help me please

cyberbemon · June 19, 2010

hey guys i've been having a strange problem with my laptop.Recently i decided to do my weekly computer scan.I used malwarebytes and found a keylogger cerebreus.exe and 2 other infected files, malware bytes successfully removed it..but now i get messages from my antivirus (eset smart security 4.0) that it has blocked few infilitration attempts and quarentined few trojans

 1324 update.exe	Win32/Spatet.C trojan

and when i looked at more inforamtion i got this

Event occurred during an attempt to access the file by the application: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe.

there is also one from hostyourvirus.net the name of the virus is a long random number followed by .exe..i scaned last night with malwarebytes but it didn't find anything..but eset has blocked 3 infilitration attempts..i also used threat fire to scan for infilitration but it said there is nothing wrong..can anyone please help me..i have the hijackthis log..shud i post it now?

here is the screenshot from eset smart security log..

Uploaded with ImageShack.us

SweetTech · June 19, 2010

Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have destructive effects.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

OTL Custom Scan

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\user32.dll /md5

%systemroot%\system32\ws2_32.dll /md5

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /180

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.

NEXT:

Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.

-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

NEXT:

Please make sure you include the following items in your next post:

1.

Any comments or questions you may have that you'd like for me to answer in my next post to you.

2.

The logs that were produced after running the OTL scans.

(OTL.txt & Extras.txt)

3.

The log that was produced after running GMER

4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

cyberbemon · June 19, 2010

thank you sooo much for your reply..i'll do these ASAP and post them immediately

cyberbemon · June 20, 2010

Here is the OTL log Part 1

OTL logfile created on: 20/06/2010 01:21:40 - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\CYBERBEMON\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 232.88 Gb Total Space | 94.22 Gb Free Space | 40.46% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CYBERBEMON-PC

Current User Name: CYBERBEMON

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\CYBERBEMON\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()

PRC - C:\Users\CYBERBEMON\AppData\Roaming\Update\Windows Update.exe (Microsoft

cyberbemon · June 20, 2010

Here is the OTL log Part 1

OTL logfile created on: 20/06/2010 01:21:40 - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\CYBERBEMON\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 232.88 Gb Total Space | 94.22 Gb Free Space | 40.46% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CYBERBEMON-PC

Current User Name: CYBERBEMON

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\CYBERBEMON\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()

PRC - C:\Users\CYBERBEMON\AppData\Roaming\Update\Windows Update.exe (Microsoft

cyberbemon · June 20, 2010

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe ()

PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)

PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)

PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)

PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)

PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)

PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)

PRC - C:\Program Files (x86)\JustVoip.com\JustVoip\JustVoip.exe (JustVoip)

PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)

PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\KatMouse\KatMouse.exe ()

PRC - C:\Downloads\AlwaysOnTopMaker\AlwaysOnTopMaker.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\CYBERBEMON\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files (x86)\ThreatFire\TFWAH.dll (PC Tools)

MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)

SRV:64bit: - (mi-raysat_3dsmax2011_64) -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe ()

SRV:64bit: - (HFGService) -- C:\Windows\SysNative\HFGService.dll (CSR, plc)

SRV:64bit: - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)

SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)

SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)

SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)

SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)

SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)

SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)

SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)

SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)

SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)

SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)

SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)

SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)

SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)

SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)

SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)

SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)

SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)

SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)

SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)

SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)

SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)

SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)

SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)

SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)

SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)

SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)

SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)

SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\rswin_3697.dll ()

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)

SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)

SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)

SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)

SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)

SRV - (VSS) -- C:\Windows\Vss [2009/07/14 04:20:14 | 000,000,000 | ---D | M]

SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 04:20:14 | 000,000,000 | ---D | M]

SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)

SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()

SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)

SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()

DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)

DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)

DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)

DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)

DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)

DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)

DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)

DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)

DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)

DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)

DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)

DRV:64bit: - (Epfwndis) -- C:\Windows\SysNative\drivers\epfwndis.sys (ESET)

DRV:64bit: - (BthAudioHF) -- C:\Windows\SysNative\drivers\BthAudioHF.sys (CSR, plc)

DRV:64bit: - (csr_a2dp) -- C:\Windows\SysNative\drivers\bthav.sys (CSR, plc)

DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)

DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)

DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)

DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)

DRV:64bit: - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET)

DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)

DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)

DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)

DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)

DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)

DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)

DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)

DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)

DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)

DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)

DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)

DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)

DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)

DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)

DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)

DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)

DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)

DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)

DRV:64bit: - (vwifimp) -- C:\Windows\SysNative\drivers\vwifimp.sys (Microsoft Corporation)

DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)

DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)

DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)

DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)

DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)

DRV:64bit: - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation)

DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation)

DRV:64bit: - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation)

DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation)

DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation)

DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)

DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)

DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)

DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)

DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)

DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)

DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)

DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)

DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)

DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)

DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)

DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)

DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)

DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)

DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)

DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)

DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)

DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)

DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)

DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV:64bit: - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo)

DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)

DRV:64bit: - (dmodusb) -- C:\Windows\SysNative\drivers\dmodusb.sys (Windows ® Codename Longhorn DDK provider)

DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)

DRV:64bit: - (SaiH0004) -- C:\Windows\SysNative\drivers\SaiH0004.sys (Saitek)

DRV:64bit: - (SaiU0004) -- C:\Windows\SysNative\drivers\SaiU0004.sys (Saitek)

DRV:64bit: - (SaiL0004) -- C:\Windows\SysNative\drivers\SaiL0004.sys (Saitek)

DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (CSC) -- C:\Windows\CSC [2010/01/30 17:19:57 | 000,000,000 | ---D | M]

DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)

DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)

DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()

DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

DRV - (adfs) -- C:\Windows\SysWOW64\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (XilinxPC4Driver) -- C:\Windows\System32\drivers\xpc4drvr.sys (Xilinx, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 A1 F0 33 97 FD CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.selectedEngine: "Amazon.co.uk"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3

FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64

FF - prefs.js..extensions.enabledItems: {3eba6510-7445-11db-9fe1-0800200c9a66}:0.1-public_beta-3

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0

FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/03 07:57:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/25 00:43:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/30 21:08:49 | 000,000,000 | ---D | M]

[2010/05/30 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Extensions

[2010/05/30 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2010/06/19 14:38:45 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions

[2010/03/28 23:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\{3eba6510-7445-11db-9fe1-0800200c9a66}

[2010/05/07 18:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2010/05/16 17:50:54 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\battlefieldheroespatcher@ea.com

[2010/05/07 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\firebug@software.joehewitt.com

[2010/05/07 18:56:41 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\personas@christopher.beard

[2010/01/31 01:29:43 | 000,002,163 | ---- | M] () -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\searchplugins\bing.xml

[2010/02/21 22:49:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/03/03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll

[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)

O4:64bit: - HKLM..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)

O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [PlayNC Launcher] File not found

O4 - HKCU..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe ()

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKCU..\Run: [update] C:\Users\CYBERBEMON\AppData\Roaming\Update\Windows Update.exe (Microsoft

cyberbemon · June 20, 2010

O4 - Startup: C:\Users\CYBERBEMON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)

O4 - Startup: C:\Users\CYBERBEMON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk = C:\Program Files (x86)\KatMouse\KatMouse.exe ()

O4 - Startup: C:\Users\CYBERBEMON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: sysinfo = C:\Windows\system32\Cerberus\server.exe File not found

O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()

O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()

O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()

O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()

O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/22 13:12:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O33 - MountPoints2\{cc065376-0dbb-11df-9f6f-00269e1a92cd}\Shell - "" = AutoRun

O33 - MountPoints2\{cc065376-0dbb-11df-9f6f-00269e1a92cd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/14 04:20:14 | 000,000,000 | ---D | M]

NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)

NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)

NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)

NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)

NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)

Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: mixer2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)

Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)

Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)

Drivers32:64bit: MSVideo8 - C:\Windows\SysNative\vfwwdm32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.IYUV - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.UYVY - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.YUY2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.YVU9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.YVYU - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)

Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wave2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/06/19 23:22:12 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\CYBERBEMON\Desktop\OTL.exe

[2010/06/19 01:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010/06/19 01:19:32 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys

[2010/06/19 01:19:32 | 000,059,880 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys

[2010/06/19 01:19:32 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys

[2010/06/19 01:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire

[2010/06/19 01:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2010/06/17 20:24:08 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\AppData\Local\Electronic Arts

[2010/06/17 17:25:25 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Documents\Electronic Arts

[2010/06/17 17:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts

[2010/06/17 16:49:39 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Desktop\3ds max

[2010/06/17 15:00:27 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\AppData\Roaming\Raptr

[2010/06/17 15:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr

[2010/06/13 23:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mektek.net

[2010/06/11 22:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM

[2010/06/10 12:13:07 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll

[2010/06/10 12:13:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll

[2010/06/10 12:12:35 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll

[2010/06/10 12:12:34 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll

[2010/06/10 12:12:34 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll

[2010/06/10 12:12:31 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll

[2010/06/10 12:12:30 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll

[2010/06/10 12:12:29 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll

[2010/06/10 12:12:29 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll

[2010/06/10 12:12:28 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll

[2010/06/10 12:12:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll

[2010/06/10 12:12:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll

[2010/06/10 12:12:21 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2010/06/10 12:12:21 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2010/06/10 12:12:20 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2010/06/10 12:12:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2010/06/08 18:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies

[2010/05/30 15:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire

[2010/05/29 23:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAM Def XT

[2010/05/28 23:40:42 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Documents\3dsMax

[2010/05/26 21:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 5

[2010/05/26 21:16:42 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Desktop\guitar pro

[2010/05/25 03:00:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2010/05/25 03:00:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2010/05/23 13:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock

[2010/05/23 13:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epic Games

[2010/05/22 17:39:19 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\AppData\Local\Autodesk

[2010/05/22 13:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared

[2010/05/22 13:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk

[2010/05/22 13:47:34 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Documents\Inventor

[2010/05/22 13:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared

[2010/05/22 13:37:32 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll

[2010/05/22 13:37:32 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll

[2010/05/22 13:37:32 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll

[2010/05/22 13:37:32 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll

[2010/05/22 13:37:29 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll

[2010/05/22 13:37:29 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll

[2010/05/22 13:22:55 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\AppData\Roaming\Autodesk

[2010/05/22 13:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk

[2010/05/22 13:12:44 | 000,000,000 | ---D | C] -- C:\Autodesk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/20 01:28:42 | 003,670,016 | -HS- | M] () -- C:\Users\CYBERBEMON\NTUSER.DAT

[2010/06/20 00:30:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4136707411-3201393476-1182888075-1000UA.job

[2010/06/19 23:22:23 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\CYBERBEMON\Desktop\OTL.exe

[2010/06/19 20:30:02 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4136707411-3201393476-1182888075-1000Core.job

[2010/06/19 12:28:18 | 000,312,241 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\Untitled.jpg

[2010/06/19 12:14:25 | 000,293,376 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\zqfewkl5.exe

[2010/06/19 01:25:26 | 000,002,097 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\HijackThis.lnk

[2010/06/18 19:22:26 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/18 19:22:26 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/18 19:14:59 | 000,000,378 | ---- | M] () -- C:\Windows\SysNative\Pen_Tablet.dat

[2010/06/18 19:14:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/18 19:14:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/18 19:14:34 | 2414,215,168 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/17 16:36:08 | 000,809,936 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/06/17 16:36:08 | 000,689,768 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/06/17 16:36:08 | 000,134,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/06/16 12:22:32 | 000,005,120 | ---- | M] () -- C:\Users\CYBERBEMON\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/16 10:36:10 | 000,001,373 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\Devil May Cry 4 DX9 Trainer - Shortcut.lnk

[2010/06/13 14:58:35 | 001,426,302 | -H-- | M] () -- C:\Users\CYBERBEMON\AppData\Local\IconCache.db

[2010/06/11 03:17:24 | 002,899,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/06/08 20:05:53 | 000,524,288 | -HS- | M] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TMContainer00000000000000000002.regtrans-ms

[2010/06/08 20:05:53 | 000,524,288 | -HS- | M] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TMContainer00000000000000000001.regtrans-ms

[2010/06/08 20:05:53 | 000,065,536 | -HS- | M] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TM.blf

[2010/06/08 18:25:28 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys

[2010/06/02 11:56:04 | 000,215,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2010/06/02 11:56:04 | 000,215,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010/05/29 00:45:45 | 000,000,946 | ---- | M] () -- C:\Users\CYBERBEMON\Documents\67.rtf

[2010/05/27 08:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2010/05/27 07:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2010/05/27 05:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2010/05/27 04:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2010/05/26 21:33:01 | 000,000,936 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\Guitar Pro 5.lnk

[2010/05/26 21:12:56 | 000,065,776 | ---- | M] () -- C:\Users\CYBERBEMON\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/05/21 06:52:30 | 001,192,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll

[2010/05/21 06:47:27 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll

[2010/05/21 06:18:06 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll

[2010/05/21 06:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/19 12:28:18 | 000,312,241 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\Untitled.jpg

[2010/06/19 12:14:18 | 000,293,376 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\zqfewkl5.exe

[2010/06/19 01:25:26 | 000,002,097 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\HijackThis.lnk

[2010/06/17 16:32:40 | 000,024,064 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\XLKT.doc

[2010/06/16 10:36:10 | 000,001,373 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\Devil May Cry 4 DX9 Trainer - Shortcut.lnk

[2010/06/08 18:27:57 | 000,524,288 | -HS- | C] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TMContainer00000000000000000002.regtrans-ms

[2010/06/08 18:27:57 | 000,524,288 | -HS- | C] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TMContainer00000000000000000001.regtrans-ms

[2010/06/08 18:27:57 | 000,065,536 | -HS- | C] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TM.blf

[2010/06/08 18:27:05 | 000,000,378 | ---- | C] () -- C:\Windows\SysNative\Pen_Tablet.dat

[2010/05/27 18:21:10 | 000,000,946 | ---- | C] () -- C:\Users\CYBERBEMON\Documents\67.rtf

[2010/05/26 21:33:01 | 000,000,936 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\Guitar Pro 5.lnk

[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/03/26 10:56:06 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\sysogg.dll

[2010/03/26 10:47:52 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2010/02/01 23:17:12 | 000,815,754 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/05/28 23:40:38 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Autodesk

[2010/04/04 22:19:12 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Azureus

[2010/06/16 10:04:45 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\BatteryBar

[2010/03/11 17:16:19 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Cisco

[2010/03/02 16:51:31 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\com.adobe.ExMan

[2010/02/01 23:01:14 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\DAEMON Tools Lite

[2010/03/03 15:46:32 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Digilent

[2010/03/23 14:10:39 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Echo Software

[2010/01/30 21:09:44 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\ESET

[2010/05/04 17:41:19 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Facebook

[2010/06/20 01:31:08 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Free Download Manager

[2010/03/25 01:44:04 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\GetRightToGo

[2010/02/06 13:24:57 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\HDI

[2010/05/27 21:40:18 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\JustVoip

[2010/04/26 23:21:30 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mael

[2010/02/03 13:55:57 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Notepad++

[2010/03/16 14:18:21 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\OpenOffice.org

[2010/06/18 19:17:24 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Raptr

[2010/05/22 22:52:37 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Stardock

[2010/03/12 23:42:13 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\SystemRequirementsLab

[2010/02/17 01:37:06 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\TeamViewer

[2010/04/25 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Total Immersion

[2010/02/04 14:45:27 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Unity

[2010/04/28 00:51:59 | 000,000,000 | RHSD | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Update

[2010/06/14 09:26:53 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\uTorrent

[2010/03/29 18:51:51 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\WTouch

[2010/02/24 13:13:19 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Xilinx

[2009/07/14 06:08:49 | 000,021,198 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.* >

[2010/04/29 13:23:41 | 000,001,024 | ---- | M] () -- C:\.rnd

[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2010/01/31 01:18:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2010/06/18 19:14:34 | 2414,215,168 | -HS- | M] () -- C:\hiberfil.sys

[2007/11/07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007/11/07 09:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007/11/07 09:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007/11/07 09:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007/11/07 09:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007/11/07 09:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007/11/07 09:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007/11/07 09:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007/11/07 09:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007/11/07 09:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll

[2010/06/18 19:14:36 | 3218,956,288 | -HS- | M] () -- C:\pagefile.sys

[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 09:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 09:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\system32\user32.dll /md5 >

[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >

[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\*.dll /lockedfiles >

[2009/08/29 07:59:32 | 011,406,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /180 >

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< End of report >

cyberbemon · June 20, 2010

EXTRA.TXT

OTL Extras logfile created on: 20/06/2010 01:21:40 - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\CYBERBEMON\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 232.88 Gb Total Space | 94.22 Gb Free Space | 40.46% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CYBERBEMON-PC

Current User Name: CYBERBEMON

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{053B3DA8-91B5-4682-A130-715412A1A253}" = Paint.NET v3.5.4

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer

"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode

"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)

"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64

"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{39BFB02A-9692-0409-A808-3F5C7B1F8953}" = Autodesk 3ds Max 2011 64-bit

"{49C955A9-8676-41DC-ABA4-ECD4B751FE0B}" = Adept Runtime

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

"{62A20ECA-920E-4052-BF77-88C78DD20FAA}" = Validity Sensors DDK

"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64

"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{7563F495-80F5-0409-A514-747C66C22449}" = Autodesk 3ds Max 2011 64-bit Components

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64

"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4

"{89C4C60E-490D-43D1-A4EE-92877306DEC3}" = LEGO MINDSTORMS NXT Driver for x64

"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager

"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C6B80683-42E1-44BB-AB00-01DE6B82A393}" = ESET Smart Security

"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client

"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)

"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4

"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2

"{DBF6B4E9-CD43-476A-895D-4D688D41CE63}" = Composite 2011 (64-bit)

"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4

"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64

"{EB7C6F78-2A27-4FEF-A98B-5F2698DC4CBF}" = Saitek SD6 Programming Software 6.6.6.9

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit

"BatteryBar" = BatteryBar (remove only)

"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter

"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver

"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"UDK-622e5e71-acf6-4327-83af-f9bec35ac9e3" = Unreal Development Kit: 2009-11

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer)

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup

"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists)

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista

"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant

"{12E30EA5-B321-4AB5-AFC7-6DF280464033}" = Adept

"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup

"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0

"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup

"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai

"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch

"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.1 (VCSExpress)

"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3E4153AF-3D74-4062-8812-B1FDCE6B1F37}" = LEGO

cyberbemon · June 20, 2010

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5

"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common

"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian

"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish

"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space

cyberbemon · June 20, 2010

"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver

"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands

"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2

"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian

"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services

"{58B45D92-BD94-49b5-9ED1-5345E2DB5576}" = Microsoft Robotics Developer Studio 2008 R2 Express Edition

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX

"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX

"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish

"{701A9A13-7006-483e-802F-DBBEE551A233}" = Microsoft Robotics Developer Studio 2008 R2

"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{79EFF529-C306-41DC-81D9-17F181DF287A}" = DoISO

"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French

"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime

"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup

"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes

"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish

"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable

"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English

"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9666C26B-FC71-4F84-B5B7-80DDFE5FAA57}" = LEGO MINDSTORMS Edu NXT - English Language Pack

"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson

"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)

"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish

"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin

"{A174D18A-766D-4581-B683-A1D8A5349123}" = LEGO MINDSTORMS Edu NXT Software v2.0

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU

"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech

"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player

"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish

"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek

"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components)

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian

"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C8A3F8A5-6F86-4c52-AD3C-4A5E68D518E8}" = Microsoft CCR and DSS Runtime 2008 R2

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software

"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library

"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4

"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All

"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU

"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU

"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy)

"{E14D4E88-DBBF-4AEE-A8EB-C4744E95EEEA}" = LEGO

cyberbemon · June 20, 2010

"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry)

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4

"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English

"{E9AF380B-40FA-4D83-A5C7-A80D9BB8E566}" = LEGO MINDSTORMS NXT Edu Migration Package

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse

"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard

"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects

"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire

"8461-7759-5462-8226" = Vuze

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4

"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4

"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4

"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4

"Akamai" = Akamai NetSession Interface

"CamStudio" = CamStudio

"CCleaner" = CCleaner

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In

"Digsby" = Digsby

"DivX Setup.divx.com" = DivX Setup

"Free Download Manager_is1" = Free Download Manager 3.0

"Game Booster_is1" = Game Booster

"GameSpy Arcade" = GameSpy Arcade

"Guitar Pro 5_is1" = Guitar Pro 5.2

"HijackThis" = HijackThis 2.0.2

"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0

"Impulse" = Impulse

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"JustVoip_is1" = JustVoip

"KatMouse" = KatMouse (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU

"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MP3 Converter Simple" = MP3 Converter Simple

"Notepad++" = Notepad++

"Pen Tablet Driver" = Pen Tablet

"PunkBusterSvc" = PunkBuster Services

"Raptr" = Raptr

"Steam App 13140" = America's Army 3

"Steam App 400" = Portal

"Steam App 440" = Team Fortress 2

"Steam App 9860" = The Chronicles of Riddick: Assault on Dark Athena

"TeamViewer 5" = TeamViewer 5

"Unreal Tournament III" = Unreal Tournament III

"uTorrent" =

cyberbemon · June 20, 2010

"VLC media player" = VLC media player 1.0.5

"VMware_Player" = VMware Player

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"Warcraft III" = Warcraft III

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinLiveSuite_Wave3" = Windows Live Essentials

"Xilinx ISE 10.1" = Xilinx ISE 10.1

"XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

"Google Chrome" = Google Chrome

"NCsoft-Exteel" = Exteel (US)

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 16/06/2010 07:59:57 | Computer Name = CYBERBEMON-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 19/06/2010 18:35:59 | Computer Name = CYBERBEMON-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.6.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 173c Start Time:

01cb0ffdf1dcff46 Termination Time: 29 Application Path: C:\Downloads\Software\OTL.exe

Report

Id:

Error - 19/06/2010 18:45:17 | Computer Name = CYBERBEMON-PC | Source = MsiInstaller | ID = 1024

Description =

Error - 19/06/2010 18:45:25 | Computer Name = CYBERBEMON-PC | Source = MsiInstaller | ID = 1021

Description =

Error - 19/06/2010 18:45:25 | Computer Name = CYBERBEMON-PC | Source = MsiInstaller | ID = 1024

Description =

Error - 19/06/2010 18:46:12 | Computer Name = CYBERBEMON-PC | Source = MsiInstaller | ID = 1021

Description =

Error - 19/06/2010 18:46:13 | Computer Name = CYBERBEMON-PC | Source = MsiInstaller | ID = 1024

Description =

Error - 19/06/2010 18:46:15 | Computer Name = CYBERBEMON-PC | Source = MsiInstaller | ID = 1021

Description =

Error - 19/06/2010 18:46:15 | Computer Name = CYBERBEMON-PC | Source = MsiInstaller | ID = 1024

Description =

Error - 19/06/2010 20:18:53 | Computer Name = CYBERBEMON-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.6.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 1d84 Start Time:

01cb100d5c208e8e Termination Time: 9 Application Path: C:\Users\CYBERBEMON\Desktop\OTL.exe

Report

Id:

[ System Events ]

Error - 18/06/2010 20:21:14 | Computer Name = CYBERBEMON-PC | Source = Service Control Manager | ID = 7030

Description = The ThreatFire service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 19/06/2010 03:50:23 | Computer Name = CYBERBEMON-PC | Source = ipnathlp | ID = 31004

Description =

Error - 19/06/2010 11:42:12 | Computer Name = CYBERBEMON-PC | Source = ipnathlp | ID = 31004

Description =

Error - 19/06/2010 12:45:12 | Computer Name = CYBERBEMON-PC | Source = ipnathlp | ID = 31004

Description =

Error - 19/06/2010 15:54:50 | Computer Name = CYBERBEMON-PC | Source = ipnathlp | ID = 31004

Description =

Error - 19/06/2010 16:32:18 | Computer Name = CYBERBEMON-PC | Source = Server | ID = 2505

Description = The server could not bind to the transport \Device\NetBT_Tcpip_{540B7E8A-EE82-4A31-9993-54BA5A3519B0}

because another computer on the network has the same name. The server could not

start.

Error - 19/06/2010 16:32:18 | Computer Name = CYBERBEMON-PC | Source = NetBT | ID = 4321

Description = The name "CYBERBEMON-PC :20" could not be registered on the interface

with IP address 192.168.1.10. The computer with the IP address 169.254.215.155 did

not allow the name to be claimed by this computer.

Error - 19/06/2010 16:32:18 | Computer Name = CYBERBEMON-PC | Source = NetBT | ID = 4321

Description = The name "CYBERBEMON-PC :0" could not be registered on the interface

with IP address 192.168.1.10. The computer with the IP address 169.254.215.155 did

not allow the name to be claimed by this computer.

Error - 19/06/2010 19:32:24 | Computer Name = CYBERBEMON-PC | Source = ipnathlp | ID = 31004

Description =

Error - 19/06/2010 20:32:26 | Computer Name = CYBERBEMON-PC | Source = ipnathlp | ID = 31004

Description =

< End of report >

cyberbemon · June 20, 2010

i did not get any log from GMR..when i opened it it said

c:\windows\system32\config\system the system cannot find the file specified

and when i clicked the scan button i got this message

c:\windows\system32\config\system  the process cannot access the file because its been used by another process

however it completed the scan and said no chages to the system detected and there was no log.

my pc at the moment is going fine i haven't got any warnings or error messages..like infilitration blocked or trojan detected etc etc.

cyberbemon · June 20, 2010

i was looking at the malwarebytes quaratine files..and found that all the previous infections were backdoor bot and info stealer ones..and i'm now experiencing slow internet..i'm on a 10mb broadband and its taking ages to load websites.

SweetTech · June 20, 2010

Hello,

If MBAM detected backdoor trojans then you should be made aware of the fact that:

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a

clean

computer, change all passwords where applicable.

It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:

1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

2. When should I re-format? How should I reinstall?

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the

textbox. Do not include the word "Code"

:Services
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: sysinfo = C:\Windows\system32\Cerberus\server.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{cc065376-0dbb-11df-9f6f-00269e1a92cd}\Shell - "" = AutoRun
O33 - MountPoints2\{cc065376-0dbb-11df-9f6f-00269e1a92cd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2010/06/19 12:14:25 | 000,293,376 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\zqfewkl5.exe

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, adware, dialers, and other riskware
- Archives
- E-mail databases
[*]Click on My Computer under the green Scan bar to the left to start the scan.
[*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
[*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
[*]Click View report... at the bottom.
[*] Click the Save report... button.
[*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following bolded text into the textbox.

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\user32.dll /md5

%systemroot%\system32\ws2_32.dll /md5

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /180

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
Push
A report will open. Copy and Paste that report in your next reply.

NEXT:

Please make sure you include the following items in your next post:

1.

Any comments or questions you may have that you'd like for me to answer in my next post to you.

2.

The log that was produced after running the OTL fix.

3.

The log that was produced after running the MalwareBytes' Anti-Malware scan.

4.

The log that was produced after running the Kaspersky Online Virus Scanner.

5.

The log that was produced after running the OTL scan.

6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,

SweetTech.

cyberbemon · June 20, 2010

1. hai i have one question..what should i do about the files quarentined by MBM should i permanently delete them or shud i just leave them there..i haven't used my computer for any online banking but i found a log when i went to the infected folder and noticed the log contained one of my passwords..after running MBM and removing it..i did another scan using MBM and eset both of them gave me no warnings.so i changed my password. i'll post the OTL fix and MBM logs now because the kasperasky is taking too long to download it.

OTL FIX LOG

All processes killed
Error: Unable to interpret <[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!
Error: Unable to interpret <[2010/06/19 12:14:25 | 000,293,376 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\zqfewkl5.exe> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CYBERBEMON
->Temp folder emptied: 2859810 bytes
->Temporary Internet Files folder emptied: 5446466 bytes
->Java cache emptied: 11261791 bytes
->FireFox cache emptied: 48974484 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 48011 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 104808 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 66.00 mb


[EMPTYFLASH]

User: All Users

User: CYBERBEMON
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06202010_201341

OTL by OldTimer - Version 3.2.6.0 log created on 06202010_201336

Files\Folders moved on Reboot...
C:\Users\CYBERBEMON\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cyberbemon · June 20, 2010

MBM SCAN LOG

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4219

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20/06/2010 20:28:05
mbam-log-2010-06-20 (20-28-05).txt

Scan type: Quick scan
Objects scanned: 124040
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SweetTech · June 21, 2010

I would leave the files in quarantined alone for right now.

cyberbemon · June 21, 2010

hai here is the kaspersky log..the file it identified as infected came with my audio driver provided by HP..i don't know if its a false warning.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Monday, June 21, 2010
 Operating system: Microsoft  (build 7600)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Sunday, June 20, 2010 19:36:30
 Records in database: 4303501
--------------------------------------------------------------------------------

Scan settings:
	scan using the following database: extended
	Scan archives: yes
	Scan e-mail databases: yes

Scan area - My Computer:
	C:\
	D:\
	E:\

Scan statistics:
	Objects scanned: 375855
	Threats found: 1
	Infected objects found: 1
	Suspicious objects found: 0
	Scan duration: 11:07:58


File name / Threat / Threats count
C:\swsetup\SP44989\WDM\Vista\idtmini1.exe	Infected: Worm.Win32.Qvod.aer	1

Selected area has been scanned.

cyberbemon · June 21, 2010

OTL LOG

OTL logfile created on: 21/06/2010 10:11:48 - Run 2

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\CYBERBEMON\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free

6.00 Gb Paging File | 3.00 Gb Available in Paging File | 55.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 232.88 Gb Total Space | 93.47 Gb Free Space | 40.14% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CYBERBEMON-PC

Current User Name: CYBERBEMON

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\CYBERBEMON\AppData\Local\Temp\jkos-CYBERBEMON\binaries\ScanningProcess.exe (Kaspersky Lab.)

PRC - C:\Users\CYBERBEMON\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()

PRC - C:\Users\CYBERBEMON\AppData\Roaming\Update\Windows Update.exe (Microsoft

cyberbemon · June 21, 2010

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\JustVoip.com\JustVoip\JustVoip.exe (JustVoip)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\CYBERBEMON\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\ThreatFire\TFWAH.dll (PC Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:[b]64bit:[/b] - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)
SRV:[b]64bit:[/b] - (mi-raysat_3dsmax2011_64) -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe ()
SRV:[b]64bit:[/b] - (HFGService) -- C:\Windows\SysNative\HFGService.dll (CSR, plc)
SRV:[b]64bit:[/b] - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

cyberbemon · June 21, 2010

SRV:[b]64bit:[/b] - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:[b]64bit:[/b] - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV:[b]64bit:[/b] - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:[b]64bit:[/b] - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)

cyberbemon · June 21, 2010

SRV:[b]64bit:[/b] - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV:[b]64bit:[/b] - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\rswin_3697.dll ()
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (VSS) -- C:\Windows\Vss [2009/07/14 04:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 04:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:[b]64bit:[/b] - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:[b]64bit:[/b] - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)

cyberbemon · June 21, 2010

DRV:[b]64bit:[/b] - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)

DRV:[b]64bit:[/b] - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)

DRV:[b]64bit:[/b] - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)

DRV:[b]64bit:[/b] - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)

DRV:[b]64bit:[/b] - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)

DRV:[b]64bit:[/b] - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)

DRV:[b]64bit:[/b] - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)

DRV:[b]64bit:[/b] - (Epfwndis) -- C:\Windows\SysNative\drivers\epfwndis.sys (ESET)

DRV:[b]64bit:[/b] - (BthAudioHF) -- C:\Windows\SysNative\drivers\BthAudioHF.sys (CSR, plc)

DRV:[b]64bit:[/b] - (csr_a2dp) -- C:\Windows\SysNative\drivers\bthav.sys (CSR, plc)

DRV:[b]64bit:[/b] - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)

DRV:[b]64bit:[/b] - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)

DRV:[b]64bit:[/b] - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)

DRV:[b]64bit:[/b] - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET)

DRV:[b]64bit:[/b] - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:[b]64bit:[/b] - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)

DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:[b]64bit:[/b] - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:[b]64bit:[/b] - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:[b]64bit:[/b] - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:[b]64bit:[/b] - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (vwifimp) -- C:\Windows\SysNative\drivers\vwifimp.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation)

DRV:[b]64bit:[/b] - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)

DRV:[b]64bit:[/b] - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)

DRV:[b]64bit:[/b] - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:[b]64bit:[/b] - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)

DRV:[b]64bit:[/b] - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)

DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:[b]64bit:[/b] - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV:[b]64bit:[/b] - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV:[b]64bit:[/b] - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo)

DRV:[b]64bit:[/b] - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)

DRV:[b]64bit:[/b] - (dmodusb) -- C:\Windows\SysNative\drivers\dmodusb.sys (Windows (R) Codename Longhorn DDK provider)

DRV:[b]64bit:[/b] - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)

DRV:[b]64bit:[/b] - (SaiH0004) -- C:\Windows\SysNative\drivers\SaiH0004.sys (Saitek)

DRV:[b]64bit:[/b] - (SaiU0004) -- C:\Windows\SysNative\drivers\SaiU0004.sys (Saitek)

DRV:[b]64bit:[/b] - (SaiL0004) -- C:\Windows\SysNative\drivers\SaiL0004.sys (Saitek)

DRV:[b]64bit:[/b] - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (CSC) -- C:\Windows\CSC [2010/01/30 17:19:57 | 000,000,000 | ---D | M]

DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)

DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)

DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()

DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

DRV - (adfs) -- C:\Windows\SysWOW64\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (XilinxPC4Driver) -- C:\Windows\System32\drivers\xpc4drvr.sys (Xilinx, Inc.)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 A1 F0 33 97 FD CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.selectedEngine: "Amazon.co.uk"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3

FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64

FF - prefs.js..extensions.enabledItems: {3eba6510-7445-11db-9fe1-0800200c9a66}:0.1-public_beta-3

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0

FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/03 07:57:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/25 00:43:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/30 21:08:49 | 000,000,000 | ---D | M]

[2010/05/30 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Extensions

[2010/05/30 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2010/06/20 14:54:28 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions