Google Redirect - can not find or get rid of!

[anklovis]

Hello,

I've been infected with some sort of redirect virus and have used Malwarebytes, Hitman Pro and Spybot to help remove whatever it is but it still persists and redirects my searches on an occasional basis. I should mention that Malwarebytes did find a trojan on first use a few days back called Trojan.Tracur.S, but it was removed. Regardless, that removal did not solve my redirect problem. I have the log file produced after that removal if that might be relevant. Below is the DDS.txt and attached are the attach and ark files. I hope that you can help. Thank you.

DDS (Ver_10-11-27.01) - NTFS_AMD64

Run by Sandra at 20:12:03.68 on 29/11/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.7934.6336 [GMT -8:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\TP-LINK\QSS\jswpbapi.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\Explorer.EXE

C:\Windows\DAODx.exe

D:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe

D:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe

D:\Spybot - Search & Destroy\SDWinSec.exe

D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

D:\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

D:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe

D:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

D:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

C:\Program Files (x86)\QuickTime\qttask.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

D:\Program Files (x86)\MultiScreen\MultiScreen.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

D:\Program Files (x86)\ASUS\QFan4\FanHelp.exe

D:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe

C:\Program Files (x86)\ASUS\EPU\EPU.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

D:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Sandra\Desktop\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - D:\SPYBOT~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [d3d8wow.exe] C:\Windows\d3d8wow.exe

uRun: [spybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe

mRun: [jswtrayutil] "C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [instantBurn] D:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe

mRun: [updateLBPShortCut] "D:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "D:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [MDS_Menu] "D:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "D:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"

mRun: [CLMLServer] "D:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "D:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "D:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [RemoteControl8] "D:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "D:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun: [updatePPShortCut] "D:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "D:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun: [updatePSTShortCut] "D:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "D:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [uVS11 Preload] D:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11 SE DVD\uvPL.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [MultiScreen] D:\Program Files (x86)\MultiScreen\MultiScreen.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QFan Help] "D:\Program Files (x86)\ASUS\QFan4\FanHelp.exe"

mRun: [TurboV EVO] "D:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

StartupFolder: C:\Users\Sandra\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - D:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun-x64: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2p3oy7oh.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll

FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll

FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - HiddenExtension: Java Console: No Registry Reference - D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - D:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2p3oy7oh.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}

FF - Extension: XUL Cache: {129c29a9-e004-4049-854e-b1aa163274c3} - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2p3oy7oh.default\extensions\{129c29a9-e004-4049-854e-b1aa163274c3}

============= SERVICES / DRIVERS ===============

R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2010-9-26 24560]

R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2010-9-26 26624]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/26 11:14:47];D:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-15 146928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-1-13 202752]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-9-26 135336]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-9-26 267944]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-11-7 96896]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-9-26 83120]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2010-9-26 371696]

R2 jswpbapi;JumpStart Push-Button Service;C:\Program Files (x86)\TP-LINK\QSS\jswpbapi.exe [2010-9-26 265216]

R2 SBSDWSCService;SBSD Security Center Service;D:\Spybot - Search & Destroy\SDWinSec.exe [2010-11-26 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-1-13 6327296]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-1-13 185344]

R3 AODDriver;AODDriver;D:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\aoddriver.sys [2010-11-7 21048]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-13 346144]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-13 39480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe [2010-9-26 954368]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-11-11 155752]

S3 synusb64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2010-10-27 30352]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-27 1255736]

S4 AODService;AODService;D:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]

=============== Created Last 30 ================

2010-11-27 23:29:43 -------- d-----w- C:\Windows\pss

2010-11-26 10:03:44 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

2010-11-26 09:56:33 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2010-11-26 09:55:42 -------- d-----w- C:\PROGRA~3\Hitman Pro

2010-11-24 18:48:42 -------- d-----w- C:\Users\Sandra\AppData\Roaming\Malwarebytes

2010-11-24 18:48:26 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2010-11-24 18:48:24 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-11-24 18:48:24 -------- d-----w- D:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-11-24 18:48:24 -------- d-----w- C:\PROGRA~3\Malwarebytes

2010-11-21 21:26:25 -------- d-sh--w- C:\PROGRA~3\SysWoW32

2010-11-21 21:26:10 203776 --sh--w- C:\PROGRA~3\unrar.exe

2010-11-21 21:26:10 -------- d-sh--w- C:\PROGRA~3\72FC93F464327ACFB179A743114667D6

2010-11-21 21:08:06 -------- d-----w- C:\Users\Sandra\AppData\Roaming\FrostWire

2010-11-21 21:07:57 -------- d-----w- D:\Program Files (x86)\FrostWire

2010-11-21 19:51:37 -------- d-----w- D:\Program Files (x86)\ASIO4ALL v2

2010-11-21 07:06:27 -------- d-----w- D:\Program Files (x86)\Syncrosoft

2010-11-21 07:01:07 -------- d-----w- C:\Program Files (x86)\Common Files\Steinberg

2010-11-21 06:57:35 -------- d-----w- D:\Program Files (x86)\Common Files

2010-11-21 06:36:53 -------- d-----w- D:\Program Files (x86)\eLicenser

2010-11-21 06:36:25 -------- d-----w- D:\Program Files (x86)\Image-Line

2010-11-21 06:27:02 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign

2010-11-21 06:06:09 -------- d-----w- D:\Program Files (x86)\East West

2010-11-21 05:56:44 -------- d-----w- D:\Program Files (x86)\Steinberg

2010-11-21 05:48:29 225280 ----a-w- C:\Windows\SysWow64\rewire.dll

2010-11-21 05:48:28 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm

2010-11-14 05:57:49 -------- d-----w- C:\Users\Sandra\AppData\Local\ATI

2010-11-14 05:54:42 315904 ----a-w- C:\Windows\SysWow64\Difxdef8.rra

2010-11-14 05:54:42 -------- d-----w- C:\RaidTool

2010-11-14 05:54:40 115824 ----a-w- C:\Windows\System32\drivers\jraid.sys

2010-11-14 05:54:38 -------- d-----w- C:\Windows\RaidTool

2010-11-14 05:54:35 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2010-11-14 05:54:35 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2010-11-14 05:54:35 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2010-11-14 05:54:35 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2010-11-14 05:54:35 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2010-11-14 05:54:34 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2010-11-14 05:54:34 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2010-11-14 05:54:33 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2010-11-14 05:53:41 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2010-11-14 05:53:41 346144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2010-11-14 05:53:41 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2010-11-14 05:53:07 39480 ----a-w- C:\Windows\System32\drivers\usbfilter.sys

2010-11-14 05:52:44 16440 ----a-w- C:\Windows\System32\drivers\AtiPcie.sys

2010-11-14 05:52:32 446464 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2010-11-14 05:46:59 504592 ----a-w- C:\Windows\System32\DTSBassEnhancementDLL64.dll

2010-11-11 22:32:14 16896 ----a-w- C:\Windows\AsTaskSched.dll

2010-11-11 22:31:00 -------- d-----w- D:\Program Files (x86)\AMD

2010-11-11 21:58:24 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation

2010-11-11 21:45:25 -------- d-----w- D:\Program Files (x86)\ZOTAC FireStorm

2010-11-11 21:36:29 238696 ----a-w- C:\Windows\System32\nvcohda6.dll

2010-11-08 04:31:59 -------- d-----w- C:\Users\Sandra\AppData\Local\ElevatedDiagnostics

2010-11-08 04:19:08 -------- d-----w- C:\PROGRA~3\ASUS OC Profiles

2010-11-08 04:17:45 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

2010-11-08 04:17:45 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

2010-11-08 03:41:59 24576 ------w- C:\Windows\SysWow64\AsIO.dll

2010-11-08 03:41:59 13440 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys

2010-11-08 03:41:47 -------- d-----w- D:\Program Files (x86)\ASUS

2010-11-06 19:37:34 103864 ----a-w- D:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

==================== Find3M ====================

2010-11-26 09:57:35 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2010-10-16 21:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll

2010-10-16 21:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe

2010-10-16 21:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll

2010-10-16 21:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll

2010-09-26 15:14:05 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2010-09-26 15:14:05 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2010-09-26 15:14:05 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2010-09-26 13:32:39 0 ----a-w- C:\Windows\ativpsrm.bin

2010-09-17 20:27:32 30352 ----a-w- C:\Windows\System32\drivers\synusb64.sys

2010-09-17 20:27:32 1708544 ----a-w- C:\Windows\System32\synsoacc.dll

2010-09-17 20:27:26 86016 ----a-w- C:\Windows\SysWow64\SYNSOPOS.exe

2010-09-15 11:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-07 20:09:02 29288 ----a-w- C:\Windows\System32\nvhdap64.dll

2010-09-07 20:08:55 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2010-09-07 20:08:54 1308776 ----a-w- C:\Windows\System32\nvgenco64.dll

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2006-12-02 03:37:14 904704 ----a-w- D:\Program Files (x86)\msdia80.dll

============= FINISH: 20:12:13.76 ===============

attach.zip

[Elise]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Push the Quick Scan button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

• Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  
• It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  
• When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  
• A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  
• Copy and paste the contents of that log in your next reply.
  

[anklovis]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Push the Quick Scan button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

• Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  
• It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  
• When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  
• A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  
• Copy and paste the contents of that log in your next reply.
  

Thank you Elise for your time. Here are the logs.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5184

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

30/11/2010 10:23:12 AM

mbam-log-2010-11-30 (10-23-12).txt

Scan type: Full scan (C:\|)

Objects scanned: 219385

Time elapsed: 10 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*****************************************

OTL logfile created on: 30/11/2010 10:24:59 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Sandra\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.00% Memory free

19.00 Gb Paging File | 17.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): c:\pagefile.sys 11901 11901 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = D:\Program Files (x86)

Drive C: | 37.27 Gb Total Space | 4.85 Gb Free Space | 13.01% Space Free | Partition Type: NTFS

Drive D: | 279.46 Gb Total Space | 220.51 Gb Free Space | 78.91% Space Free | Partition Type: NTFS

Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/30 10:13:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe

PRC - [2010/11/09 22:25:14 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/11/09 22:25:14 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/11/09 22:25:14 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2010/10/26 22:13:43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/04/22 19:23:54 | 009,919,104 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe

PRC - [2010/04/22 15:56:42 | 001,109,120 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe

PRC - [2010/03/25 11:02:12 | 000,888,960 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\ASUS\QFan4\FanHelp.exe

PRC - [2010/03/16 18:22:40 | 005,309,056 | ---- | M] (

ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe

PRC - [2010/02/10 15:45:40 | 001,135,232 | ---- | M] (

ASUSTeK Computer Inc.) -- D:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe

PRC - [2010/01/22 08:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2009/12/28 05:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

PRC - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

PRC - [2009/10/26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

PRC - [2009/09/24 04:51:34 | 000,032,871 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe

PRC - [2009/04/30 07:05:20 | 000,103,720 | ---- | M] (CyberLink) -- D:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/04/28 06:50:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

PRC - [2009/04/15 19:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- D:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

PRC - [2009/03/29 22:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe

PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- D:\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/10/17 15:32:02 | 000,681,256 | ---- | M] (CyberLink Corporation.) -- D:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe

PRC - [2008/06/30 06:41:10 | 000,114,688 | ---- | M] () -- D:\Program Files (x86)\MultiScreen\MultiScreen.exe

========== Modules (SafeList) ==========

MOD - [2010/11/30 10:13:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe

MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- D:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV:64bit: - [2010/01/13 06:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2010/11/09 22:25:14 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/11/09 22:25:14 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/03/18 09:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/28 05:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)

SRV - [2009/10/22 03:49:18 | 000,136,544 | ---- | M] () [Disabled | Stopped] -- D:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)

SRV - [2009/09/21 06:48:10 | 000,954,368 | ---- | M] (Wireless) [On_Demand | Stopped] -- C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe -- (jswpsapi)

SRV - [2009/09/21 06:48:10 | 000,265,216 | ---- | M] (Wireless) [Auto | Running] -- C:\Program Files (x86)\TP-LINK\QSS\jswpbapi.exe -- (jswpbapi)

SRV - [2009/07/13 17:39:56 | 001,525,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2003/07/28 08:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/26 01:57:35 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2010/09/17 12:27:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64)

DRV:64bit: - [2010/09/07 12:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010/03/04 05:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/03/02 09:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2010/01/22 08:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/01/22 08:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/01/13 06:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/01/13 05:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/01/11 03:28:34 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009/10/19 14:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/09/22 05:30:48 | 001,443,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/09/21 06:48:10 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)

DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/04 17:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2008/10/14 07:40:16 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)

DRV:64bit: - [2007/04/11 11:35:30 | 000,056,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2007/04/11 11:35:22 | 000,053,520 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2010/01/25 04:15:38 | 000,021,048 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\aoddriver.sys -- (AODDriver)

DRV - [2009/04/15 19:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/09/26 11:14:47] [Kernel | Auto | Running] -- D:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})

DRV - [2005/01/07 13:34:54 | 000,486,766 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\CLBUDF.tbl -- (CLBUDF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 23 DC 64 10 DA C9 6B 4A 86 D5 0C 24 F0 71 BC 6D [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 23 DC 64 10 DA C9 6B 4A 86 D5 0C 24 F0 71 BC 6D [binary data]

IE - HKU\S-1-5-21-3995797075-4105707332-3030600537-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKU\S-1-5-21-3995797075-4105707332-3030600537-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp

IE - HKU\S-1-5-21-3995797075-4105707332-3030600537-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca

IE - HKU\S-1-5-21-3995797075-4105707332-3030600537-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 00 1E B1 81 5D CB 01 [binary data]

IE - HKU\S-1-5-21-3995797075-4105707332-3030600537-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 23 DC 64 10 DA C9 6B 4A 86 D5 0C 24 F0 71 BC 6D [binary data]

IE - HKU\S-1-5-21-3995797075-4105707332-3030600537-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)

IE - HKU\S-1-5-21-3995797075-4105707332-3030600537-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2

FF - prefs.js..extensions.enabledItems: {129c29a9-e004-4049-854e-b1aa163274c3}:1.0

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2010/11/14 10:14:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/20 12:47:03 | 000,000,000 | ---D | M]

[2010/11/14 10:14:26 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Mozilla\Extensions

[2010/11/30 09:59:53 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2p3oy7oh.default\extensions

[2010/11/21 13:25:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2p3oy7oh.default\extensions\{129c29a9-e004-4049-854e-b1aa163274c3}

[2010/11/14 17:38:20 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2p3oy7oh.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}

[2010/11/30 09:59:53 | 000,000,000 | ---D | M] -- D:\Program Files (x86)\Mozilla Firefox\extensions

[2010/10/19 09:22:59 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/11/02 06:12:59 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/10/26 21:24:34 | 000,001,538 | ---- | M] () -- D:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/10/26 21:24:34 | 000,000,947 | ---- | M] () -- D:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/10/26 21:24:34 | 000,000,769 | ---- | M] () -- D:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/10/26 21:24:34 | 000,001,135 | ---- | M] () -- D:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/28 01:38:56 | 000,000,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [CLMLServer] D:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [instantBurn] D:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe ()

O4 - HKLM..\Run: [MDS_Menu] D:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [MultiScreen] D:\Program Files (x86)\MultiScreen\MultiScreen.exe ()

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)

O4 - HKLM..\Run: [PDVD8LanguageShortcut] D:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QFan Help] D:\Program Files (x86)\ASUS\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [RemoteControl8] D:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (

ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TurboV EVO] D:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [updateLBPShortCut] D:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] D:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePPShortCut] D:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] D:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [uVS11 Preload] D:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11 SE DVD\uvPL.exe (InterVideo Digital Technology Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found

O4 - HKU\S-1-5-20..\Run: [sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found

O4 - HKU\S-1-5-21-3995797075-4105707332-3030600537-1001..\Run: [d3d8wow.exe] C:\Windows\d3d8wow.exe File not found

O4 - HKU\S-1-5-21-3995797075-4105707332-3030600537-1001..\Run: [spybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{52d83278-c981-11df-b5b6-dd515ae106bb}\Shell - "" = AutoRun

O33 - MountPoints2\{52d83278-c981-11df-b5b6-dd515ae106bb}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/30 10:13:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe

[2010/11/27 15:29:43 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010/11/26 02:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/11/26 01:58:36 | 000,000,000 | ---D | C] -- D:\Program Files\Hitman Pro 3.5

[2010/11/26 01:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2010/11/24 10:48:42 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Malwarebytes

[2010/11/24 10:48:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/11/24 10:48:24 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/11/24 10:48:24 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/11/24 10:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/11/24 09:46:41 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Documents\Anti-Malware

[2010/11/21 13:26:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32

[2010/11/21 13:26:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\72FC93F464327ACFB179A743114667D6

[2010/11/21 13:08:08 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Documents\FrostWire

[2010/11/21 13:08:06 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\FrostWire

[2010/11/21 13:07:57 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\FrostWire

[2010/11/21 11:51:37 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\ASIO4ALL v2

[2010/11/21 11:51:14 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Documents\Image-Line

[2010/11/20 23:06:27 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Syncrosoft

[2010/11/20 23:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steinberg

[2010/11/20 22:57:35 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files

[2010/11/20 22:36:53 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\eLicenser

[2010/11/20 22:36:25 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Image-Line

[2010/11/20 22:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign

[2010/11/20 22:19:18 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\WinRAR

[2010/11/20 22:19:14 | 000,000,000 | ---D | C] -- D:\Program Files\WinRAR

[2010/11/20 22:06:09 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\East West

[2010/11/20 21:56:44 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Steinberg

[2010/11/20 21:48:29 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll

[2010/11/20 11:33:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/11/14 10:14:10 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Mozilla

[2010/11/13 21:57:49 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\ATI

[2010/11/13 21:57:49 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\ATI

[2010/11/13 21:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2010/11/13 21:54:42 | 000,000,000 | ---D | C] -- C:\RaidTool

[2010/11/13 21:54:38 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool

[2010/11/13 21:53:41 | 000,346,144 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys

[2010/11/13 21:53:10 | 000,000,000 | ---D | C] -- D:\Program Files\DIFX

[2010/11/13 21:52:19 | 000,000,000 | ---D | C] -- D:\Program Files\ATI

[2010/11/13 21:47:39 | 000,000,000 | ---D | C] -- C:\Windows\AsusInstAll

[2010/11/13 21:47:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2010/11/13 21:47:31 | 000,000,000 | ---D | C] -- D:\Program Files\Realtek

[2010/11/13 21:47:22 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2010/11/13 21:47:21 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2010/11/13 21:47:21 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2010/11/13 21:47:20 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2010/11/13 21:47:20 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2010/11/13 21:47:14 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2010/11/13 21:47:14 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2010/11/13 21:47:14 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2010/11/13 21:47:13 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2010/11/13 21:47:13 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2010/11/13 21:47:12 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2010/11/13 21:47:08 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2010/11/13 21:47:08 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2010/11/13 21:47:03 | 000,321,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2010/11/13 21:47:02 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll

[2010/11/13 21:47:01 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll

[2010/11/13 21:47:01 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll

[2010/11/13 21:47:00 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll

[2010/11/13 21:47:00 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll

[2010/11/13 21:47:00 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll

[2010/11/13 21:47:00 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll

[2010/11/13 21:47:00 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll

[2010/11/13 21:46:59 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll

[2010/11/13 21:46:59 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll

[2010/11/13 03:44:57 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Download Manager

[2010/11/11 14:32:14 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll

[2010/11/11 14:31:00 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\AMD

[2010/11/11 14:12:09 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2010/11/11 14:12:09 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2010/11/11 13:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2010/11/11 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\SystemRequirementsLab

[2010/11/11 13:45:25 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\ZOTAC FireStorm

[2010/11/11 13:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2010/11/11 13:35:42 | 000,000,000 | ---D | C] -- D:\Program Files\NVIDIA Corporation

[2010/11/07 20:31:59 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\ElevatedDiagnostics

[2010/11/07 20:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles

[2010/11/07 19:41:47 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\ASUS

[2006/12/01 19:37:14 | 000,904,704 | ---- | C] (Microsoft Corporation) -- D:\Program Files (x86)\msdia80.dll

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/30 10:14:19 | 000,080,384 | ---- | M] () -- C:\Users\Sandra\Desktop\MBRCheck.exe

[2010/11/30 10:13:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe

[2010/11/30 09:56:46 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/30 09:56:46 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/30 09:53:50 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/11/30 09:53:50 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/11/30 09:53:50 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/11/30 09:49:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/11/30 09:49:32 | 1944,723,455 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/29 20:41:34 | 000,002,335 | ---- | M] () -- C:\Users\Sandra\Desktop\attach.zip

[2010/11/29 20:14:35 | 000,296,448 | ---- | M] () -- C:\Users\Sandra\Desktop\t9kblfvk.exe

[2010/11/29 20:06:53 | 000,630,272 | ---- | M] () -- C:\Users\Sandra\Desktop\dds.scr

[2010/11/29 20:06:09 | 000,000,000 | ---- | M] () -- C:\Users\Sandra\defogger_reenable

[2010/11/29 18:38:23 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys

[2010/11/29 18:28:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/11/28 01:38:56 | 000,000,835 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2010/11/26 02:03:48 | 000,000,779 | ---- | M] () -- C:\Users\Sandra\Desktop\Spybot - Search & Destroy.lnk

[2010/11/26 02:03:48 | 000,000,779 | ---- | M] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/26 01:57:35 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2010/11/24 10:58:18 | 000,001,185 | ---- | M] () -- C:\ProgramData\1210271513

[2010/11/24 10:48:28 | 000,000,704 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/24 10:44:54 | 000,000,038 | ---- | M] () -- C:\ProgramData\68d93b62

[2010/11/24 10:42:39 | 000,000,036 | ---- | M] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache

[2010/11/24 10:36:35 | 000,000,610 | -HS- | M] () -- C:\ProgramData\1745447989

[2010/11/21 19:14:33 | 000,006,476 | ---- | M] () -- C:\Users\Sandra\.recently-used.xbel

[2010/11/21 13:26:10 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe

[2010/11/21 13:08:04 | 000,000,924 | ---- | M] () -- C:\Users\Sandra\Desktop\FrostWire 4.21.1.lnk

[2010/11/21 13:08:04 | 000,000,924 | ---- | M] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.1.lnk

[2010/11/21 12:15:41 | 000,000,969 | ---- | M] () -- C:\Users\Sandra\Desktop\Symphonic Choirs.lnk

[2010/11/21 11:51:37 | 000,000,811 | ---- | M] () -- C:\Users\Sandra\Desktop\ASIO4ALL v2 Instruction Manual.lnk

[2010/11/21 11:51:14 | 000,000,846 | ---- | M] () -- C:\Users\Sandra\Desktop\FL Studio 9.lnk

[2010/11/21 11:50:55 | 000,001,003 | ---- | M] () -- C:\Users\Sandra\Desktop\FL Studio 7.lnk

[2010/11/20 22:09:39 | 000,000,803 | ---- | M] () -- C:\Users\Sandra\Desktop\EWQLSO Gold Edition.lnk

[2010/11/20 21:50:01 | 001,720,086 | ---- | M] () -- C:\Windows\SysWow64\TmpA570994

[2010/11/20 12:47:03 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/11/14 10:14:06 | 000,001,650 | ---- | M] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/14 10:14:06 | 000,001,650 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/11/13 21:55:53 | 000,047,454 | ---- | M] () -- C:\Windows\Ascd_log.ini

[2010/11/13 21:54:29 | 000,001,238 | ---- | M] () -- C:\Users\Sandra\Desktop\Games.lnk

[2010/11/13 21:54:07 | 000,000,656 | ---- | M] () -- C:\Windows\setup.iss

[2010/11/13 21:45:35 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2010/11/13 21:44:36 | 000,032,400 | ---- | M] () -- C:\Windows\Ascd_tmp.ini

[2010/11/11 14:32:14 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll

[2010/11/11 14:31:01 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\AMD OverDrive.lnk

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/30 10:14:18 | 000,080,384 | ---- | C] () -- C:\Users\Sandra\Desktop\MBRCheck.exe

[2010/11/29 20:41:34 | 000,002,335 | ---- | C] () -- C:\Users\Sandra\Desktop\attach.zip

[2010/11/29 20:14:35 | 000,296,448 | ---- | C] () -- C:\Users\Sandra\Desktop\t9kblfvk.exe

[2010/11/29 20:06:53 | 000,630,272 | ---- | C] () -- C:\Users\Sandra\Desktop\dds.scr

[2010/11/29 20:06:09 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\defogger_reenable

[2010/11/29 18:28:40 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/11/26 02:03:48 | 000,000,779 | ---- | C] () -- C:\Users\Sandra\Desktop\Spybot - Search & Destroy.lnk

[2010/11/26 02:03:48 | 000,000,779 | ---- | C] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/26 01:56:33 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys

[2010/11/24 10:48:28 | 000,000,704 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/24 10:42:39 | 000,000,036 | ---- | C] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache

[2010/11/21 23:14:27 | 000,000,038 | ---- | C] () -- C:\ProgramData\68d93b62

[2010/11/21 19:14:33 | 000,006,476 | ---- | C] () -- C:\Users\Sandra\.recently-used.xbel

[2010/11/21 13:26:43 | 000,000,610 | -HS- | C] () -- C:\ProgramData\1745447989

[2010/11/21 13:26:41 | 000,001,185 | ---- | C] () -- C:\ProgramData\1210271513

[2010/11/21 13:26:10 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe

[2010/11/21 13:08:04 | 000,000,924 | ---- | C] () -- C:\Users\Sandra\Desktop\FrostWire 4.21.1.lnk

[2010/11/21 13:08:04 | 000,000,924 | ---- | C] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.1.lnk

[2010/11/21 11:51:37 | 000,000,811 | ---- | C] () -- C:\Users\Sandra\Desktop\ASIO4ALL v2 Instruction Manual.lnk

[2010/11/21 11:51:14 | 000,000,846 | ---- | C] () -- C:\Users\Sandra\Desktop\FL Studio 9.lnk

[2010/11/20 22:27:53 | 000,000,969 | ---- | C] () -- C:\Users\Sandra\Desktop\Symphonic Choirs.lnk

[2010/11/20 22:09:39 | 000,000,803 | ---- | C] () -- C:\Users\Sandra\Desktop\EWQLSO Gold Edition.lnk

[2010/11/20 21:52:29 | 000,001,003 | ---- | C] () -- C:\Users\Sandra\Desktop\FL Studio 7.lnk

[2010/11/20 21:50:01 | 001,720,086 | ---- | C] () -- C:\Windows\SysWow64\TmpA570994

[2010/11/14 10:14:06 | 000,001,650 | ---- | C] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/14 10:14:06 | 000,001,650 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/11/13 21:54:29 | 000,001,238 | ---- | C] () -- C:\Users\Sandra\Desktop\Games.lnk

[2010/11/13 21:54:07 | 000,000,656 | ---- | C] () -- C:\Windows\setup.iss

[2010/11/13 21:53:41 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll

[2010/11/13 21:52:32 | 000,030,784 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb

[2010/11/13 21:52:32 | 000,020,274 | ---- | C] () -- C:\Windows\atiogl.xml

[2010/11/13 21:52:32 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010/11/13 21:52:32 | 000,001,035 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat

[2010/11/13 21:45:39 | 000,047,454 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2010/11/11 14:31:01 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\AMD OverDrive.lnk

[2010/11/11 13:35:39 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb

[2010/11/07 20:17:45 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2010/11/07 20:17:45 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2010/11/07 20:06:55 | 000,000,000 | ---- | C] () -- C:\ProgramData\Gpu.log

[2010/11/07 19:41:59 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2010/11/07 19:41:59 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2010/11/07 19:39:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2010/11/07 19:39:50 | 000,032,400 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2010/10/27 18:05:42 | 000,510,976 | ---- | C] () -- C:\Windows\SysWow64\synsoacc.dll

[2010/09/26 15:18:05 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll

[2010/09/26 15:18:05 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll

[2010/09/26 15:18:05 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll

[2010/09/26 15:18:05 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll

[2010/09/26 15:18:05 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll

[2010/09/26 15:18:05 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll

[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/07/05 18:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

[2009/04/02 04:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/10/24 07:47:25 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\FinalTorrent

[2010/11/27 15:27:06 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\FrostWire

[2010/11/21 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\gtk-2.0

[2010/10/19 09:24:45 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\OpenOffice.org

[2010/11/11 13:48:51 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\SystemRequirementsLab

[2010/09/26 15:30:03 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Ulead Systems

[2010/11/21 12:44:16 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

*********************************

OTL Extras logfile created on: 30/11/2010 10:24:59 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Sandra\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.00% Memory free

19.00 Gb Paging File | 17.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): c:\pagefile.sys 11901 11901 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = D:\Program Files (x86)

Drive C: | 37.27 Gb Total Space | 4.85 Gb Free Space | 13.01% Space Free | Partition Type: NTFS

Drive D: | 279.46 Gb Total Space | 220.51 Gb Free Space | 78.91% Space Free | Partition Type: NTFS

Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3995797075-4105707332-3030600537-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "D:\Program Files (x86)\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\Program Files (x86)\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "D:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "D:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "D:\Program Files (x86)\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\Program Files (x86)\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "D:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "D:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{2770B8D8-701A-1D22-635F-8711DFC06B92}" = ATI Catalyst Install Manager

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5571960D-570C-DDC7-5C14-BE3F88DE3510}" = ccc-utility64

"{6448F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"EPSON Printer and Utilities" = EPSON Printer Software

"HitmanPro35" = Hitman Pro 3.5

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"WinRAR archiver" = WinRAR 4.00 beta 1 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0131A5A1-56BF-ECCD-8325-2306A12495E7}" = Catalyst Control Center Core Implementation

"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2

"{0B260C29-3298-1CF9-7705-D2CE0CF3EEDA}" = Catalyst Control Center Graphics Previews Vista

"{0CE106C1-5974-24DF-5544-1B9A34CFB44A}" = CCC Help Japanese

"{12403D69-D560-7CFD-1B29-D0A016ED4F3E}" = CCC Help Czech

"{153898EE-EECA-471E-8E33-C8485EA84C07}" = QSS Installation Program

"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn

"{1E58B969-9BB4-4012-8D8B-D06005D1CD24}" = TP-LINK Wireless Client Utility

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite

"{2481362E-0DB2-C611-1CE7-913EE2D121CF}" = CCC Help Turkish

"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java 6 Update 20

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 22

"{26C7856A-3333-025E-C61B-50D040ED94B9}" = CCC Help Greek

"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0

"{2EADADA3-FE69-14A3-CA69-AD6E9A61268B}" = CCC Help Spanish

"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite

"{31793A49-51CF-F0BB-9023-C268D517954D}" = Catalyst Control Center InstallProxy

"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver

"{3E5F5356-05F1-92BA-DBAA-0546850564BE}" = CCC Help Finnish

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software

"{4B9A5A44-2C91-4D99-55D4-3B0B71C6851D}" = CCC Help Dutch

"{55C0AE56-7D8C-063F-5535-A11C4016E798}" = CCC Help Portuguese

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver

"{69402652-9801-2A0A-EC52-E5D52AEBADCA}" = CCC Help Polish

"{6DF2D6EB-5324-D44D-BE49-6D146A67564C}" = CCC Help Thai

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{742F3959-5FD3-3CB8-B19D-E3956832543E}" = CCC Help Italian

"{8096C00D-C1C5-AD97-1726-9877BA922863}" = CCC Help French

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{9B0142B2-C2BA-7100-FB1C-CCC91D7D2DE3}" = CCC Help Norwegian

"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A7F9C3C4-28BF-71A5-6DE9-7BBEA412D9CC}" = CCC Help Danish

"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14

"{ABC887FA-1BAC-411B-9F0F-21BA16702F15}" = VideoStudio

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1

"{AE9F0BE7-74EC-BC45-D6C4-20B5BD21FD37}" = Catalyst Control Center Graphics Full Existing

"{B0B960EE-D5FB-D534-655B-A573D431B40C}" = ccc-core-static

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"{B7DAD844-34CD-456B-83CC-88065323DD69}" = WordBuilder

"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{C0140C26-27F0-0487-3CD8-49D04199E1BE}" = Catalyst Control Center Graphics Light

"{C2B6245D-3910-F6B6-C5E8-BBDF6E7E49ED}" = CCC Help Korean

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{D490D825-C08A-8958-6968-981FA1A0A162}" = CCC Help Chinese Standard

"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{DDB45406-BF8C-DBEE-1FBC-ED87871894E6}" = CCC Help English

"{E0C98AFA-9BF9-110D-66DE-C234661F62C7}" = CCC Help Swedish

"{E2ED293C-61AE-247E-EF42-1F68755AF431}" = CCC Help Hungarian

"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E7C0B0AE-D837-FCCD-FC3A-A624F43C0470}" = CCC Help Russian

"{EA18DE8E-B3E6-4D82-A086-9BE2316FA5A5}" = AMD OverDrive

"{EEBD89ED-9D0F-3DD4-6F93-B00916CD75C1}" = Catalyst Control Center Localization All

"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F30F3A63-0DF7-42F7-F96F-A6AFAE169802}" = CCC Help Chinese Traditional

"{F489EF66-FFEC-19DF-E81E-D0A342A77EA9}" = CCC Help German

"{F6121A6C-FA0A-4C6E-9033-E92AD0421A2E}" = WordBuilder

"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II

"{FC89F76A-4183-9A44-B4D2-B82467D3562A}" = Catalyst Control Center Graphics Full New

"{FDC2C630-7CDF-45EB-9C5C-69CB30D75C80}" = Catalyst Control Center Graphics Previews Common

"AbiWord2" = AbiWord 2.6.8

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ASIO4ALL" = ASIO4ALL

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Drumaxx" = Drumaxx

"East West EWQLSO Gold Edition" = East West EWQLSO Gold Edition

"East West Symphonic Choirs" = East West Symphonic Choirs

"eLicenser Control" = eLicenser Control

"FinalTorrent_is1" = FinalTorrent 2010

"FL Studio 9" = FL Studio 9

"FL Studio_is1" = FL Studio v7.0

"FrostWire" = FrostWire 4.21.1

"Hardcore" = Hardcore

"IL Download Manager" = IL Download Manager

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite

"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{ABC887FA-1BAC-411B-9F0F-21BA16702F15}" = Ulead VideoStudio 11 SE DVD

"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"PoiZone" = PoiZone

"Sakura" = Sakura

"Sawer" = Sawer

"Steinberg Hypersonic v1.0" = Steinberg Hypersonic v1.0

"SystemRequirementsLab" = System Requirements Lab

"Toxic Biohazard" = Toxic Biohazard

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinGimp-2.0_is1" = GIMP 2.6.11

"ZOTAC FireStorm" = ZOTAC FireStorm

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 21/11/2010 5:57:08 PM | Computer Name = Sandra-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path()

failed. System Error: 0xC0000039 (unresolvable).

Error - 24/11/2010 3:40:28 AM | Computer Name = Sandra-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path()

failed. System Error: 0xC0000039 (unresolvable).

Error - 24/11/2010 3:40:29 AM | Computer Name = Sandra-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path()

failed. System Error: 0xC0000039 (unresolvable).

Error - 25/11/2010 2:47:07 AM | Computer Name = Sandra-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path()

failed. System Error: 0xC0000039 (unresolvable).

Error - 25/11/2010 2:47:07 AM | Computer Name = Sandra-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path()

failed. System Error: 0xC0000039 (unresolvable).

Error - 26/11/2010 2:05:05 PM | Computer Name = Sandra-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path()

failed. System Error: 0xC0000039 (unresolvable).

Error - 26/11/2010 2:05:05 PM | Computer Name = Sandra-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path()

failed. System Error: 0xC0000039 (unresolvable).

Error - 27/11/2010 7:56:47 PM | Computer Name = Sandra-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "d:\spybot - search & destroy\DelZip179.dll".Error

in manifest or policy file "d:\spybot - search & destroy\DelZip179.dll" on line

8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 27/11/2010 8:03:04 PM | Computer Name = Sandra-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path()

failed. System Error: 0xC0000039 (unresolvable).

Error - 27/11/2010 8:03:04 PM | Computer Name = Sandra-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path()

failed. System Error: 0xC0000039 (unresolvable).

[ System Events ]

Error - 29/11/2010 10:59:11 AM | Computer Name = Sandra-PC | Source = bowser | ID = 8003

Description =

Error - 29/11/2010 11:56:54 AM | Computer Name = Sandra-PC | Source = bowser | ID = 8003

Description =

Error - 29/11/2010 4:15:03 PM | Computer Name = Sandra-PC | Source = bowser | ID = 8003

Description =

Error - 29/11/2010 4:37:34 PM | Computer Name = Sandra-PC | Source = BROWSER | ID = 8032

Description =

Error - 29/11/2010 5:52:16 PM | Computer Name = Sandra-PC | Source = bowser | ID = 8003

Description =

Error - 30/11/2010 1:03:35 AM | Computer Name = Sandra-PC | Source = BROWSER | ID = 8032

Description =

Error - 30/11/2010 1:10:27 AM | Computer Name = Sandra-PC | Source = bowser | ID = 8003

Description =

Error - 30/11/2010 3:31:26 AM | Computer Name = Sandra-PC | Source = bowser | ID = 8003

Description =

Error - 30/11/2010 3:34:55 AM | Computer Name = Sandra-PC | Source = BROWSER | ID = 8032

Description =

Error - 30/11/2010 2:15:56 PM | Computer Name = Sandra-PC | Source = BROWSER | ID = 8032

Description =

< End of report >

****************************************

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Ultimate Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: System manufacturer

System Product Name: System Product Name

Logical Drives Mask: 0x000007bc

Kernel Drivers (total 205):

0x03055000 \SystemRoot\system32\ntoskrnl.exe

0x0300C000 \SystemRoot\system32\hal.dll

0x00B99000 \SystemRoot\system32\kdcom.dll

0x00CF7000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

0x00D04000 \SystemRoot\system32\PSHED.dll

0x00D18000 \SystemRoot\system32\CLFS.SYS

0x00C00000 \SystemRoot\system32\CI.dll

0x00EE6000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F8A000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F99000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00FF0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00E00000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00E0A000 \SystemRoot\system32\DRIVERS\pci.sys

0x00E3D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00E4A000 \SystemRoot\System32\drivers\partmgr.sys

0x00E5F000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00E74000 \SystemRoot\System32\drivers\volmgrx.sys

0x00ED0000 \SystemRoot\system32\DRIVERS\pciide.sys

0x00CC0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00CD0000 \SystemRoot\system32\DRIVERS\jraid.sys

0x00D76000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x00DA5000 \SystemRoot\System32\drivers\mountmgr.sys

0x00ED7000 \SystemRoot\system32\DRIVERS\atapi.sys

0x00DBF000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x00DE9000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x010D6000 \SystemRoot\system32\drivers\fltmgr.sys

0x01122000 \SystemRoot\system32\drivers\fileinfo.sys

0x0121B000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01136000 \SystemRoot\System32\Drivers\msrpc.sys

0x013BE000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01000000 \SystemRoot\System32\Drivers\cng.sys

0x013D8000 \SystemRoot\System32\drivers\pcw.sys

0x013E9000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01438000 \SystemRoot\system32\drivers\ndis.sys

0x0152A000 \SystemRoot\system32\drivers\NETIO.SYS

0x0158A000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01601000 \SystemRoot\System32\drivers\tcpip.sys

0x015B5000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01400000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x01410000 \SystemRoot\System32\Drivers\spldr.sys

0x01194000 \SystemRoot\System32\drivers\rdyboost.sys

0x01418000 \SystemRoot\System32\Drivers\mup.sys

0x0142A000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01859000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01893000 \SystemRoot\system32\DRIVERS\disk.sys

0x018A9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x018D9000 \SystemRoot\system32\DRIVERS\AtiPcie.sys

0x01917000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x01941000 \SystemRoot\system32\DRIVERS\CLBStor.sys

0x0194B000 \SystemRoot\System32\Drivers\Null.SYS

0x01954000 \SystemRoot\System32\Drivers\Beep.SYS

0x0195B000 \SystemRoot\System32\drivers\vga.sys

0x01969000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x0198E000 \SystemRoot\System32\drivers\watchdog.sys

0x0199E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x019A7000 \SystemRoot\system32\drivers\rdpencdd.sys

0x019B0000 \SystemRoot\system32\drivers\rdprefmp.sys

0x019B9000 \SystemRoot\System32\Drivers\Msfs.SYS

0x019C4000 \SystemRoot\System32\Drivers\Npfs.SYS

0x019D5000 \SystemRoot\system32\DRIVERS\tdx.sys

0x019F3000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x02C9E000 \SystemRoot\system32\drivers\afd.sys

0x02D28000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02D6D000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x02D76000 \SystemRoot\system32\DRIVERS\pacer.sys

0x02D9C000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x02DB2000 \SystemRoot\system32\DRIVERS\jswpslwfx.sys

0x02DBF000 \SystemRoot\system32\DRIVERS\netbios.sys

0x02DCE000 \SystemRoot\system32\DRIVERS\serial.sys

0x02C00000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x02C1B000 \SystemRoot\system32\DRIVERS\termdd.sys

0x02C2F000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x02C80000 \SystemRoot\system32\drivers\nsiproxy.sys

0x02C8C000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x02DEB000 \SystemRoot\System32\drivers\discache.sys

0x03C05000 \SystemRoot\system32\drivers\csc.sys

0x03C88000 \SystemRoot\System32\Drivers\dfsc.sys

0x03CA6000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03CB7000 \SystemRoot\system32\DRIVERS\avipbb.sys

0x03CD9000 \SystemRoot\SysWow64\drivers\AsUpIO.sys

0x03CDF000 \SystemRoot\SysWow64\drivers\AsIO.sys

0x03CE5000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03D0B000 \SystemRoot\system32\DRIVERS\amdppm.sys

0x03D20000 \SystemRoot\system32\DRIVERS\atikmpag.sys

0x04876000 \SystemRoot\system32\DRIVERS\atipmdag.sys

0x04ED1000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys

0x04846000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x04FC5000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys

0x04FF5000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x03D54000 \SystemRoot\system32\DRIVERS\usbfilter.sys

0x0486A000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x03D61000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x03DB7000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x03DC8000 \SystemRoot\system32\DRIVERS\serenum.sys

0x04FF7000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0x04291000 \SystemRoot\system32\DRIVERS\athrx.sys

0x04200000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x01800000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x0423E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x04247000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x04257000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x0426D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x03DD4000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x011CE000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x03DE0000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x052B1000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x052D2000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x052EC000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x052F7000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x05306000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x05315000 \SystemRoot\system32\DRIVERS\swenum.sys

0x05317000 \SystemRoot\system32\DRIVERS\ks.sys

0x0535A000 \SystemRoot\system32\DRIVERS\umbus.sys

0x0536C000 \SystemRoot\system32\DRIVERS\nusb3hub.sys

0x05384000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x053DE000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x05200000 \SystemRoot\system32\drivers\HdAudio.sys

0x0525C000 \SystemRoot\system32\drivers\portcls.sys

0x06A1A000 \SystemRoot\system32\drivers\drmk.sys

0x06A3C000 \SystemRoot\system32\drivers\ksthunk.sys

0x06CF3000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x000A0000 \SystemRoot\System32\win32k.sys

0x06F1A000 \SystemRoot\System32\drivers\Dxapi.sys

0x06F26000 \SystemRoot\System32\Drivers\crashdmp.sys

0x06F34000 \SystemRoot\system32\DRIVERS\monitor.sys

0x06F42000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x06F4E000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x06F57000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x06F6A000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x06F87000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x06FA2000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x06FB0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x06FC9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x06FD2000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

0x06FE4000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x06FF2000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x06C00000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

0x00480000 \SystemRoot\System32\TSDDD.dll

0x06C13000 \SystemRoot\system32\drivers\luafv.sys

0x06C36000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0x06C53000 \SystemRoot\system32\drivers\WudfPf.sys

0x06C74000 \SystemRoot\System32\Drivers\CLBUDF.SYS

0x00720000 \SystemRoot\System32\cdd.dll

0x06CDC000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x06A42000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x06A95000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x06AA8000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x06AC0000 \SystemRoot\system32\drivers\HTTP.sys

0x06B88000 \SystemRoot\system32\DRIVERS\bowser.sys

0x06BA6000 \SystemRoot\System32\drivers\mpsdrv.sys

0x06BBE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x072B1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x072FF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x07322000 \SystemRoot\system32\drivers\peauth.sys

0x073C8000 \SystemRoot\System32\Drivers\secdrv.SYS

0x073D3000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x07200000 \SystemRoot\System32\drivers\tcpipreg.sys

0x07212000 \??\D:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl

0x0723D000 \SystemRoot\System32\DRIVERS\srv2.sys

0x07A65000 \SystemRoot\System32\DRIVERS\srv.sys

0x07AFB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x07B2C000 \??\D:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys

0x07BA6000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x76E70000 \Windows\System32\ntdll.dll

0x47F10000 \Windows\System32\smss.exe

0xFF190000 \Windows\System32\apisetschema.dll

0xFFA30000 \Windows\System32\autochk.exe

0xFF0A0000 \Windows\System32\advapi32.dll

0xFEE90000 \Windows\System32\ole32.dll

0xFEE10000 \Windows\System32\difxapi.dll

0xFED70000 \Windows\System32\clbcatq.dll

0xFEC60000 \Windows\System32\msctf.dll

0xFEBC0000 \Windows\System32\comdlg32.dll

0xFE960000 \Windows\System32\iertutil.dll

0xFE890000 \Windows\System32\usp10.dll

0xFE870000 \Windows\System32\imagehlp.dll

0xFE820000 \Windows\System32\ws2_32.dll

0xFE740000 \Windows\System32\oleaut32.dll

0x76D70000 \Windows\System32\user32.dll

0xFE6D0000 \Windows\System32\gdi32.dll

0xFE4F0000 \Windows\System32\setupapi.dll

0x77040000 \Windows\System32\normaliz.dll

0xFE4C0000 \Windows\System32\imm32.dll

0xFE4B0000 \Windows\System32\lpk.dll

0xFE330000 \Windows\System32\urlmon.dll

0xFD5A0000 \Windows\System32\shell32.dll

0xFD590000 \Windows\System32\nsi.dll

0x76C50000 \Windows\System32\kernel32.dll

0xFD4F0000 \Windows\System32\msvcrt.dll

0xFD4A0000 \Windows\System32\Wldap32.dll

0x77030000 \Windows\System32\psapi.dll

0xFD480000 \Windows\System32\sechost.dll

0xFD400000 \Windows\System32\shlwapi.dll

0xFD2D0000 \Windows\System32\rpcrt4.dll

0xFD1A0000 \Windows\System32\wininet.dll

0xFD160000 \Windows\System32\cfgmgr32.dll

0xFCFF0000 \Windows\System32\crypt32.dll

0xFCFB0000 \Windows\System32\wintrust.dll

0xFCF90000 \Windows\System32\devobj.dll

0xFCF20000 \Windows\System32\KernelBase.dll

0xFCE80000 \Windows\System32\comctl32.dll

0xFCE70000 \Windows\System32\msasn1.dll

0x75C20000 \Windows\SysWOW64\normaliz.dll

Processes (total 76):

0 System Idle Process

4 System

296 C:\Windows\System32\smss.exe

444 csrss.exe

516 C:\Windows\System32\wininit.exe

548 csrss.exe

572 C:\Windows\System32\services.exe

592 C:\Windows\System32\lsass.exe

600 C:\Windows\System32\lsm.exe

700 C:\Windows\System32\svchost.exe

800 C:\Windows\System32\nvvsvc.exe

844 C:\Windows\System32\svchost.exe

904 C:\Windows\System32\atiesrxx.exe

960 C:\Windows\System32\winlogon.exe

1004 C:\Windows\System32\svchost.exe

132 C:\Windows\System32\svchost.exe

452 C:\Windows\System32\svchost.exe

1072 C:\Windows\System32\svchost.exe

1192 C:\Windows\System32\svchost.exe

1316 C:\Windows\System32\atieclxx.exe

1340 D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

1460 C:\Windows\System32\spoolsv.exe

1488 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

1520 C:\Windows\System32\svchost.exe

1628 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

1680 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

1712 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

1772 C:\Windows\System32\svchost.exe

1796 C:\Program Files (x86)\TP-LINK\QSS\jswpbapi.exe

1844 C:\Windows\System32\taskhost.exe

1884 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

2020 C:\Windows\System32\taskeng.exe

2036 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe

648 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

1120 C:\Windows\System32\conhost.exe

1996 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

1220 C:\Windows\System32\dwm.exe

2120 C:\Windows\explorer.exe

2316 C:\Windows\DAODx.exe

2420 D:\Spybot - Search & Destroy\SDWinSec.exe

2528 D:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe

2596 D:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe

2784 D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

2792 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

2800 D:\Spybot - Search & Destroy\TeaTimer.exe

2848 C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe

2868 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

2924 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

2992 D:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe

2092 D:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

2632 D:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

3068 C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

2128 C:\Program Files (x86)\QuickTime\qttask.exe

336 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

440 D:\Program Files (x86)\MultiScreen\MultiScreen.exe

3104 D:\Program Files (x86)\ASUS\QFan4\FanHelp.exe

3112 D:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe

3128 C:\Program Files (x86)\ASUS\EPU\EPU.exe

3136 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

3192 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

3296 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

3832 WUDFHost.exe

2808 C:\Windows\System32\SearchIndexer.exe

3208 WmiPrvSE.exe

3708 C:\Program Files\Windows Media Player\wmpnetwk.exe

3868 D:\Program Files (x86)\Mozilla Firefox\firefox.exe

4188 C:\Windows\System32\svchost.exe

4784 C:\Windows\System32\notepad.exe

3792 C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe

3428 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

1964 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

1900 C:\Windows\System32\audiodg.exe

5008 dllhost.exe

3424 dllhost.exe

1940 C:\Users\Sandra\Desktop\MBRCheck.exe

4308 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: MushkinMKNSSDCL40GB-DX, Rev: 320A13F0

PhysicalDrive0 Model Number: WDCWD3000HLFS-01G6U3, Rev: 04.04V05

Size Device Name MBR Status

--------------------------------------------

37 GB \\.\PhysicalDrive1 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

279 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

[Elise]

Thats a malicious firefox add-on. We'll remove it with the following script. Let me know how things are afterwards.

OTL FIX

------------

We need to run an OTL Fix

1. Please reopen on your desktop.
   
2. Copy and Paste the following code into the textbox.
   

   :otl
   FF - prefs.js..extensions.enabledItems: {129c29a9-e004-4049-854e-b1aa163274c3}:1.0
   [2010/11/21 13:25:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2p3oy7oh.default\extensions\{129c29a9-e004-4049-854e-b1aa163274c3}
   
   :commands
   [emptytemp]

   
   

3. Push
   
4. OTL may ask to reboot the machine. Please do so if asked.
   
5. Click .
   
6. A report will open. Copy and Paste that report in your next reply.
   

[anklovis]

Hello Elise,

Thank you for your quick reply. I've run the script and here is the report. How does this malicious add-on add itself? This computer is relatively new and I've only added java console and a homepage tab(from Mozilla). How can I prevent this from happening again?

All processes killed

========== OTL ==========

Prefs.js: {129c29a9-e004-4049-854e-b1aa163274c3}:1.0 removed from extensions.enabledItems

C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2p3oy7oh.default\extensions\{129c29a9-e004-4049-854e-b1aa163274c3}\defaults\preferences folder moved successfully.

C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2p3oy7oh.default\extensions\{129c29a9-e004-4049-854e-b1aa163274c3}\defaults folder moved successfully.

C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2p3oy7oh.default\extensions\{129c29a9-e004-4049-854e-b1aa163274c3}\chrome folder moved successfully.

C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2p3oy7oh.default\extensions\{129c29a9-e004-4049-854e-b1aa163274c3} folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56504 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: Sandra

->Temp folder emptied: 1022466 bytes

->Temporary Internet Files folder emptied: 52675955 bytes

->Java cache emptied: 37877955 bytes

->FireFox cache emptied: 64676579 bytes

->Flash cache emptied: 117309 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 17873280 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 465804274 bytes

Total Files Cleaned = 610.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11302010_115737

Files\Folders moved on Reboot...

C:\Users\Sandra\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Thats a malicious firefox add-on. We'll remove it with the following script. Let me know how things are afterwards.

OTL FIX

------------

We need to run an OTL Fix

1. Please reopen on your desktop.
   
2. Copy and Paste the following code into the textbox.
   

   :otl
   FF - prefs.js..extensions.enabledItems: {129c29a9-e004-4049-854e-b1aa163274c3}:1.0
   [2010/11/21 13:25:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2p3oy7oh.default\extensions\{129c29a9-e004-4049-854e-b1aa163274c3}
   
   :commands
   [emptytemp]

   
   

3. Push
   
4. OTL may ask to reboot the machine. Please do so if asked.
   
5. Click .
   
6. A report will open. Copy and Paste that report in your next reply.
   

[Elise]

Hi again, for one I see some p2p software on your computer, which is one of the main sources for malware.

P2P WARNING

-------------------

Going over your logs I noticed that you have FrostWire and FinalTorrent installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

[anklovis]

Thank you Elise. I have removed both applications from this computer, updated, ran MBAM and tried out 12 consecutive Firefox searches with no redirect. Here is the log.

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5214

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

30/11/2010 1:20:18 PM

mbam-log-2010-11-30 (13-20-18).txt

Scan type: Full scan (C:\|)

Objects scanned: 225135

Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Hi again, for one I see some p2p software on your computer, which is one of the main sources for malware.

P2P WARNING

-------------------

Going over your logs I noticed that you have FrostWire and FinalTorrent installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

[Elise]

I'm glad to hear everything is okay now. Lets do one last scan for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the icon on your desktop.
      
      
   4. Check
      
   5. Click the button.
      
   6. Accept any security warnings from your browser.
      
   7. Check
      
   8. Push the Start button.
      
   9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      
   10. When the scan completes, push
       
   11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
       Note - when ESET doesn't find any threats, no report will be created.
       
   12. Push the button.
       
   13. Push
       
       

[anklovis]

Hello Elise,

Here is the result of the ESET scan

C:\_OTL\MovedFiles\11302010_115737\C_Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2p3oy7oh.default\extensions\{129c29a9-e004-4049-854e-b1aa163274c3}\chrome\xulcache.jar JS/Agent.NCP trojan deleted - quarantined

I'm glad to hear everything is okay now. Lets do one last scan for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the icon on your desktop.
      
      
   4. Check
      
   5. Click the button.
      
   6. Accept any security warnings from your browser.
      
   7. Check
      
   8. Push the Start button.
      
   9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      
   10. When the scan completes, push
       
   11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
       Note - when ESET doesn't find any threats, no report will be created.
       
   12. Push the button.
       
   13. Push
       
       

[Elise]

Hi again, that looks all clean.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  • Rerun OTL and click the Cleanup button. Allow a reboot. This will remove the logs and tools we used.
    

Please read these advices, in order to prevent reinfecting your PC:

1. Install and update the following programs regularly:
   • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
     A comprehensive tutorial and a list of possible firewalls can be found here.
     
   • an AntiVirus Software
     It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
     
   • an Anti-Spyware program
     Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
     SUPERAntiSpyware is another good scanner with high detection and removal rates.
     Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
     
   • Spyware Blaster
     A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
     
   • MVPs hosts file
     A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
     

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.
  

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

[anklovis]

Thank you, everything seems to back to normal based on my usage so far. I'm glad you are here to help and I will be sure to follow the suggestions. Take care.

Hi again, that looks all clean.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  • Rerun OTL and click the Cleanup button. Allow a reboot. This will remove the logs and tools we used.
    

Please read these advices, in order to prevent reinfecting your PC:

1. Install and update the following programs regularly:
   • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
     A comprehensive tutorial and a list of possible firewalls can be found here.
     
   • an AntiVirus Software
     It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
     
   • an Anti-Spyware program
     Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
     SUPERAntiSpyware is another good scanner with high detection and removal rates.
     Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
     
   • Spyware Blaster
     A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
     
   • MVPs hosts file
     A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
     

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.
  

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

[Elise]

You are most welcome.

If you have no other questions, I will request this topic to be closed.

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.