backdoor.bot and trojan.agent on SVCHOST windows 7 64bit after removing Desktop Security 2010

[crsnt]

Hi Expert,

unfortunately I got that nasty Desktop Security 2010 today on my win 7 64bit machine. I mostly deleted all malwares using the quick scan but there are 2 existing ones that won't go away:

Malware Quick Scan (it says these but they still exist everytime i did it)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4301

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/07/2010 4:18:49 PM

mbam-log-2010-07-11 (16-18-49).txt

Scan type: Quick scan

Objects scanned: 136458

Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS file:

DDS (Ver_10-03-17.01) - NTFSX64

Run by Andreas at 16:29:26.64 on Sun 11/07/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16

Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.6142.4013 [GMT 8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe

C:\Windows\system32\Pen_Tablet.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

D:\Program Files (x86)\VMWare\VMWare Workstation\vmware-authd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\WTablet\Pen_TabletUser.exe

C:\Windows\system32\Pen_Tablet.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

D:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files (x86)\Logitech\Z-5 Speakers\Z-5 Speakers.exe

C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

D:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\en\StudioVisual.exe

C:\Program Files (x86)\Nokia\Ovi Player\hi-IN\Resourcesresources2.1.10304.00.exe

C:\Program Files (x86)\QuickTime\QuickTimePlayer.Resources\pt.lproj\RecursosQuickTimeQuickTime.exe

C:\Program Files (x86)\Microsoft.NET\SDK\CompactFramework\v2.0\WindowsCE\DesignerMetadata\ja\asmmetaDataGrid.exe

C:\Program Files (x86)\QuickTime\QuickTimePlayer.Resources\pt.lproj\RecursosQuickTimeQuickTime.exe

C:\Users\Andreas\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe

C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

D:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProgress.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\explorer.exe

C:\Users\Andreas\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\syswow64\blank.htm

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files (x86)\sophos\sophos anti-virus\SophosBHO.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [Google Update] "c:\users\andreas\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [skype] "d:\program files (x86)\skype\\phone\Skype.exe" /nosplash /minimized

uRun: [<NO NAME>]

uRun: [NokiaOviSuite2] c:\program files (x86)\nokia\nokia ovi suite\NokiaOviSuite.exe -tray

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "d:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "d:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Adobe_ID0ENQBO] c:\progra~2\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"

mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe

mRun: [blackBerryAutoUpdate] c:\program files (x86)\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [Z-5 Speakers] c:\program files (x86)\logitech\z-5 speakers\Z-5 Speakers.exe

mRun: [NokiaMServer] c:\program files (x86)\common files\nokia\mplatform\NokiaMServer /watchfiles startup

mRun: [NokiaMusic FastStart] "c:\program files (x86)\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "d:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [studioVSContentInstaller] c:\program files (x86)\common files\microsoft shared\msenv\en\studiovisual.exe

mRun: [NokiaResources] c:\program files (x86)\nokia\ovi player\hi-in\resourcesresources2.1.10304.00.exe

mRun: [RecursosQuickTimeRecursosQuickTime] c:\program files (x86)\quicktime\quicktimeplayer.resources\pt.lproj\recursosquicktimequicktime.exe

mRun: [smartphoneWindowsCE2.0] c:\program files (x86)\microsoft.net\sdk\compactframework\v2.0\windowsce\designermetadata\ja\asmmetadatagrid.exe

mRun: [QuickTimeRecursosQuickTime] c:\program files (x86)\quicktime\quicktimeplayer.resources\pt.lproj\recursosquicktimequicktime.exe

mRun: [VisualStudio] c:\program files (x86)\common files\microsoft shared\msenv\en\StudioVisual.exe

mRun: [svchost] c:\users\andreas\appdata\local\temp\svchost.exe

mRunServices: [WMIScriptUtilsMicrosoft] c:\program files (x86)\common files\microsoft shared\wmi\microsoftstudio.exe

mRunServices: [netcflaunchFramework] c:\program files (x86)\microsoft.net\sdk\compactframework\v2.0\windowsce\wce400\armv4\frameworknetcflaunch.exe

mRunServices: [QuickTimeRecursosQuickTime] c:\program files (x86)\quicktime\quicktimeplayer.resources\pt.lproj\recursosquicktimequicktime.exe

mRunServices: [VSContentInstallerMicrosoft] c:\program files (x86)\common files\microsoft shared\msenv\en\StudioVisual.exe

mRunServices: [svchost] c:\users\andreas\appdata\local\temp\svchost.exe

StartupFolder: c:\users\andreas\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - d:\program files (x86)\magicdisc\MagicDisc.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files (x86)\sophos\autoupdate\ALMon.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL

LSP: d:\program files (x86)\vmware\vmware workstation\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\progra~2\sophos\sophos~1\SOPHOS~1.DLL

BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\program files (x86)\sophos\sophos anti-virus\SophosBHOX64.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

mRun-x64: [bluetooth Connection Assistant] LBTWIZ.EXE -silent

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

AppInit_DLLs-X64: c:\progra~2\sophos\sophos~1\SOEF1C~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\andreas\appdata\roaming\mozilla\firefox\profiles\r22a18w5.default\

FF - prefs.js: browser.startup.homepage - www.google.com.au

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files (x86)\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll

FF - plugin: c:\program files (x86)\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll

FF - plugin: c:\program files (x86)\win7codecs\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files (x86)\win7codecs\rm\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\andreas\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: d:\program files (x86)\itunes\mozilla plugins\npitunes.dll

FF - plugin: d:\program files\adobe\acrobat 9.0\acrobat\browser\nppdf32.dll

FF - HiddenExtension: Java Console: No Registry Reference - d:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

d:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

d:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

d:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

d:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

d:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

d:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-6-3 111608]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 27136]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\sophos\sophos anti-virus\SAVAdminService.exe [2009-10-5 80936]

R2 SAVService;Sophos Anti-Virus;c:\program files (x86)\sophos\sophos anti-virus\SavService.exe [2008-8-21 98304]

R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files (x86)\sophos\autoupdate\ALsvc.exe [2010-5-27 172032]

R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-10-6 1909032]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\common files\vmware\usb\vmware-usbarbitrator.exe [2010-1-22 563760]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 118272]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-8-28 51240]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-10-27 239616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-9-10 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-9-18 1038088]

S3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2009-12-30 25088]

S3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2009-12-30 12288]

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2009-12-30 173056]

S3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-1-21 18944]

S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-5-24 19936]

S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-5-24 13280]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-7 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-7-10 14464]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-6-13 23360]

=============== Created Last 30 ================

2010-07-11 07:23:29 0 d-----w- c:\users\andreas\appdata\roaming\Malwarebytes

2010-07-11 07:22:53 0 d-----w- c:\programdata\Malwarebytes

2010-07-11 07:22:52 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-11 07:22:52 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-07-11 00:17:54 0 d-----w- c:\users\andreas\appdata\roaming\ASK Video

2010-06-30 09:40:00 0 d-----w- c:\program files (x86)\common files\Akamai

2010-06-23 23:05:22 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll

2010-06-23 23:05:22 49472 ----a-w- c:\windows\syswow64\netfxperf.dll

2010-06-23 23:05:22 48960 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-23 23:05:22 444752 ----a-w- c:\windows\system32\mscoree.dll

2010-06-23 23:05:22 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-23 23:05:22 297808 ----a-w- c:\windows\syswow64\mscoree.dll

2010-06-23 23:05:22 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe

2010-06-23 23:05:22 1942856 ----a-w- c:\windows\system32\dfshim.dll

2010-06-23 23:05:22 1130824 ----a-w- c:\windows\syswow64\dfshim.dll

2010-06-23 23:05:22 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-23 23:02:56 1736608 ----a-w- c:\windows\system32\ntdll.dll

2010-06-23 23:02:56 1289528 ----a-w- c:\windows\syswow64\ntdll.dll

2010-06-23 23:02:51 961024 ----a-w- c:\windows\system32\CPFilters.dll

2010-06-23 23:02:51 641536 ----a-w- c:\windows\syswow64\CPFilters.dll

2010-06-23 23:02:51 552960 ----a-w- c:\windows\system32\msdri.dll

2010-06-23 23:02:51 288256 ----a-w- c:\windows\system32\MSNP.ax

2010-06-23 23:02:51 258560 ----a-w- c:\windows\system32\mpg2splt.ax

2010-06-23 23:02:51 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax

2010-06-23 23:02:50 204288 ----a-w- c:\windows\syswow64\MSNP.ax

2010-06-22 12:42:40 0 d-----w- c:\program files\iPod

2010-06-22 12:42:39 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2010-06-22 12:42:39 0 d-----w- c:\program files\iTunes

2010-06-22 12:40:42 0 d-----w- c:\program files\Bonjour

2010-06-22 12:40:42 0 d-----w- c:\program files (x86)\Bonjour

2010-06-13 05:18:23 23360 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys

2010-06-12 16:38:46 0 d-----w- c:\programdata\Nokia

2010-06-12 16:34:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf

2010-06-12 16:33:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-06-12 16:32:11 0 d-----w- c:\programdata\PC Suite

2010-06-12 16:25:53 0 d-----w- c:\programdata\NokiaMusic

2010-06-12 16:07:18 0 d-----w- c:\program files (x86)\common files\Nokia

2010-06-12 16:07:03 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys

2010-06-12 16:07:03 0 d-----w- c:\program files\DIFX

2010-06-12 16:06:57 0 d-----w- c:\program files (x86)\PC Connectivity Solution

2010-06-12 16:06:42 67584 ----a-w- c:\windows\system32\nmwcdclsx64.dll

2010-06-12 16:06:06 0 d-----w- c:\programdata\OviInstallerCache

2010-06-12 16:06:06 0 d-----w- c:\program files (x86)\Nokia

==================== Find3M ====================

2010-07-09 15:06:18 218808 ----a-w- c:\windows\syswow64\PnkBstrB.exe

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-21 06:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-18 08:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 08:55:18 237856 ----a-w- c:\windows\system32\dnssdX.dll

2010-05-18 08:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-18 08:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll

2010-05-18 08:35:16 197920 ----a-w- c:\windows\syswow64\dnssdX.dll

2010-05-18 08:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2010-04-27 12:45:06 166440 ----a-w- c:\windows\system32\sdccoinstaller.dll

2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-01-27 07:57:15 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:30:02.58 ===============

I also attached the Attach.txt

P.S when trying to use GMER i got info like this and the saved file is blank (after scanning):

C:\Windows\system32\config\system: The system cannot find the file specified.

Any help will be much appreciated.

Thanks!

Andreas

Attach.zip

[Elise]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Push the button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

• A detailed description of your problems
  
• A new OTL log (don't forget extra.txt)
  

[crsnt]

Thanks for the quick reply Elise,

Detailed description:

I am running Windows 7 Pro 64 bit. I got Desktop Security 2010 malware today. I used perform quick scan of MalwareBytes and removed them (it's gone) except that when I run the scan again, there are 2 files detected on my svchost (as seen in the first post). The remove files command showed they were removed successfully, but when I scanned again, those two kept coming back. I want to remove them completely.

here is the OTListIt.txt

OTL logfile created on: 11/07/2010 10:31:55 PM - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Andreas\Downloads

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 63.00% Memory free

12.00 Gb Paging File | 9.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97.56 Gb Total Space | 54.14 Gb Free Space | 55.50% Space Free | Partition Type: NTFS

Drive D: | 195.31 Gb Total Space | 47.28 Gb Free Space | 24.21% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 465.75 Gb Total Space | 158.07 Gb Free Space | 33.94% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive V: | 172.79 Gb Total Space | 103.49 Gb Free Space | 59.90% Space Free | Partition Type: NTFS

Computer Name: ANDREAS-PC

Current User Name: Andreas

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/11 22:31:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Downloads\OTL.exe

PRC - [2010/07/11 15:13:38 | 000,147,968 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\en\StudioVisual.exe

PRC - [2010/07/11 15:13:38 | 000,147,968 | ---- | M] () -- C:\Program Files (x86)\Nokia\Ovi Player\hi-IN\Resourcesresources2.1.10304.00.exe

PRC - [2010/07/11 15:13:38 | 000,147,968 | ---- | M] () -- C:\Program Files (x86)\QuickTime\QuickTimePlayer.Resources\pt.lproj\RecursosQuickTimeQuickTime.exe

PRC - [2010/07/11 15:13:38 | 000,147,968 | ---- | M] () -- C:\Program Files (x86)\Microsoft.NET\SDK\CompactFramework\v2.0\WindowsCE\DesignerMetadata\ja\asmmetaDataGrid.exe

PRC - [2010/06/28 20:14:30 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/06/16 22:50:13 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Andreas\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/05/27 16:16:38 | 000,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe

PRC - [2010/03/09 16:52:01 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2010/02/24 21:17:04 | 000,385,928 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

PRC - [2010/02/03 09:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

PRC - [2010/01/26 14:23:00 | 000,139,776 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

PRC - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

PRC - [2010/01/22 22:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2010/01/22 22:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2010/01/22 22:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) -- D:\Program Files (x86)\VMWare\VMWare Workstation\vmware-authd.exe

PRC - [2010/01/22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

PRC - [2009/12/17 11:23:54 | 000,272,896 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe

PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

PRC - [2009/10/05 19:22:15 | 000,080,936 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe

PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

PRC - [2009/06/11 16:37:04 | 000,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe

PRC - [2009/06/04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe

PRC - [2009/06/04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe

PRC - [2009/02/27 12:14:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- D:\Program Files (x86)\MagicDisc\MagicDisc.exe

PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2008/08/21 13:04:27 | 000,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe

PRC - [2008/05/30 16:36:40 | 000,550,160 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\Z-5 Speakers\Z-5 Speakers.exe

========== Modules (SafeList) ==========

MOD - [2010/07/11 22:31:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Downloads\OTL.exe

MOD - [2009/08/14 16:23:52 | 000,195,072 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll

MOD - [2009/07/20 04:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll

MOD - [2009/07/20 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll

MOD - [2009/07/14 09:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

MOD - [2009/06/11 05:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b

5\msvcr80.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service)

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP)

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)

SRV:64bit: - [2009/09/18 21:56:52 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/07/14 09:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)

SRV:64bit: - [2009/07/14 09:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)

SRV:64bit: - [2009/07/14 09:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)

SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 09:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)

SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008/07/24 15:22:40 | 000,118,272 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)

SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)

SRV:64bit: - [2007/09/08 02:16:16 | 001,909,032 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)

SRV - [2010/06/30 17:40:05 | 002,561,624 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/rswin_3725.dll -- (Akamai)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/05/27 16:16:38 | 000,172,032 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)

SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/09 16:52:01 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010/01/22 22:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2010/01/22 22:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2010/01/22 22:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- D:\Program Files (x86)\VMWare\VMWare Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - [2010/01/22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2009/10/31 16:50:47 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- D:\Program Files (x86)\VMWare\VMWare Workstation\vmware-ufad.exe -- (ufad-ws60)

SRV - [2009/10/05 19:22:15 | 000,080,936 | ---- | M] (Sophos Plc) [unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)

SRV - [2009/09/18 21:55:40 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/09/10 22:54:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2008/08/21 13:04:27 | 000,098,304 | ---- | M] (Sophos Plc) [unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)

SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/13 17:21:51 | 000,111,608 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)

DRV:64bit: - [2010/04/09 13:17:04 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)

DRV:64bit: - [2010/04/09 13:16:58 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)

DRV:64bit: - [2010/01/22 22:14:36 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2010/01/22 22:14:34 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2010/01/22 22:14:30 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2010/01/22 22:14:30 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2010/01/22 21:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2010/01/22 17:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2010/01/22 17:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2010/01/22 17:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2010/01/21 14:54:26 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)

DRV:64bit: - [2009/12/30 11:31:40 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)

DRV:64bit: - [2009/12/30 11:31:30 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)

DRV:64bit: - [2009/12/30 11:31:30 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)

DRV:64bit: - [2009/12/30 11:25:12 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)

DRV:64bit: - [2009/12/30 11:25:10 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)

DRV:64bit: - [2009/09/23 09:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009/08/21 00:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/14 09:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/14 09:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 09:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)

DRV:64bit: - [2009/07/14 09:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)

DRV:64bit: - [2009/07/14 09:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)

DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 08:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/07/14 08:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2009/07/14 07:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)

DRV:64bit: - [2009/07/14 07:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)

DRV:64bit: - [2009/07/14 07:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)

DRV:64bit: - [2009/06/18 00:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV:64bit: - [2009/06/18 00:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/06/18 00:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/06/18 00:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV:64bit: - [2009/06/11 04:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 02:49:58 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)

DRV:64bit: - [2009/06/04 02:49:42 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2009/06/04 02:49:34 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2009/06/04 02:49:26 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2009/06/04 02:49:18 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2009/06/04 02:49:08 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV:64bit: - [2009/06/04 02:49:00 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2009/06/04 02:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)

DRV:64bit: - [2009/06/04 02:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV:64bit: - [2009/06/04 02:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)

DRV:64bit: - [2009/06/04 02:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV:64bit: - [2009/06/04 02:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)

DRV:64bit: - [2009/06/04 02:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV:64bit: - [2008/08/28 01:12:10 | 000,051,240 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2008/07/10 14:47:20 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam.sys -- (WDC_SAM)

DRV:64bit: - [2008/05/23 15:41:04 | 000,023,360 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)

DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV - [2009/10/12 14:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- D:\Program Files (x86)\VMWare\VMWare Workstation\vstor2-ws60.sys -- (vstor2-ws60)

DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3919194528-1027459876-2699288139-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-3919194528-1027459876-2699288139-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp

IE - HKU\S-1-5-21-3919194528-1027459876-2699288139-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au

IE - HKU\S-1-5-21-3919194528-1027459876-2699288139-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4F 37 5C 57 27 32 CA 01 [binary data]

IE - HKU\S-1-5-21-3919194528-1027459876-2699288139-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com.au"

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/06/13 00:07:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2010/06/28 20:14:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/28 20:14:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/06/13 00:07:06 | 000,000,000 | ---D | M]

[2009/09/10 23:03:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions

[2009/09/10 23:03:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\r22a18w5.default\extensions

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-3919194528-1027459876-2699288139-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [bluetooth Connection Assistant] File not found

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)

O4 - HKLM..\Run: [NokiaResources] c:\Program Files (x86)\Nokia\Ovi Player\hi-IN\Resourcesresources2.1.10304.00.exe ()

O4 - HKLM..\Run: [QuickTimeRecursosQuickTime] c:\Program Files (x86)\QuickTime\QuickTimePlayer.Resources\pt.lproj\RecursosQuickTimeQuickTime.exe ()

O4 - HKLM..\Run: [RecursosQuickTimeRecursosQuickTime] c:\Program Files (x86)\QuickTime\QuickTimePlayer.Resources\pt.lproj\RecursosQuickTimeQuickTime.exe ()

O4 - HKLM..\Run: [smartphoneWindowsCE2.0] c:\Program Files (x86)\Microsoft.NET\SDK\CompactFramework\v2.0\WindowsCE\DesignerMetadata\ja\asmmetaDataGrid.exe ()

O4 - HKLM..\Run: [studioVSContentInstaller] c:\Program Files (x86)\Common Files\microsoft shared\MSEnv\en\StudioVisual.exe ()

O4 - HKLM..\Run: [svchost] c:\users\andreas\appdata\local\temp\svchost.exe File not found

O4 - HKLM..\Run: [VisualStudio] C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\en\StudioVisual.exe ()

O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)

O4 - HKLM..\Run: [Z-5 Speakers] C:\Program Files (x86)\Logitech\Z-5 Speakers\Z-5 Speakers.exe (Logitech©)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3919194528-1027459876-2699288139-1001..\Run: [] File not found

O4 - HKU\S-1-5-21-3919194528-1027459876-2699288139-1001..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3919194528-1027459876-2699288139-1001..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKLM..\RunServices: [netcflaunchFramework] c:\Program Files (x86)\Microsoft.NET\SDK\CompactFramework\v2.0\WindowsCE\wce400\armv4\Frameworknetcflaunch.exe ()

O4 - HKLM..\RunServices: [QuickTimeRecursosQuickTime] c:\Program Files (x86)\QuickTime\QuickTimePlayer.Resources\pt.lproj\RecursosQuickTimeQuickTime.exe ()

O4 - HKLM..\RunServices: [svchost] c:\users\andreas\appdata\local\temp\svchost.exe File not found

O4 - HKLM..\RunServices: [VSContentInstallerMicrosoft] C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\en\StudioVisual.exe ()

O4 - HKLM..\RunServices: [WMIScriptUtilsMicrosoft] c:\Program Files (x86)\Common Files\microsoft shared\WMI\MicrosoftStudio.exe ()

O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = D:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-3919194528-1027459876-2699288139-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\Program Files (x86)\VMWare\VMWare Workstation\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Program Files (x86)\VMWare\VMWare Workstation\vsocklib.dll (VMware, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\Program Files (x86)\VMWare\VMWare Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Program Files (x86)\VMWare\VMWare Workstation\vsocklib.dll (VMware, Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOEF1C~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Plc)

O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{b3a0e197-a467-11de-98fb-005056c00008}\Shell - "" = AutoRun

O33 - MountPoints2\{b3a0e197-a467-11de-98fb-005056c00008}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/11 15:23:29 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes

[2010/07/11 15:22:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/07/11 15:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/07/11 15:22:52 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/07/11 15:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/07/11 08:17:54 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\ASK Video

[2010/06/30 17:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai

[2010/06/24 07:05:22 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll

[2010/06/24 07:05:22 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2010/06/24 07:05:22 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe

[2010/06/24 07:05:22 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe

[2010/06/24 07:05:22 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010/06/24 07:05:22 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll

[2010/06/24 07:05:22 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll

[2010/06/24 07:05:22 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll

[2010/06/24 07:02:56 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2010/06/24 07:02:51 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2010/06/24 07:02:51 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2010/06/24 07:02:51 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2010/06/24 07:02:51 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2010/06/24 07:02:51 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2010/06/24 07:02:51 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2010/06/24 07:02:50 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2010/06/22 20:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/06/22 20:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/06/22 20:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2010/06/22 20:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010/06/22 20:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/06/22 20:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2010/06/13 17:16:50 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\vlc

[2010/06/13 13:18:23 | 000,023,360 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys

[2010/06/13 00:56:03 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\IsolatedStorage

[2010/06/13 00:41:18 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Ovi

[2010/06/13 00:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia

[2010/06/13 00:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite

[2010/06/13 00:32:10 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\PC Suite

[2010/06/13 00:32:09 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\NokiaAccount

[2010/06/13 00:31:54 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Nokia

[2010/06/13 00:26:05 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Nokia

[2010/06/13 00:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaMusic

[2010/06/13 00:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia

[2010/06/13 00:07:03 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys

[2010/06/13 00:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2010/06/13 00:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution

[2010/06/13 00:06:42 | 000,067,584 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll

[2010/06/13 00:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\OviInstallerCache

[2010/06/13 00:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia

[2009/06/04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/11 22:36:35 | 003,932,160 | -HS- | M] () -- C:\Users\Andreas\NTUSER.DAT

[2010/07/11 21:55:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3919194528-1027459876-2699288139-1001UA.job

[2010/07/11 17:18:47 | 000,001,144 | ---- | M] () -- C:\Users\Andreas\Documents\Documents - Shortcut.lnk

[2010/07/11 15:52:19 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/07/11 15:52:19 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/07/11 15:46:19 | 000,000,612 | RHS- | M] () -- C:\Users\Andreas\ntuser.pol

[2010/07/11 15:44:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/07/11 15:44:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/07/11 15:43:54 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys

[2010/07/11 15:43:00 | 000,061,544 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000C-00000000-00000000-00001102-00000005-00211102}.rfx

[2010/07/11 15:43:00 | 000,061,544 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000C-00000000-00000000-00001102-00000005-00211102}.rfx

[2010/07/11 15:43:00 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm

[2010/07/11 15:43:00 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm

[2010/07/11 15:43:00 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000C-00000000-00000000-00001102-00000005-00211102}.rfx

[2010/07/11 15:42:37 | 003,775,775 | -H-- | M] () -- C:\Users\Andreas\AppData\Local\IconCache.db

[2010/07/11 15:22:56 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/10 23:09:25 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3919194528-1027459876-2699288139-1001Core.job

[2010/07/10 00:35:52 | 000,742,646 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/07/10 00:35:52 | 000,639,034 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/07/10 00:35:52 | 000,114,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/07/09 23:06:18 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2010/07/09 23:06:18 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010/07/02 15:55:24 | 000,002,413 | ---- | M] () -- C:\Users\Andreas\Desktop\Google Chrome.lnk

[2010/06/30 18:24:48 | 000,000,804 | ---- | M] () -- C:\Users\Andreas\Desktop\Grand Fantasia.lnk

[2010/06/23 16:45:41 | 000,059,904 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/22 20:42:46 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/06/22 20:41:43 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/06/14 23:05:07 | 000,026,158 | ---- | M] () -- C:\Users\Andreas\Documents\Event Cinemas _ Buy Tickets...pdf

[2010/06/13 17:16:33 | 000,000,777 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/06/13 13:17:49 | 003,033,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/06/13 00:56:03 | 000,112,080 | ---- | M] () -- C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/06/13 00:34:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf

[2010/06/13 00:33:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010/06/13 00:26:10 | 000,726,594 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/06/13 00:25:58 | 000,002,669 | ---- | M] () -- C:\Users\Andreas\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Ovi Player.lnk

[2010/06/13 00:25:58 | 000,002,657 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Player.lnk

[2010/06/13 00:07:46 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/11 17:18:47 | 000,001,144 | ---- | C] () -- C:\Users\Andreas\Documents\Documents - Shortcut.lnk

[2010/07/11 15:22:56 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/30 18:24:48 | 000,000,804 | ---- | C] () -- C:\Users\Andreas\Desktop\Grand Fantasia.lnk

[2010/06/22 20:42:46 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/06/22 20:41:43 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/06/14 23:05:07 | 000,026,158 | ---- | C] () -- C:\Users\Andreas\Documents\Event Cinemas _ Buy Tickets...pdf

[2010/06/13 17:16:33 | 000,000,777 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/06/13 00:34:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf

[2010/06/13 00:33:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010/06/13 00:25:58 | 000,002,669 | ---- | C] () -- C:\Users\Andreas\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Ovi Player.lnk

[2010/06/13 00:25:58 | 000,002,657 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Player.lnk

[2010/06/13 00:07:46 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk

[2009/12/01 23:31:05 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll

[2009/10/13 18:27:21 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll

[2009/09/19 07:43:15 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2009/09/14 17:27:16 | 000,726,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/09/10 22:53:41 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2009/09/10 22:53:41 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009/08/25 05:17:24 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini

[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL

[2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

< End of report >

and here is the Extra.txt

OTL Extras logfile created on: 11/07/2010 10:31:55 PM - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Andreas\Downloads

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 63.00% Memory free

12.00 Gb Paging File | 9.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97.56 Gb Total Space | 54.14 Gb Free Space | 55.50% Space Free | Partition Type: NTFS

Drive D: | 195.31 Gb Total Space | 47.28 Gb Free Space | 24.21% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 465.75 Gb Total Space | 158.07 Gb Free Space | 33.94% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive V: | 172.79 Gb Total Space | 103.49 Gb Free Space | 59.90% Space Free | Partition Type: NTFS

Computer Name: ANDREAS-PC

Current User Name: Andreas

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3919194528-1027459876-2699288139-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64

"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools

"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64

"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2

"{4EF6A3C5-7B7A-453A-A887-7252A1A65596}" = WD Drive Manager (x64)

"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes

"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools

"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU

"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64

"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64

"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4

"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64

"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools

"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64

"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour

"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English

"{D3E7A2A5-A059-4A44-949B-21FBD371A8B9}" = Paint.NET v3.5

"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)

"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4

"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU

"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"WinRAR archiver" = WinRAR archiver

"x64 Components_is1" = x64 Components v2.1.1.6

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd

"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4

"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server

"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4

"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5

"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)

"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5

"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4

"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content

"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform

"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater

"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player

"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en

"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs

"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007

"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007

"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2

"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup

"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium

"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0

"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Fran

[Elise]

Hello again, please run the following fix and an MBAM quick scan after that to see if the items are gone now or not.

OTL FIX

------------

We need to run an OTL Fix

1. Please reopen on your desktop.
   
2. Copy and Paste the following code into the textbox. Do not include the word "Code"
   

   :otl
   O4 - HKLM..\Run: [svchost] c:\users\andreas\appdata\local\temp\svchost.exe File not found
   O4 - HKLM..\RunServices: [svchost] c:\users\andreas\appdata\local\temp\svchost.exe File not found
   O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
   O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
   
   :commands
   [emptytemp]

   
   

3. Push
   
4. OTL may ask to reboot the machine. Please do so if asked.
   
5. Click .
   
6. A report will open. Copy and Paste that report in your next reply.
   

[crsnt]

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\svchost deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andreas

->Temp folder emptied: 1353412061 bytes

->Temporary Internet Files folder emptied: 74875205 bytes

->Java cache emptied: 66684789 bytes

->FireFox cache emptied: 86135006 bytes

->Google Chrome cache emptied: 115800857 bytes

->Flash cache emptied: 111822 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 155648 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 261743227 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,868.00 mb

OTL by OldTimer - Version 3.2.9.0 log created on 07112010_233709

Files\Folders moved on Reboot...

C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-732.log moved successfully.

Registry entries deleted on Reboot...

I run the Quick Scan again and problem still persists.

I REALIZED THAT THERE IS A NASTY MALWARE that running at the moment and does this:

Sophos picked up a suspected EXE file. When I looked at my processes, there is this EXE running. When I kill the process, it generates a new EXE file somewhere else randomly in my HD and run it in the processes.

Everytime I kill a process, it just generates another EXE file with a random name as well that is deceiving.

Maybe this can help as a clue

[crsnt]

Just to add to the detail:

it seems that it's creating the exe file somewhere inside Common Files directory.

e.g.

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.WindowsContacts

with the name appleisregistered.exe

[Elise]

Please upload that file to www.virustotal.com and post the resulting log to me. That way we might find out what we are dealing with.

[crsnt]

Antivirus Version Last Update Result

a-squared 5.0.0.31 2010.07.09 -

AhnLab-V3 2010.07.10.00 2010.07.09 -

AntiVir 8.2.4.10 2010.07.09 -

Antiy-AVL 2.0.3.7 2010.07.09 -

Authentium 5.2.0.5 2010.07.10 -

Avast 4.8.1351.0 2010.07.09 -

Avast5 5.0.332.0 2010.07.09 -

AVG 9.0.0.836 2010.07.09 SHeur3.AHNL

BitDefender 7.2 2010.07.10 Trojan.Generic.KD.19334

CAT-QuickHeal 11.00 2010.07.09 -

ClamAV 0.96.0.3-git 2010.07.10 -

Comodo 5377 2010.07.09 Heur.Packed.Unknown

DrWeb 5.0.2.03300 2010.07.10 Trojan.DownLoad1.64194

eSafe 7.0.17.0 2010.07.08 -

eTrust-Vet 36.1.7696 2010.07.10 -

F-Prot 4.6.1.107 2010.07.09 -

F-Secure 9.0.15370.0 2010.07.09 Trojan.Generic.KD.19334

Fortinet 4.1.143.0 2010.07.09 -

GData 21 2010.07.10 Trojan.Generic.KD.19334

Ikarus T3.1.1.84.0 2010.07.09 -

Jiangmin 13.0.900 2010.07.09 -

Kaspersky 7.0.0.125 2010.07.10 Trojan.Win32.FraudPack.azev

McAfee 5.400.0.1158 2010.07.10 Artemis!65581F18FB4F

McAfee-GW-Edition 2010.1 2010.07.05 Artemis!65581F18FB4F

Microsoft 1.5902 2010.07.09 -

NOD32 5266 2010.07.09 -

Norman 6.05.11 2010.07.09 -

nProtect 2010-07-09.01 2010.07.09 -

Panda 10.0.2.7 2010.07.09 Suspicious file

PCTools 7.0.3.5 2010.07.10 Trojan.FakeAV

Prevx 3.0 2010.07.10 Medium Risk Malware

Rising 22.55.04.04 2010.07.09 -

Sophos 4.55.0 2010.07.10 -

Sunbelt 6566 2010.07.10 Trojan.Win32.Bredolab.Gen.pac (v)

Symantec 20101.1.0.89 2010.07.10 Trojan.FakeAV!gen32

TheHacker 6.5.2.1.311 2010.07.08 -

TrendMicro 9.120.0.1004 2010.07.09 -

TrendMicro-HouseCall 9.120.0.1004 2010.07.10 -

VBA32 3.12.12.6 2010.07.09 Malware-Cryptor.Win32.General.3

ViRobot 2010.6.29.3912 2010.07.09 -

VirusBuster 5.0.27.0 2010.07.09 -

Additional information

File size: 147968 bytes

MD5 : 65581f18fb4f875ccf7c99b087161824

SHA1 : c09f777d632127db0be10bad2f87c73f82f36552

SHA256: 1a78945c9cba8e9b5ecc1d159bf356f067a4a61662684fafb04894f63f698bd2

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x29F0

timedatestamp.....: 0x3C6C7FF8 (Fri Feb 15 04:26:48 2002)

machinetype.......: 0x14C (Intel I386)

( 5 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x20929 0x20A00 7.85 02572befe3313a8d95f12ae6379a15eb

.data 0x22000 0x20400 0x400 3.92 d88f5765bfed6b37c3193aec57eb8848

.DATA 0x43000 0x2000 0x1A00 6.02 78402a674df96ad4f23c6793c796162e

.idata 0x45000 0x1000 0x800 4.82 bb8cbec0c9a481d7c88315132593218b

.rsrc 0x46000 0xA5D 0xC00 5.64 d1e2bde356f5990af7b8c000336bfa50

( 3 imports )

> advapi32.dll: AllocateAndInitializeSid, ChangeServiceConfig2A, InitializeSecurityDescriptor, RegEnumValueA, RegOpenKeyExA, SetSecurityDescriptorDacl, UnlockServiceDatabase

> kernel32.dll: CopyFileA, CreateDirectoryA, CreateFileA, CreateMutexA, CreateThread, CreateToolhelp32Snapshot, DeleteCriticalSection, DeviceIoControl, DisableThreadLibraryCalls, EnterCriticalSection, ExitProcess, FormatMessageA, FreeEnvironmentStringsA, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetDriveTypeA, GetEnvironmentVariableA, GetExitCodeProcess, GetFileSize, GetFileTime, GetLastError, GetLocalTime, GetModuleFileNameA, GetModuleHandleA, GetPrivateProfileSectionNamesA, GetSystemInfo, GetSystemTimeAsFileTime, GetThreadLocale, GetTickCount, GetTimeFormatA, GetVersionExA, GlobalReAlloc, GlobalUnlock, HeapDestroy, HeapFree, InitializeCriticalSection, InterlockedCompareExchange, LCMapStringA, LocalFree, MoveFileExA, QueryPerformanceCounter, RaiseException, ReadFile, ReadProcessMemory, ResumeThread, SetEvent, SetFilePointer, SetHandleCount, SetThreadPriority, Sleep, SuspendThread, TerminateProcess, VirtualAlloc, VirtualFree, VirtualProtect, WriteConsoleA, lstrcmpA, lstrlenA

> user32.dll: CharPrevA, DefWindowProcA

( 0 exports )

TrID : File type identification

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

VXD Driver (0.1%)

ssdeep: 3072:2DIB20xhpCkrW7evLs6x8FtEJDEEK2pbo3GD4Ofb:CQJCAW7u2Ft4DEwpbo2n

sigcheck: publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

Prevx Info: http://info.prevx.com/aboutprogramtext.asp...85F0500DCBDB55F

PEiD : -

RDS : NSRL Reference Data Set

-

[Elise]

Hello again,

OTL

-----

1. Please download OTL from one of the following mirrors:
   • This is THE Mirror
     

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Copy and Paste the following code into the textbox. Do not include the word "Code"

netsvcs
msconfig
safebootminimal
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\at*.job
%systemroot%\Tasks\*.job /lockedfiles

[*]Push

[*]A report will open. Copy and Paste that report in your next reply.

[crsnt]

Hi Elise,

I managed to get rid of it using AVG. =) those files are gone now and so are the svchost files.

Thanks for pointing me out to virustotal.com , it's a useful website indeed.

hehe.

Cya!

[Elise]

That is good news.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Look for "JDK 6 Update 21 (JDK or JRE)".
  
• Click the "Download JRE" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  
• If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the Java Setup - Welcome window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.