users\boxes\fumuy.exe

[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2009/12/03 16:13:58 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2009/11/30 18:02:40 | 00,171,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstall.dll

[2009/11/30 18:02:38 | 00,072,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstallhost.exe

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/28 02:19:10 | 00,175,616 | ---- | C] () -- C:\Windows\msa.exe

[2009/12/28 02:19:08 | 00,000,282 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

[2009/12/28 02:19:06 | 00,000,240 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2009/12/28 02:18:55 | 00,233,472 | ---- | C] () -- C:\Windows\SysWow64\sshnas.dll

[2009/12/27 21:52:17 | 00,000,134 | ---- | C] () -- C:\Windows\SysWow64\yKUyPf.bat

[2009/12/27 21:51:33 | 00,000,194 | ---- | C] () -- C:\Windows\SysWow64\ftmYdE.bat

[2009/12/27 20:52:19 | 00,001,037 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009/12/27 20:03:33 | 00,000,036 | ---- | C] () -- C:\Users\boxes\AppData\Local\housecall.guid.cache

[2009/12/27 19:39:00 | 00,000,967 | ---- | C] () -- C:\Users\boxes\Desktop\Hijackthis.lnk

[2009/12/27 19:04:01 | 00,000,194 | ---- | C] () -- C:\Windows\SysWow64\gvAjOQ.bat

[2009/12/26 21:55:10 | 00,053,248 | RHS- | C] () -- C:\Users\boxes\rhgaq.exe

[2009/12/26 21:52:05 | 00,000,032 | ---- | C] () -- C:\Users\boxes\defogger_reenable

[2009/12/26 21:44:00 | 00,053,248 | RHS- | C] () -- C:\Users\boxes\biixe.exe

[2009/12/26 21:36:59 | 00,053,248 | RHS- | C] () -- C:\Users\boxes\ceehun.exe

[2009/12/26 20:47:02 | 00,053,248 | RHS- | C] () -- C:\Users\boxes\rxpaq.exe

[2009/12/26 20:41:04 | 00,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2009/12/26 20:34:34 | 00,053,248 | RHS- | C] () -- C:\Users\boxes\fccuip.exe

[2009/12/26 16:33:39 | 00,053,248 | RHS- | C] () -- C:\Users\boxes\nouqieg.exe

[2009/12/26 16:26:52 | 00,053,248 | RHS- | C] () -- C:\Users\boxes\xooteu.exe

[2009/12/26 16:25:41 | 00,114,688 | RHS- | C] () -- C:\Users\boxes\fumuy.exe

[2009/12/26 06:40:48 | 00,042,011 | ---- | C] () -- C:\Users\boxes\Desktop\3813.jpg

[2009/12/26 06:29:24 | 00,043,744 | ---- | C] () -- C:\Users\boxes\Desktop\4139.jpg

[2009/12/23 21:51:51 | 01,357,328 | ---- | C] () -- C:\Users\boxes\Desktop\bump.gif

[2009/12/21 16:57:01 | 00,119,916 | ---- | C] () -- C:\Users\boxes\Desktop\festivus-card.gif

[2009/12/20 09:52:12 | 00,015,058 | ---- | C] () -- C:\Users\boxes\Desktop\tinkywinky.gif

[2009/12/17 23:31:26 | 00,028,097 | ---- | C] () -- C:\Users\boxes\Desktop\kid_is_jabba_the_hut1_400x332.jpg

[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009/11/06 01:43:38 | 00,000,432 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/10/22 10:00:02 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2009/10/21 23:13:55 | 00,000,333 | ---- | C] () -- C:\Windows\game.ini

[2009/10/14 16:59:14 | 01,833,620 | ---- | C] () -- C:\ProgramData\msinfo.nfo

[2009/09/15 23:02:10 | 00,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/09/15 23:02:10 | 00,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/08/29 19:49:43 | 00,007,602 | ---- | C] () -- C:\Users\boxes\AppData\Local\Resmon.ResmonCfg

[2009/08/20 22:53:51 | 00,003,764 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2009/08/20 22:53:51 | 00,000,088 | RHS- | C] () -- C:\ProgramData\CFFD30D0F9.sys

[2009/08/20 02:43:20 | 00,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

[2009/08/19 04:59:12 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009/08/19 03:03:58 | 00,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2009/08/19 03:03:58 | 00,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009/08/19 02:03:38 | 00,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/08/17 14:49:35 | 00,000,067 | ---- | C] () -- C:\Windows\DVDRegionFree.INI

[2009/08/17 14:13:36 | 00,001,041 | ---- | C] () -- C:\Users\boxes\AppData\Roaming\vso_ts_preview.xml

[2009/08/17 14:13:23 | 00,000,034 | ---- | C] () -- C:\Users\boxes\AppData\Roaming\pcouffin.log

[2009/08/17 14:13:00 | 00,099,384 | ---- | C] () -- C:\Users\boxes\AppData\Roaming\inst.exe

[2009/08/17 14:13:00 | 00,007,859 | ---- | C] () -- C:\Users\boxes\AppData\Roaming\pcouffin.cat

[2009/08/17 14:13:00 | 00,001,167 | ---- | C] () -- C:\Users\boxes\AppData\Roaming\pcouffin.inf

[2009/08/17 13:53:39 | 00,000,026 | ---- | C] () -- C:\Windows\Irremote.ini

[2009/08/17 11:51:41 | 00,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2009/08/17 11:51:41 | 00,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2009/08/17 11:51:38 | 00,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2009/08/17 11:51:38 | 00,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2009/08/17 11:44:28 | 00,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini

[2009/07/13 17:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 15:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/19 19:06:22 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2009/06/04 00:37:08 | 00,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini

[2009/06/04 00:37:06 | 00,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2009/06/03 23:55:20 | 00,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL

[2009/05/27 08:49:00 | 00,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

[2009/05/26 17:38:12 | 00,031,880 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys

[2008/12/01 17:32:32 | 00,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

[2006/03/18 07:16:04 | 00,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2002/10/06 12:42:57 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll

[2002/10/04 17:04:25 | 00,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll

[2002/10/04 17:04:24 | 00,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll

[2002/10/04 17:04:17 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

========== LOP Check ==========

[2009/08/17 15:01:22 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\AceBIT

[2009/08/17 14:36:33 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\Acoustica

[2009/10/25 20:13:51 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\Bioshock

[2009/11/06 01:43:38 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\Bytemobile

[2009/08/31 15:37:52 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\CanuckSoftware

[2009/10/19 15:36:49 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\DAEMON Tools Lite

[2009/12/23 19:59:20 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\E-centives

[2009/12/12 15:06:43 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\Thinstall

[2009/08/30 15:59:59 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\UBitMenu

[2009/12/25 21:52:03 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\Vso

[2009/08/18 00:57:32 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\Wireshark

[2009/12/27 18:53:36 | 00,025,252 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009/12/28 02:19:14 | 00,000,240 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2009/12/28 02:19:12 | 00,000,282 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:DD4DD9B9

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

Here's the Extras.txt info:

OTL Extras logfile created on: 12/28/2009 2:35:41 AM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\boxes\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.00% Memory free

12.00 Gb Paging File | 10.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 69.24 Gb Total Space | 4.73 Gb Free Space | 6.83% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 279.46 Gb Total Space | 254.67 Gb Free Space | 91.13% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive O: | 465.75 Gb Total Space | 251.89 Gb Free Space | 54.08% Space Free | Partition Type: NTFS

Drive P: | 279.46 Gb Total Space | 80.45 Gb Free Space | 28.79% Space Free | Partition Type: NTFS

Computer Name: VINCENTVEGA

Current User Name: boxes

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

chm.file [open] -- "%SystemRoot%\hh.exe" %1

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series

"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode

"{27B84DEC-78D2-E520-4B4F-DB6CE8CEC318}" = ccc-utility64

"{3CC023A9-CE6C-44E5-BB0E-457F84F0B895}" = Sprint SmartView

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{59B4B93D-FC47-4F16-AE8E-CD103F022654}" = Microsoft Security Essentials

"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08

"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware

"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager

"{DE849015-10C0-4B37-A712-C8419834D42F}" = Diskeeper 2009 Pro Premier

"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)

"Microsoft Security Essentials" = Microsoft Security Essentials

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4

"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable

"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine

"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 17

"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite

"{32394A59-A39C-4C90-A9A5-F16B0C7442E1}" = Express Gate Tools

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare 1.4 Patch

"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4

"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician

"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum

"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair

"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Digital Image Suite 2006 Editor

"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis

Link to post
Share on other sites

Right click on OTL and choose Run as Administrator.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKCU..\Run: [fumuy] C:\Users\boxes\fumuy.exe ()
    O4 - HKCU..\Run: [J8RPLTROBQ] C:\Users\boxes\AppData\Local\Temp\c.exe ()
    O4 - HKCU..\Run: [LosAlamos] C:\Windows\SysWow64\sshnas.DLL ()
    O4 - HKCU..\Run: [meelau] C:\Users\boxes\meelau.exe (KQROECwW)
    [2009/12/28 02:18:42 | 00,081,920 | RHS- | C] (KQROECwW) -- C:\Users\boxes\meelau.exe
    [2009/12/28 00:46:47 | 00,081,920 | RHS- | C] (CYFkeTmG) -- C:\Users\boxes\xrraug.exe
    [2009/12/27 23:37:55 | 00,081,920 | RHS- | C] (vUnFsLTG) -- C:\Users\boxes\deirus.exe
    [2009/12/27 18:34:44 | 00,081,920 | RHS- | C] (QfMHzaLt) -- C:\Users\boxes\noaavir.exe
    [2009/12/28 02:19:14 | 00,000,240 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2009/12/28 02:19:12 | 00,000,282 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    [2009/12/28 02:19:05 | 00,175,616 | ---- | M] () -- C:\Windows\msa.exe
    [2009/12/27 21:52:17 | 00,000,134 | ---- | M] () -- C:\Windows\SysWow64\yKUyPf.bat
    [2009/12/27 21:51:33 | 00,000,194 | ---- | M] () -- C:\Windows\SysWow64\ftmYdE.bat
    [2009/12/27 19:04:01 | 00,000,194 | ---- | M] () -- C:\Windows\SysWow64\gvAjOQ.bat
    [2009/12/27 18:34:44 | 00,081,920 | RHS- | M] (QfMHzaLt) -- C:\Users\boxes\noaavir.exe
    [2009/12/26 21:55:10 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\rhgaq.exe
    [2009/12/26 21:44:00 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\biixe.exe
    [2009/12/26 21:36:59 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\ceehun.exe
    [2009/12/26 20:47:02 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\rxpaq.exe
    [2009/12/26 20:34:34 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\fccuip.exe
    [2009/12/26 16:33:39 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\nouqieg.exe
    [2009/12/26 16:26:52 | 00,053,248 | RHS- | M] () -- C:\Users\boxes\xooteu.exe
    [2009/12/16 14:56:12 | 00,099,384 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\inst.exe

    :Commands
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

================================Online scan=================================

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Here is the OTL log info:

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fumuy deleted successfully.

C:\Users\boxes\fumuy.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\J8RPLTROBQ deleted successfully.

C:\Users\boxes\AppData\Local\Temp\c.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LosAlamos deleted successfully.

C:\Windows\SysWOW64\sshnas.dll moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\meelau deleted successfully.

C:\Users\boxes\meelau.exe moved successfully.

File C:\Users\boxes\meelau.exe not found.

C:\Users\boxes\xrraug.exe moved successfully.

C:\Users\boxes\deirus.exe moved successfully.

C:\Users\boxes\noaavir.exe moved successfully.

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.

C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.

C:\Windows\msa.exe moved successfully.

C:\Windows\SysWOW64\yKUyPf.bat moved successfully.

C:\Windows\SysWOW64\ftmYdE.bat moved successfully.

C:\Windows\SysWOW64\gvAjOQ.bat moved successfully.

File C:\Users\boxes\noaavir.exe not found.

C:\Users\boxes\rhgaq.exe moved successfully.

C:\Users\boxes\biixe.exe moved successfully.

C:\Users\boxes\ceehun.exe moved successfully.

C:\Users\boxes\rxpaq.exe moved successfully.

C:\Users\boxes\fccuip.exe moved successfully.

C:\Users\boxes\nouqieg.exe moved successfully.

C:\Users\boxes\xooteu.exe moved successfully.

C:\Users\boxes\AppData\Roaming\inst.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: boxes

->Temp folder emptied: 76286917 bytes

->Temporary Internet Files folder emptied: 58211251 bytes

->Java cache emptied: 39612678 bytes

->FireFox cache emptied: 63049133 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 200704 bytes

%systemroot%\System32 .tmp files removed: 1619120 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

Windows Temp folder emptied: 73089 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51258 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 228.00 mb

OTL by OldTimer - Version 3.1.20.1 log created on 12282009_123403

Files\Folders moved on Reboot...

C:\Users\boxes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\boxes\AppData\Local\Temp\~DF82419A441252B9AB.TMP moved successfully.

C:\Users\boxes\AppData\Local\Mozilla\Firefox\Profiles\i68w4g09.default\Cache\_CACHE_001_ moved successfully.

C:\Users\boxes\AppData\Local\Mozilla\Firefox\Profiles\i68w4g09.default\Cache\_CACHE_002_ moved successfully.

C:\Users\boxes\AppData\Local\Mozilla\Firefox\Profiles\i68w4g09.default\Cache\_CACHE_003_ moved successfully.

C:\Users\boxes\AppData\Local\Mozilla\Firefox\Profiles\i68w4g09.default\Cache\_CACHE_MAP_ moved successfully.

C:\Users\boxes\AppData\Local\Mozilla\Firefox\Profiles\i68w4g09.default\urlclassifier3.sqlite moved successfully.

C:\Users\boxes\AppData\Local\Mozilla\Firefox\Profiles\i68w4g09.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

MBAM log info:

Malwarebytes' Anti-Malware 1.42

Database version: 3446

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/28/2009 5:24:05 PM

mbam-log-2009-12-28 (17-24-05).txt

Scan type: Full Scan (C:\|)

Objects scanned: 237308

Time elapsed: 30 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\LEO0WTUNO7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\J8RPLTROBQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\_OTL\MovedFiles\12282009_123403\C_Windows\SysWOW64\sshnas.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Great how are things running?

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Link to post
Share on other sites

ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-12-29 12:25:38

# local_time=2009-12-28 06:25:38 (-0600, Central Standard Time)

# country="United States"

# lang=9

# osver=6.1.7600 NT

# compatibility_mode=1024 16777215 100 0 4255441 4255441 0 0

# compatibility_mode=5891 16776573 100 100 0 15749167 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=178630

# found=2

# cleaned=2

# scan_time=3108

00000000000000000000000000000000 C

C:\_OTL\MovedFiles\12282009_123403\C_Users\boxes\AppData\Local\Temp\c.exe Win32/TrojanDownloader.FakeAlert.AQX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\12282009_123403\C_Windows\msa.exe Win32/TrojanDownloader.FakeAlert.AFQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Great how are things running?

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Well, I'm guessing that the orginal run fix by OTL did a lot of good. Upon reboot I am no longer having MSE alerts. You'll notice that MBAM and ESET found and deleted some more stuff. I appreciate the help so far. Now, I'm off to run this OTL again. I'll post the new OTL log when I'm finished. :lol:

Link to post
Share on other sites

OTL log info:

OTL logfile created on: 12/28/2009 7:16:34 PM - Run 2

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\boxes\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 51.00% Memory free

12.00 Gb Paging File | 9.00 Gb Available in Paging File | 74.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 69.24 Gb Total Space | 4.80 Gb Free Space | 6.93% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 279.46 Gb Total Space | 254.67 Gb Free Space | 91.13% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive O: | 465.75 Gb Total Space | 251.89 Gb Free Space | 54.08% Space Free | Partition Type: NTFS

Drive P: | 279.46 Gb Total Space | 80.45 Gb Free Space | 28.79% Space Free | Partition Type: NTFS

Computer Name: VINCENTVEGA

Current User Name: boxes

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\boxes\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft)

PRC - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files (x86)\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

PRC - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()

PRC - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()

PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)

PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)

PRC - C:\Program Files (x86)\ASUS\TurboV\TurboV.exe ()

PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)

PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()

PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

PRC - C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM)

PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)

PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()

PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files (x86)\AceBIT\WISE-FTP 5\wf_tp.exe (AceBIT GmbH)

PRC - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)

========== Modules (SafeList) ==========

MOD - C:\Users\boxes\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()

MOD - C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)

SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)

SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)

SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)

SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)

SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)

SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)

SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)

SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)

SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)

SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)

SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)

SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)

SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)

SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)

SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)

SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)

SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)

SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)

SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)

SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)

SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)

SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)

SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)

SRV - (VSS) -- C:\Windows\Vss [2009/07/13 21:20:14 | 00,000,000 | ---D | M]

SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 21:20:14 | 00,000,000 | ---D | M]

SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)

SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (SprintRcAppSvc) -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe (SmithMicro Inc.)

SRV - (CASprint) -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe (SmithMicro Inc.)

SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()

SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

SRV - (MDES) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM)

SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (TryAndDecideService) -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (NMIndexingService) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)

SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()

DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)

DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)

DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)

DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)

DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)

DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)

DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)

DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)

DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)

DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)

DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)

DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)

DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)

DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)

DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)

DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)

DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)

DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)

DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)

DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)

DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)

DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)

DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)

DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)

DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)

DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)

DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)

DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)

DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)

DRV:64bit: - (WinUSB) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)

DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)

DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)

DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)

DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)

DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)

DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)

DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)

DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)

DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)

DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)

DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)

DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)

DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)

DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)

DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)

DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)

DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)

DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)

DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)

DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)

DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)

DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)

DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)

DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (CSC) -- C:\Windows\CSC [2009/08/17 11:42:57 | 00,000,000 | ---D | M]

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (WinUSB) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)

DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)

DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()

DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()

DRV - (tcpipBM) -- C:\Windows\SysWOW64\drivers\tcpipBM.sys (Bytemobile, Inc.)

DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys ()

DRV - (ENTECH64) -- C:\Windows\SysWOW64\drivers\Entech64.sys (EnTech Taiwan)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 5E 64 41 6B 85 CA 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.cnn.com"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 41

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6

FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.0.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/17 10:28:02 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/23 19:59:20 | 00,000,000 | ---D | M]

[2009/08/17 12:06:10 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\Mozilla\Extensions

[2009/08/17 12:06:10 | 00,000,000 | ---D | M] (No name found) -- C:\Users\boxes\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/12/27 21:43:43 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\extensions

[2009/08/17 12:08:43 | 00,000,000 | ---D | M] (Qute) -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}

[2009/12/19 15:42:56 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/08/24 19:13:19 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2009/12/14 12:33:09 | 00,001,626 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\searchplugins\mozilla-add-ons.xml

[2009/12/27 21:43:43 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2009/12/17 10:28:02 | 00,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/08/17 12:47:59 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009/12/01 11:25:20 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2009/12/17 10:28:01 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll

[2009/12/17 10:28:01 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

[2009/12/23 19:59:20 | 00,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll

[2009/12/17 10:28:02 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

[2009/12/16 17:03:36 | 00,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

[2009/08/07 11:44:18 | 00,030,400 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll

[2009/07/30 01:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/07/30 01:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml

[2009/07/30 01:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/07/30 01:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml

[2009/07/30 01:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml

[2009/07/30 01:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (370747 bytes) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123haustiereundmehr.com

O1 - Hosts: 12777 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [soundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)

O4:64bit: - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()

O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()

O4 - HKLM..\Run: [RDVCHG] C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [sprint SmartView] C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe (Sprint)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [TurboV] C:\Program Files (x86)\ASUS\TurboV\TurboV.exe ()

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [CarMD] C:\Program Files (x86)\CarMD\CarMD.exe (CarMD.com Corp)

O4 - HKCU..\Run: [fumuy] C:\Users\boxes\fumuy.exe File not found

O4 - HKCU..\Run: [meelau] C:\Users\boxes\meelau.exe File not found

O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [WISE-FTP Task Planner] C:\Program Files (x86)\AceBIT\WISE-FTP 5\wf_tp.exe (AceBIT GmbH)

O4 - Startup: C:\Users\boxes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15:64bit: - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ipp - No CLSID value found

O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/27 20:46:58 | 00,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - comfile [open] -- "%1" %* File not found

64bit: O35 - exefile [open] -- "%1" %* File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/28 17:32:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2009/12/28 12:33:40 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/12/28 02:31:50 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\boxes\Desktop\OTL.exe

[2009/12/27 20:52:25 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2009/12/27 20:52:17 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Roaming\SUPERAntiSpyware.com

[2009/12/27 20:52:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware

[2009/12/27 20:46:41 | 00,000,000 | ---D | C] -- C:\Autoruns

[2009/12/27 20:19:30 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW

[2009/12/27 20:02:58 | 02,180,072 | ---- | C] (Trend Micro) -- C:\Users\boxes\Desktop\HousecallLauncher64.exe

[2009/12/27 19:38:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hijackthis

[2009/12/27 15:25:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CarMD

[2009/12/27 14:28:02 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Local\CarMD.com_Corp

[2009/12/26 20:41:04 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Roaming\Malwarebytes

[2009/12/26 20:41:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2009/12/26 20:41:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/12/26 20:40:59 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2009/12/26 20:40:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2009/12/26 17:02:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies

[2009/12/23 19:59:20 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Roaming\E-centives

[2009/12/16 22:00:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect

[2009/12/16 17:53:06 | 00,000,000 | ---D | C] -- C:\Windows\Minidump

[2009/12/16 14:56:06 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc1dmod.dll

[2009/12/16 14:56:06 | 00,626,688 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll

[2009/12/15 06:26:04 | 00,000,000 | ---D | C] -- C:\Users\boxes\Documents\Kerry

[2009/12/12 15:06:43 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Roaming\Thinstall

[2009/12/12 15:06:43 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Local\Thinstall

[2009/12/08 14:31:10 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll

[2009/12/08 14:31:10 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll

[2009/12/07 22:29:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Codemasters

[2009/12/07 22:27:48 | 03,485,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_p4.dll

[2009/12/07 22:27:48 | 02,793,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_p3.dll

[2009/12/07 22:27:48 | 02,441,216 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_def.dll

[2009/12/07 22:27:48 | 02,174,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_lapack32.dll

[2009/12/07 22:27:48 | 02,125,824 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_lapack64.dll

[2009/12/07 22:27:48 | 00,872,448 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll

[2009/12/07 22:27:48 | 00,839,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_vml_p4.dll

[2009/12/07 22:27:48 | 00,532,480 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_vml_p3.dll

[2009/12/07 22:27:48 | 00,512,000 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_vml_def.dll

[2009/12/07 22:27:48 | 00,184,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libguide40.dll

[2009/12/07 22:27:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\BRS

[2009/12/07 22:27:33 | 00,109,144 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2009/12/01 11:25:20 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2009/12/01 11:25:20 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2009/12/01 11:25:20 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2009/11/30 18:02:40 | 00,171,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstall.dll

[2009/11/30 18:02:38 | 00,072,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstallhost.exe

[2009/08/17 14:13:00 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\boxes\AppData\Roaming\pcouffin.sys

[2009/06/03 23:57:38 | 00,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

========== Files - Modified Within 30 Days ==========

[2009/12/28 19:17:44 | 08,650,752 | ---- | M] () -- C:\Users\boxes\ntuser.dat

[2009/12/28 19:07:08 | 00,000,177 | -H-- | M] () -- C:\dvmexp.idx

[2009/12/28 19:04:00 | 00,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2009/12/28 18:04:01 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2009/12/28 17:33:15 | 00,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2009/12/28 17:33:15 | 00,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2009/12/28 17:30:42 | 00,717,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2009/12/28 17:30:42 | 00,619,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2009/12/28 17:30:42 | 00,104,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2009/12/28 17:25:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/12/28 17:25:52 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/12/28 17:25:48 | 52,987,9039 | -HS- | M] () -- C:\hiberfil.sys

[2009/12/28 17:24:40 | 00,062,260 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000001-00001102-00000005-00211102}.rfx

[2009/12/28 17:24:40 | 00,062,260 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000001-00001102-00000005-00211102}.rfx

[2009/12/28 17:24:40 | 00,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000001-00001102-00000005-00211102}.rfx

[2009/12/28 12:37:34 | 00,974,954 | -H-- | M] () -- C:\Users\boxes\AppData\Local\IconCache.db

[2009/12/28 02:31:53 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\boxes\Desktop\OTL.exe

[2009/12/27 20:52:19 | 00,001,037 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009/12/27 20:03:33 | 00,000,036 | ---- | M] () -- C:\Users\boxes\AppData\Local\housecall.guid.cache

[2009/12/27 20:03:04 | 02,180,072 | ---- | M] (Trend Micro) -- C:\Users\boxes\Desktop\HousecallLauncher64.exe

[2009/12/27 19:39:00 | 00,000,967 | ---- | M] () -- C:\Users\boxes\Desktop\Hijackthis.lnk

[2009/12/26 21:52:06 | 00,000,032 | ---- | M] () -- C:\Users\boxes\defogger_reenable

[2009/12/26 20:41:04 | 00,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2009/12/26 06:40:48 | 00,042,011 | ---- | M] () -- C:\Users\boxes\Desktop\3813.jpg

[2009/12/26 06:29:26 | 00,043,744 | ---- | M] () -- C:\Users\boxes\Desktop\4139.jpg

[2009/12/25 21:52:02 | 00,001,041 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\vso_ts_preview.xml

[2009/12/24 04:19:00 | 00,370,747 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2009/12/23 21:51:52 | 01,357,328 | ---- | M] () -- C:\Users\boxes\Desktop\bump.gif

[2009/12/21 16:57:02 | 00,119,916 | ---- | M] () -- C:\Users\boxes\Desktop\festivus-card.gif

[2009/12/20 09:52:12 | 00,015,058 | ---- | M] () -- C:\Users\boxes\Desktop\tinkywinky.gif

[2009/12/17 23:31:26 | 00,028,097 | ---- | M] () -- C:\Users\boxes\Desktop\kid_is_jabba_the_hut1_400x332.jpg

[2009/12/17 19:17:45 | 00,954,368 | ---- | M] () -- C:\Users\boxes\Documents\Boxes Movies Collection.xls

[2009/12/16 14:56:12 | 00,082,816 | ---- | M] (VSO Software) -- C:\Users\boxes\AppData\Roaming\pcouffin.sys

[2009/12/16 14:56:12 | 00,007,859 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\pcouffin.cat

[2009/12/16 14:56:12 | 00,001,167 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\pcouffin.inf

[2009/12/15 22:15:21 | 00,026,624 | ---- | M] () -- C:\Users\boxes\Documents\Boxes TV Shows Collection.xls

[2009/12/12 17:45:32 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2009/12/07 22:27:33 | 00,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2009/12/07 22:27:33 | 00,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2009/12/07 22:27:33 | 00,122,968 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll

[2009/12/07 22:27:33 | 00,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2009/12/03 16:13:58 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2009/11/30 18:02:40 | 00,171,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstall.dll

[2009/11/30 18:02:38 | 00,072,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstallhost.exe

========== Files Created - No Company Name ==========

[2009/12/27 20:52:19 | 00,001,037 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009/12/27 20:03:33 | 00,000,036 | ---- | C] () -- C:\Users\boxes\AppData\Local\housecall.guid.cache

[2009/12/27 19:39:00 | 00,000,967 | ---- | C] () -- C:\Users\boxes\Desktop\Hijackthis.lnk

[2009/12/26 21:52:05 | 00,000,032 | ---- | C] () -- C:\Users\boxes\defogger_reenable

[2009/12/26 20:41:04 | 00,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2009/12/26 06:40:48 | 00,042,011 | ---- | C] () -- C:\Users\boxes\Desktop\3813.jpg

[2009/12/26 06:29:24 | 00,043,744 | ---- | C] () -- C:\Users\boxes\Desktop\4139.jpg

[2009/12/23 21:51:51 | 01,357,328 | ---- | C] () -- C:\Users\boxes\Desktop\bump.gif

[2009/12/21 16:57:01 | 00,119,916 | ---- | C] () -- C:\Users\boxes\Desktop\festivus-card.gif

[2009/12/20 09:52:12 | 00,015,058 | ---- | C] () -- C:\Users\boxes\Desktop\tinkywinky.gif

[2009/12/17 23:31:26 | 00,028,097 | ---- | C] () -- C:\Users\boxes\Desktop\kid_is_jabba_the_hut1_400x332.jpg

[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009/11/06 01:43:38 | 00,000,432 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/10/22 10:00:02 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2009/10/21 23:13:55 | 00,000,333 | ---- | C] () -- C:\Windows\game.ini

[2009/10/14 16:59:14 | 01,833,620 | ---- | C] () -- C:\ProgramData\msinfo.nfo

[2009/09/15 23:02:10 | 00,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/09/15 23:02:10 | 00,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/08/29 19:49:43 | 00,007,602 | ---- | C] () -- C:\Users\boxes\AppData\Local\Resmon.ResmonCfg

[2009/08/20 22:53:51 | 00,003,764 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2009/08/20 22:53:51 | 00,000,088 | RHS- | C] () -- C:\ProgramData\CFFD30D0F9.sys

[2009/08/20 02:43:20 | 00,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

[2009/08/19 04:59:12 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009/08/19 03:03:58 | 00,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2009/08/19 03:03:58 | 00,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009/08/19 02:03:38 | 00,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/08/17 14:49:35 | 00,000,067 | ---- | C] () -- C:\Windows\DVDRegionFree.INI

[2009/08/17 14:13:36 | 00,001,041 | ---- | C] () -- C:\Users\boxes\AppData\Roaming\vso_ts_preview.xml

[2009/08/17 14:13:23 | 00,000,034 | ---- | C] () -- C:\Users\boxes\AppData\Roaming\pcouffin.log

[2009/08/17 14:13:00 | 00,007,859 | ---- | C] () -- C:\Users\boxes\AppData\Roaming\pcouffin.cat

[2009/08/17 14:13:00 | 00,001,167 | ---- | C] () -- C:\Users\boxes\AppData\Roaming\pcouffin.inf

[2009/08/17 13:53:39 | 00,000,026 | ---- | C] () -- C:\Windows\Irremote.ini

[2009/08/17 11:51:41 | 00,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2009/08/17 11:51:41 | 00,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2009/08/17 11:51:38 | 00,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2009/08/17 11:51:38 | 00,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2009/08/17 11:44:28 | 00,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini

[2009/07/13 17:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 15:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/19 19:06:22 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2009/06/04 00:37:08 | 00,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini

[2009/06/04 00:37:06 | 00,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2009/06/03 23:55:20 | 00,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL

[2009/05/27 08:49:00 | 00,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

[2009/05/26 17:38:12 | 00,031,880 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys

[2008/12/01 17:32:32 | 00,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

[2006/03/18 07:16:04 | 00,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2002/10/06 12:42:57 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll

[2002/10/04 17:04:25 | 00,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll

[2002/10/04 17:04:24 | 00,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll

[2002/10/04 17:04:17 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:DD4DD9B9

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

Please open up Notepad and copy all of the items in the code box below.

Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"fumuy"=-
"meelau"=-

Now double-click fixthis.reg.

A window will come up asking if you want to let it merge with the registry.

Click yes.

Reboot for the changes to take place and post one mpre OTL log same instructions as before.

Link to post
Share on other sites

OTL log info:

OTL logfile created on: 12/29/2009 9:56:43 AM - Run 3

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\boxes\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 70.00% Memory free

12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 69.24 Gb Total Space | 3.48 Gb Free Space | 5.02% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 279.46 Gb Total Space | 254.76 Gb Free Space | 91.16% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive O: | 465.75 Gb Total Space | 251.89 Gb Free Space | 54.08% Space Free | Partition Type: NTFS

Drive P: | 279.46 Gb Total Space | 80.45 Gb Free Space | 28.79% Space Free | Partition Type: NTFS

Computer Name: VINCENTVEGA

Current User Name: boxes

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\boxes\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft)

PRC - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files (x86)\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

PRC - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()

PRC - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()

PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)

PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)

PRC - C:\Program Files (x86)\ASUS\TurboV\TurboV.exe ()

PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)

PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()

PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

PRC - C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM)

PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)

PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()

PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files (x86)\AceBIT\WISE-FTP 5\wf_tp.exe (AceBIT GmbH)

PRC - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)

========== Modules (SafeList) ==========

MOD - C:\Users\boxes\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()

MOD - C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)

SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)

SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)

SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)

SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)

SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)

SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)

SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)

SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)

SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)

SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)

SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)

SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)

SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)

SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)

SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)

SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)

SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)

SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)

SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)

SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)

SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)

SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)

SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)

SRV - (VSS) -- C:\Windows\Vss [2009/07/13 21:20:14 | 00,000,000 | ---D | M]

SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 21:20:14 | 00,000,000 | ---D | M]

SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)

SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (SprintRcAppSvc) -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe (SmithMicro Inc.)

SRV - (CASprint) -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe (SmithMicro Inc.)

SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()

SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

SRV - (MDES) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM)

SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (TryAndDecideService) -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (NMIndexingService) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)

SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()

DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)

DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)

DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)

DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)

DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)

DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)

DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)

DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)

DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)

DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)

DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)

DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)

DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)

DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)

DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)

DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)

DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)

DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)

DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)

DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)

DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)

DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)

DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)

DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)

DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)

DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)

DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)

DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)

DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)

DRV:64bit: - (WinUSB) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)

DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)

DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)

DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)

DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)

DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)

DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)

DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)

DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)

DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)

DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)

DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)

DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)

DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)

DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)

DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)

DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)

DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)

DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)

DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)

DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)

DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)

DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)

DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)

DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (CSC) -- C:\Windows\CSC [2009/08/17 11:42:57 | 00,000,000 | ---D | M]

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (WinUSB) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)

DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)

DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()

DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()

DRV - (tcpipBM) -- C:\Windows\SysWOW64\drivers\tcpipBM.sys (Bytemobile, Inc.)

DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys ()

DRV - (ENTECH64) -- C:\Windows\SysWOW64\drivers\Entech64.sys (EnTech Taiwan)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 5E 64 41 6B 85 CA 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.cnn.com"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 41

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6

FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.0.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/17 10:28:02 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/23 19:59:20 | 00,000,000 | ---D | M]

[2009/08/17 12:06:10 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\Mozilla\Extensions

[2009/08/17 12:06:10 | 00,000,000 | ---D | M] (No name found) -- C:\Users\boxes\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/12/28 21:57:59 | 00,000,000 | ---D | M] -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\extensions

[2009/08/17 12:08:43 | 00,000,000 | ---D | M] (Qute) -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}

[2009/12/19 15:42:56 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/08/24 19:13:19 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2009/12/14 12:33:09 | 00,001,626 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\Mozilla\Firefox\Profiles\i68w4g09.default\searchplugins\mozilla-add-ons.xml

[2009/12/28 21:57:59 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2009/12/17 10:28:02 | 00,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/08/17 12:47:59 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009/12/01 11:25:20 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2009/12/17 10:28:01 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll

[2009/12/17 10:28:01 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

[2009/12/23 19:59:20 | 00,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll

[2009/12/17 10:28:02 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

[2009/12/16 17:03:36 | 00,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

[2009/08/07 11:44:18 | 00,030,400 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll

[2009/07/30 01:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/07/30 01:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml

[2009/07/30 01:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/07/30 01:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml

[2009/07/30 01:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml

[2009/07/30 01:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (370747 bytes) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123haustiereundmehr.com

O1 - Hosts: 12777 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [soundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)

O4:64bit: - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()

O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()

O4 - HKLM..\Run: [RDVCHG] C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [sprint SmartView] C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe (Sprint)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [TurboV] C:\Program Files (x86)\ASUS\TurboV\TurboV.exe ()

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [CarMD] C:\Program Files (x86)\CarMD\CarMD.exe (CarMD.com Corp)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [WISE-FTP Task Planner] C:\Program Files (x86)\AceBIT\WISE-FTP 5\wf_tp.exe (AceBIT GmbH)

O4 - Startup: C:\Users\boxes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15:64bit: - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ipp - No CLSID value found

O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/27 20:46:58 | 00,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - comfile [open] -- "%1" %* File not found

64bit: O35 - exefile [open] -- "%1" %* File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/28 12:33:40 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/12/28 02:31:50 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\boxes\Desktop\OTL.exe

[2009/12/27 20:52:25 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2009/12/27 20:52:17 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Roaming\SUPERAntiSpyware.com

[2009/12/27 20:52:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware

[2009/12/27 20:46:41 | 00,000,000 | ---D | C] -- C:\Autoruns

[2009/12/27 20:19:30 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW

[2009/12/27 20:02:58 | 02,180,072 | ---- | C] (Trend Micro) -- C:\Users\boxes\Desktop\HousecallLauncher64.exe

[2009/12/27 19:38:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hijackthis

[2009/12/27 15:25:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CarMD

[2009/12/27 14:28:02 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Local\CarMD.com_Corp

[2009/12/26 20:41:04 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Roaming\Malwarebytes

[2009/12/26 20:41:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2009/12/26 20:41:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/12/26 20:40:59 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2009/12/26 20:40:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2009/12/26 17:02:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies

[2009/12/23 19:59:20 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Roaming\E-centives

[2009/12/16 22:00:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect

[2009/12/16 17:53:06 | 00,000,000 | ---D | C] -- C:\Windows\Minidump

[2009/12/16 14:56:06 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc1dmod.dll

[2009/12/16 14:56:06 | 00,626,688 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll

[2009/12/15 06:26:04 | 00,000,000 | ---D | C] -- C:\Users\boxes\Documents\Kerry

[2009/12/12 15:06:43 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Roaming\Thinstall

[2009/12/12 15:06:43 | 00,000,000 | ---D | C] -- C:\Users\boxes\AppData\Local\Thinstall

[2009/12/08 14:31:10 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll

[2009/12/08 14:31:10 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll

[2009/12/07 22:29:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Codemasters

[2009/12/07 22:27:48 | 03,485,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_p4.dll

[2009/12/07 22:27:48 | 02,793,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_p3.dll

[2009/12/07 22:27:48 | 02,441,216 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_def.dll

[2009/12/07 22:27:48 | 02,174,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_lapack32.dll

[2009/12/07 22:27:48 | 02,125,824 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_lapack64.dll

[2009/12/07 22:27:48 | 00,872,448 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll

[2009/12/07 22:27:48 | 00,839,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_vml_p4.dll

[2009/12/07 22:27:48 | 00,532,480 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_vml_p3.dll

[2009/12/07 22:27:48 | 00,512,000 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mkl_vml_def.dll

[2009/12/07 22:27:48 | 00,184,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libguide40.dll

[2009/12/07 22:27:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\BRS

[2009/12/07 22:27:33 | 00,109,144 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2009/12/01 11:25:20 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2009/12/01 11:25:20 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2009/12/01 11:25:20 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2009/11/30 18:02:40 | 00,171,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstall.dll

[2009/11/30 18:02:38 | 00,072,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstallhost.exe

[2009/08/17 14:13:00 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\boxes\AppData\Roaming\pcouffin.sys

[2009/06/03 23:57:38 | 00,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

========== Files - Modified Within 30 Days ==========

[2009/12/29 09:57:29 | 00,717,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2009/12/29 09:57:29 | 00,619,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2009/12/29 09:57:29 | 00,104,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2009/12/29 09:52:30 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2009/12/29 09:52:24 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/12/29 09:52:18 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/12/29 09:52:13 | 52,987,9039 | -HS- | M] () -- C:\hiberfil.sys

[2009/12/29 09:51:11 | 00,062,260 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000001-00001102-00000005-00211102}.rfx

[2009/12/29 09:51:11 | 00,062,260 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000001-00001102-00000005-00211102}.rfx

[2009/12/29 09:51:11 | 00,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000001-00001102-00000005-00211102}.rfx

[2009/12/29 09:51:07 | 00,000,177 | -H-- | M] () -- C:\dvmexp.idx

[2009/12/29 09:51:01 | 08,650,752 | ---- | M] () -- C:\Users\boxes\ntuser.dat

[2009/12/29 09:49:55 | 01,007,894 | -H-- | M] () -- C:\Users\boxes\AppData\Local\IconCache.db

[2009/12/29 09:04:00 | 00,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2009/12/29 01:50:24 | 00,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2009/12/29 01:50:24 | 00,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2009/12/28 02:31:53 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\boxes\Desktop\OTL.exe

[2009/12/27 20:52:19 | 00,001,037 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009/12/27 20:03:33 | 00,000,036 | ---- | M] () -- C:\Users\boxes\AppData\Local\housecall.guid.cache

[2009/12/27 20:03:04 | 02,180,072 | ---- | M] (Trend Micro) -- C:\Users\boxes\Desktop\HousecallLauncher64.exe

[2009/12/27 19:39:00 | 00,000,967 | ---- | M] () -- C:\Users\boxes\Desktop\Hijackthis.lnk

[2009/12/26 21:52:06 | 00,000,032 | ---- | M] () -- C:\Users\boxes\defogger_reenable

[2009/12/26 20:41:04 | 00,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2009/12/26 06:40:48 | 00,042,011 | ---- | M] () -- C:\Users\boxes\Desktop\3813.jpg

[2009/12/26 06:29:26 | 00,043,744 | ---- | M] () -- C:\Users\boxes\Desktop\4139.jpg

[2009/12/25 21:52:02 | 00,001,041 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\vso_ts_preview.xml

[2009/12/24 04:19:00 | 00,370,747 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2009/12/23 21:51:52 | 01,357,328 | ---- | M] () -- C:\Users\boxes\Desktop\bump.gif

[2009/12/21 16:57:02 | 00,119,916 | ---- | M] () -- C:\Users\boxes\Desktop\festivus-card.gif

[2009/12/20 09:52:12 | 00,015,058 | ---- | M] () -- C:\Users\boxes\Desktop\tinkywinky.gif

[2009/12/17 23:31:26 | 00,028,097 | ---- | M] () -- C:\Users\boxes\Desktop\kid_is_jabba_the_hut1_400x332.jpg

[2009/12/17 19:17:45 | 00,954,368 | ---- | M] () -- C:\Users\boxes\Documents\Boxes Movies Collection.xls

[2009/12/16 14:56:12 | 00,082,816 | ---- | M] (VSO Software) -- C:\Users\boxes\AppData\Roaming\pcouffin.sys

[2009/12/16 14:56:12 | 00,007,859 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\pcouffin.cat

[2009/12/16 14:56:12 | 00,001,167 | ---- | M] () -- C:\Users\boxes\AppData\Roaming\pcouffin.inf

[2009/12/15 22:15:21 | 00,026,624 | ---- | M] () -- C:\Users\boxes\Documents\Boxes TV Shows Collection.xls

[2009/12/12 17:45:32 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2009/12/07 22:27:33 | 00,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2009/12/07 22:27:33 | 00,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2009/12/07 22:27:33 | 00,122,968 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll

[2009/12/07 22:27:33 | 00,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2009/12/03 16:13:58 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2009/11/30 18:02:40 | 00,171,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstall.dll

[2009/11/30 18:02:38 | 00,072,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstallhost.exe

========== Files Created - No Company Name ==========

[2009/12/27 20:52:19 | 00,001,037 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009/12/27 20:03:33 | 00,000,036 | ---- | C] () -- C:\Users\boxes\AppData\Local\housecall.guid.cache

[2009/12/27 19:39:00 | 00,000,967 | ---- | C] () -- C:\Users\boxes\Desktop\Hijackthis.lnk

[2009/12/26 21:52:05 | 00,000,032 | ---- | C] () -- C:\Users\boxes\defogger_reenable

[2009/12/26 20:41:04 | 00,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2009/12/26 06:40:48 | 00,042,011 | ---- | C] () -- C:\Users\boxes\Desktop\3813.jpg

[2009/12/26 06:29:24 | 00,043,744 | ---- | C] () -- C:\Users\boxes\Desktop\4139.jpg

[2009/12/23 21:51:51 | 01,357,328 | ---- | C] () -- C:\Users\boxes\Desktop\bump.gif

[2009/12/21 16:57:01 | 00,119,916 | ---- | C] () -- C:\Users\boxes\Desktop\festivus-card.gif

[2009/12/20 09:52:12 | 00,015,058 | ---- | C] () -- C:\Users\boxes\Desktop\tinkywinky.gif

[2009/12/17 23:31:26 | 00,028,097 | ---- | C] () -- C:\Users\boxes\Desktop\kid_is_jabba_the_hut1_400x332.jpg

[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009/11/06 01:43:38 | 00,000,432 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/10/22 10:00:02 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2009/10/21 23:13:55 | 00,000,333 | ---- | C] () -- C:\Windows\game.ini

[2009/10/14 16:59:14 | 01,833,620 | ---- | C] () -- C:\ProgramData\msinfo.nfo

[2009/09/15 23:02:10 | 00,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/09/15 23:02:10 | 00,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/08/29 19:49:43 | 00,007,602 | ---- | C] () -- C:\Users\boxes\AppData\Local\Resmon.ResmonCfg

[2009/08/20 22:53:51 | 00,003,764 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2009/08/20 22:53:51 | 00,000,088 | RHS- | C] () -- C:\ProgramData\CFFD30D0F9.sys

[2009/08/20 02:43:20 | 00,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

[2009/08/19 04:59:12 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009/08/19 03:03:58 | 00,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2009/08/19 03:03:58 | 00,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009/08/19 02:03:38 | 00,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/08/17 14:49:35 | 00,000,067 | ---- | C] () -- C:\Windows\DVDRegionFree.INI

[2009/08/17 14:13:36 | 00,001,041 | ---- | C] () -- C:\Users\boxes\AppData\Roaming\vso_ts_preview.xml

[2009/08/17 14:13:23 | 00,000,034 | ---- | C] () -- C:\Users\boxes\AppData\Roaming\pcouffin.log

[2009/08/17 14:13:00 | 00,007,859 | ---- | C] () -- C:\Users\boxes\AppData\Roaming\pcouffin.cat

[2009/08/17 14:13:00 | 00,001,167 | ---- | C] () -- C:\Users\boxes\AppData\Roaming\pcouffin.inf

[2009/08/17 13:53:39 | 00,000,026 | ---- | C] () -- C:\Windows\Irremote.ini

[2009/08/17 11:51:41 | 00,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2009/08/17 11:51:41 | 00,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2009/08/17 11:51:38 | 00,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2009/08/17 11:51:38 | 00,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2009/08/17 11:44:28 | 00,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini

[2009/07/13 17:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 15:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/19 19:06:22 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2009/06/04 00:37:08 | 00,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini

[2009/06/04 00:37:06 | 00,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2009/06/03 23:55:20 | 00,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL

[2009/05/27 08:49:00 | 00,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

[2009/05/26 17:38:12 | 00,031,880 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys

[2008/12/01 17:32:32 | 00,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

[2006/03/18 07:16:04 | 00,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2002/10/06 12:42:57 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll

[2002/10/04 17:04:25 | 00,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll

[2002/10/04 17:04:24 | 00,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll

[2002/10/04 17:04:17 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:DD4DD9B9

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

======Cleanup======

  • Download OTC to your desktop and run it
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Link to post
Share on other sites

Thanks again. I work on computers for a living, but have never encountered something this malicious. SBS&D, MBAM and whatever AV usually handles any problems I encounter. Is there a tutorial that I can learn how to use the techniques you used in assisting me? I have used HiJackThis before, but had not used OTL.

Link to post
Share on other sites

Yes I went through my training some time ago here:

http://www.geekstogo.com/forum/Would-you-l...ware-t4817.html

You can go through the training program there to learn about those items.

==============

You are welcome ;)

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :lol:

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.