Redirects > Trojan

[zube]

Hi,

THank you for any help you can give me. Ive been having a problem when searching on yahoo search and clicking links, sometimes (not all the time) it will take me to a page that has nothing to do with the search result find, when i click on the link. I first noticed the problem on July 4th, so i ran MBAM and i will post that log further below, however, once it rebooted, i got a message that it couldnt find something it was looking for, even though the logs say it was deleted. I scanned again and now it cannot find any problems, however, i still get redirected on links, again, its not everytime. Ive ran online scanners and cant find anything. So, im posting my original mbam log from that day, and all other scans ive started today. Im hoping someone can look and see if there is still a problem. I did recieve a email from my ISP yesterday, saying that my machine was infected with a BOT, so im guessing i didnt kill this thing. Oh, GMER didnt find anything either, so i wont be attaching that file.

THank you for any help.

MBAM LOG 7/4/2011

..................

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7018

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

7/4/2011 10:04:08 AM

mbam-log-2011-07-04 (10-04-08).txt

Scan type: Quick scan

Objects scanned: 180325

Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\Users\Mike\AppData\Local\KBDMTi.dll (Trojan.Hiloti) -> Delete on reboot.

c:\Users\Mike\AppData\Local\erigibux.dll (Trojan.Agent.U) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ywuzilaquvacax (Trojan.Hiloti) -> Value: Ywuzilaquvacax -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Myemetukopib (Trojan.Agent.U) -> Value: Myemetukopib -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Mike\AppData\Local\KBDMTi.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\Temp\oeaF079.tmp (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

c:\Windows\Temp\oeaF099.tmp (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

c:\Users\Mike\local settings\KBDMTi.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Users\Mike\local settings\application data\KBDMTi.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Users\Mike\AppData\Local\erigibux.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.

DDS TXT 7/17/2011

..................

DDS (Ver_2011-07-14.01) - NTFS_AMD64

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22

Run by Mike at 9:17:54 on 2011-07-17

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4774 [GMT -4:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Logitech\SetPointG\SetPointII.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

uRun: [AdobeBridge] <no file>

mRun: [NWEReboot] <no file>

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 68.87.75.198 68.87.64.150

TCP: Interfaces\{2BE7AA77-CC2B-44E4-8AD0-656BC1044CC4} : DHCPNameServer = 68.87.75.198 68.87.64.150

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-mPolicies-Explorer: NoActiveDesktop = dword:1

x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1

x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

x64-mPolicies-System: EnableUIADesktopToggle = dword:0

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\FFExternalAlert.dll

FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: F:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: F:\Program Files\Adobe Reader\Reader\browser\nppdf32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

FF - Ext: Eraser: Eraser@vikram - %profile%\extensions\Eraser@vikram

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - Ext: XULRunner: {D83964CE-3243-438C-8BBB-6D685E628C6C} - C:\Users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}

.

============= SERVICES / DRIVERS ===============

.

R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2009-11-5 33800]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-4-9 89920]

S3 copperhd;Razer Copperhead Driver;C:\Windows\System32\drivers\copperhd.sys [2009-5-28 13824]

S3 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2009-5-30 19432]

S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2008-6-27 12744]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-6-1 1038088]

S3 KodakSvc;Kodak AiO Device Service;C:\Program Files (x86)\Kodak\Printer\Center\KodakSvc.exe [2008-2-28 18944]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-9 341856]

S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-9 4162784]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2008-1-20 27648]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-4-6 27160]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 9:18:15.06 ===============

attach.txt

[aliB]

hi

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

• Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  
• Please do not do anything or perform other steps unless I have asked you to do so.
  
• Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

Step 2

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Select All Users
  
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post both logs
    

Things I would like to see in your reply:

• aswMBR log
  
• OTL.txt and Extras.txt

[zube]

Hi aliB, thank you for helping me.

I tried to run aswMBR.exe and it gave me a BSOD, i rebooted and tried again and it still gave me a BSOD without ever starting. I am running vista 64bit if that has anything to do with it, not sure.

So i ran OTL and here are the 2 logs from its scan.

OTL logfile created on: 7/17/2011 4:39:42 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Mike\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.77 Gb Available Physical Memory | 79.70% Memory free

12.09 Gb Paging File | 10.97 Gb Available in Paging File | 90.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 296.17 Gb Total Space | 244.89 Gb Free Space | 82.69% Space Free | Partition Type: NTFS

Drive D: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 100.00 Gb Total Space | 84.90 Gb Free Space | 84.90% Space Free | Partition Type: NTFS

Drive F: | 200.00 Gb Total Space | 108.56 Gb Free Space | 54.28% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/17 16:33:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr

PRC - [2010/11/25 15:14:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2010/10/04 11:23:26 | 000,908,760 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2009/02/27 17:10:28 | 000,035,696 | ---- | M] (Adobe Systems Incorporated) -- F:\Program Files\Adobe Reader\Reader\reader_sl.exe

========== Modules (SafeList) ==========

MOD - [2011/07/17 16:33:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr

MOD - [2009/04/10 23:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/06/01 13:14:19 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2011/07/13 16:57:22 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/11/25 15:14:18 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®

SRV - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/06/01 13:14:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [On_Demand | Stopped] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2008/02/28 17:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/09 22:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC)

DRV:64bit: - [2010/11/09 22:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/06/30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)

DRV:64bit: - [2009/05/09 19:40:14 | 000,120,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AnyDVD.sys -- (AnyDVD)

DRV:64bit: - [2009/04/06 14:19:46 | 000,027,160 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)

DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)

DRV:64bit: - [2009/02/17 13:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2009/02/15 23:11:48 | 000,337,560 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant)

DRV:64bit: - [2008/11/10 08:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/04/22 11:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)

DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®

DRV:64bit: - [2006/11/01 00:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2006/05/24 11:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)

DRV:64bit: - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbicp.sys -- (uisp)

DRV - [2009/05/09 19:40:14 | 000,120,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

DRV - [2001/01/04 10:12:42 | 000,162,900 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\USBICP.sys -- (uisp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: Eraser@vikram:1.03

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {D83964CE-3243-438C-8BBB-6D685E628C6C}:1.9.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: F:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/14 09:56:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/05 09:34:49 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D83964CE-3243-438C-8BBB-6D685E628C6C}: C:\Users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}\ [2011/07/04 08:12:00 | 000,000,000 | ---D | M]

[2010/10/23 11:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions

[2009/06/01 12:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2011/07/04 09:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions

[2011/01/13 17:43:43 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2010/11/19 09:36:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/13 07:23:54 | 000,000,000 | ---D | M] (uTorrentBar Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2010/11/19 09:36:20 | 000,000,000 | ---D | M] (Eraser) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\Eraser@vikram

[2011/03/05 09:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/03/05 09:34:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/07/04 08:12:00 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MIKE\APPDATA\LOCAL\{D83964CE-3243-438C-8BBB-6D685E628C6C}

[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2011/03/05 09:34:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/08/30 14:21:45 | 000,000,771 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [NWEReboot] File not found

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-4221219837-760294012-3936320173-1000..\Run: [AdobeBridge] File not found

O4 - HKU\S-1-5-21-4221219837-760294012-3936320173-1000..\Run: [WMPNSCFG] File not found

O4 - HKLM..\RunOnceEx: [] File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O8 - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\NV_WP_Green2-16x9.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\NV_WP_Green2-16x9.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/23 15:32:44 | 000,000,133 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{b2e602a0-ebd1-11de-9e7b-00248c25f9ba}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent

O33 - MountPoints2\{e42b15ec-4a0d-11de-998b-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{e42b15ec-4a0d-11de-998b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2010/09/17 23:01:31 | 000,349,520 | R--- | M] (Valve Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 16:33:02 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr

[2011/07/17 16:32:13 | 001,908,224 | ---- | C] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe

[2011/07/17 09:04:26 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.scr

[2011/07/04 08:12:00 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}

[2011/07/04 06:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited

[2011/07/04 06:54:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Canneverbe Limited

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Mike\*.tmp files -> C:\Users\Mike\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/17 16:42:52 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/07/17 16:42:52 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/07/17 16:42:52 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/07/17 16:37:42 | 000,052,400 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011/07/17 16:37:41 | 000,052,400 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/07/17 16:37:32 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/17 16:37:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/17 16:37:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/17 16:37:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/17 16:37:11 | 447,573,097 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/07/17 16:33:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr

[2011/07/17 16:32:39 | 001,908,224 | ---- | M] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe

[2011/07/17 16:26:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/17 11:03:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

[2011/07/17 09:17:10 | 000,000,000 | ---- | M] () -- C:\Users\Mike\defogger_reenable

[2011/07/17 09:04:42 | 000,302,592 | ---- | M] () -- C:\Users\Mike\Desktop\6sye35yx.exe

[2011/07/17 09:04:10 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.scr

[2011/07/17 08:58:33 | 000,050,477 | ---- | M] () -- C:\Users\Mike\Desktop\Defogger.exe

[2011/07/16 12:35:31 | 000,350,197 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml

[2011/07/16 12:11:06 | 000,729,742 | ---- | M] () -- C:\Users\Mike\AppData\Local\census.cache

[2011/07/16 12:11:03 | 000,190,153 | ---- | M] () -- C:\Users\Mike\AppData\Local\ars.cache

[2011/07/15 07:33:12 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/07/04 09:10:21 | 000,036,352 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/04 08:12:01 | 000,000,120 | ---- | M] () -- C:\Users\Mike\AppData\Local\Vhixeyiqamabimon.dat

[2011/07/04 08:12:01 | 000,000,000 | ---- | M] () -- C:\Users\Mike\AppData\Local\Rkocuwejatazaleb.bin

[2011/07/04 07:06:04 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Mike\*.tmp files -> C:\Users\Mike\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/17 09:17:10 | 000,000,000 | ---- | C] () -- C:\Users\Mike\defogger_reenable

[2011/07/17 09:04:57 | 000,302,592 | ---- | C] () -- C:\Users\Mike\Desktop\6sye35yx.exe

[2011/07/17 09:04:28 | 000,050,477 | ---- | C] () -- C:\Users\Mike\Desktop\Defogger.exe

[2011/07/12 10:42:18 | 000,729,742 | ---- | C] () -- C:\Users\Mike\AppData\Local\census.cache

[2011/07/12 10:42:09 | 000,190,153 | ---- | C] () -- C:\Users\Mike\AppData\Local\ars.cache

[2011/07/04 08:12:01 | 000,000,120 | ---- | C] () -- C:\Users\Mike\AppData\Local\Vhixeyiqamabimon.dat

[2011/07/04 08:12:01 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\Rkocuwejatazaleb.bin

[2011/05/10 15:29:59 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\{02BEBAB3-0F94-479B-A240-33B2C6DA6E2F}

[2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2010/11/09 22:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2010/11/09 22:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2010/08/29 10:43:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/04/09 14:35:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2010/04/09 14:35:06 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010/04/09 14:34:52 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2010/04/09 14:34:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2010/03/26 15:00:50 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2010/03/13 09:55:22 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2010/02/19 08:59:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009/11/05 09:25:03 | 000,000,036 | ---- | C] () -- C:\Users\Mike\AppData\Local\housecall.guid.cache

[2009/10/06 08:36:49 | 000,000,127 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\default.rss

[2009/06/06 09:35:17 | 000,017,043 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\UserTile.png

[2009/06/01 09:42:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009/05/30 14:26:03 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini

[2009/05/30 11:04:06 | 000,000,258 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2009/05/29 14:53:53 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/05/29 14:53:53 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/05/29 06:47:03 | 000,036,352 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/05/28 22:24:00 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2009/05/28 22:23:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2009/05/28 22:23:59 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini

[2009/05/28 14:26:31 | 000,052,400 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/05/28 14:23:09 | 000,052,400 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 22:48:34 | 004,495,360 | ---- | C] () -- C:\Windows\SysWow64\NlsData001d.dll

[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/05/31 09:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ACD Systems

[2011/07/04 07:02:20 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Any Video Converter

[2009/05/28 21:58:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Ashampoo

[2011/07/04 06:54:30 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Canneverbe Limited

[2009/06/07 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/11/05 08:20:40 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\FrostWire

[2009/12/27 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\GARMIN

[2009/11/22 11:30:35 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ICQ

[2010/03/20 18:58:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Leadertech

[2010/09/12 14:56:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\NCH Swift Sound

[2011/03/05 09:36:04 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\OpenOffice.org

[2009/06/06 09:35:17 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\PeerNetworking

[2009/11/05 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Screaming Bee

[2009/08/23 13:18:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\System Requirements Lab BETA

[2009/10/23 10:35:54 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\SystemRequirementsLab

[2011/07/12 07:47:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\uTorrent

[2010/03/14 08:32:34 | 000,000,000 | ---D | M] -- C:\Users\Ty\AppData\Roaming\ACD Systems

[2011/07/17 11:03:00 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job

[2011/07/17 13:43:02 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe

[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe

[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe

[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe

[2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe

[2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe

[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe

[2008/01/20 22:49:20 | 000,192,512 | ---- | M] (Microsoft Corporation) MD5=77CC24684975AB1CF4C2C43D836C675C -- C:\Windows\SysNative\explorer.exe

[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe

[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe

[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe

[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe

[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe

[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe

[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >

[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe

[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe

[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >

[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe

[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe

[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >

[2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe

[2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe

[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe

[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe

[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/10/04 11:23:23 | 000,552,184 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/10/04 11:23:23 | 000,552,184 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/10/04 11:23:23 | 000,552,184 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2010/10/04 11:23:26 | 000,908,760 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/10/04 11:23:26 | 000,908,760 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2010/10/04 11:23:26 | 000,908,760 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2008/01/20 22:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2008/01/20 22:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2008/01/20 22:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2009/04/10 23:27:46 | 000,636,080 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2008/01/20 22:48:18 | 000,084,992 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2008/01/20 22:48:18 | 000,084,992 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2008/01/20 22:48:18 | 000,084,992 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2009/04/10 23:27:46 | 000,636,080 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:7B568E0CF4077A80

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

AND

OTL Extras logfile created on: 7/17/2011 4:39:42 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Mike\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.77 Gb Available Physical Memory | 79.70% Memory free

12.09 Gb Paging File | 10.97 Gb Available in Paging File | 90.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 296.17 Gb Total Space | 244.89 Gb Free Space | 82.69% Space Free | Partition Type: NTFS

Drive D: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 100.00 Gb Total Space | 84.90 Gb Free Space | 84.90% Space Free | Partition Type: NTFS

Drive F: | 200.00 Gb Total Space | 108.56 Gb Free Space | 54.28% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found

InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "F:\Program Files\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "F:\Program Files\WinAmp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "F:\Program Files\WinAmp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "F:\Program Files\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "F:\Program Files\WinAmp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "F:\Program Files\WinAmp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 09 74 E1 30 16 D8 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4221219837-760294012-3936320173-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 2

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4221219837-760294012-3936320173-1001]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0E8F884E-B700-4439-A486-7BB4D9892EAC}" = lport=18395 | protocol=17 | dir=in | name=bf |

"{10823E7D-2B59-4AD5-983C-5472087EC6D4}" = lport=13505 | protocol=17 | dir=in | name=bf |

"{27FC817E-C73A-42B3-B41E-579862873C0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{480C6F6B-09D2-4C9D-8877-4672F7273114}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6460CE12-B7AC-4DF8-903A-8B7C11A8A83D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{851AFFEC-2511-4D64-A76C-9D792F357E17}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{87E93AC5-7EA4-41CE-8AE3-1BAC57855189}" = lport=80 | protocol=6 | dir=in | name=bf |

"{E5ABA048-6D18-49C3-A3A4-1C8EEBB1AA31}" = lport=18390 | protocol=17 | dir=in | name=bf |

"{F6229A1B-ABA3-48A8-9262-B35DE959E661}" = lport=18395 | protocol=6 | dir=in | name=bf |

"{FE69F787-D215-4D02-9A5E-0AAEBBA1ADC2}" = lport=18390 | protocol=6 | dir=in | name=bf |

"{FF9B88CA-27CA-4A53-9863-03BE14633D03}" = lport=13505 | protocol=6 | dir=in | name=bf |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01A07F55-24E7-45FD-81D3-0387596AE535}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{081EFDBE-FDB6-47C5-8746-5A94305A3519}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{0F00C8A1-AD05-40F5-BD40-1ED8489750DF}" = protocol=6 | dir=in | app=e:\combat arms\nmservice.exe |

"{12D9552D-CE70-4CBC-83AD-98DE84E57E5F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{14C9F353-AB21-4653-B954-9AB4D205BF11}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{254E488C-5DA7-4712-A69A-E9847C050CB6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{28184228-F16E-46BB-876C-7A850CE972DF}" = protocol=17 | dir=in | app=e:\combat arms\nmservice.exe |

"{28579243-B467-43D5-9FCE-9AA9999AD6AB}" = protocol=6 | dir=in | app=e:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |

"{427BEFC9-99C5-499A-B08B-D1D713F0CE89}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"{47EA3225-FFE9-455B-8A29-659DACC83048}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"{49C04D1B-B2AC-4B0E-8E77-52232262E25F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |

"{4FD42476-C2A9-4163-BA87-861F8BD999B1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |

"{53A4D44D-543D-4348-A1A2-8230DD3EDF7A}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steam.exe |

"{5524B374-684F-4649-A980-471BF2E5D95B}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |

"{5835177D-904D-43EC-AE52-7FD53ACAD442}" = protocol=17 | dir=in | app=e:\cod4\iw3mp.exe |

"{5BE8D5DA-C944-451D-8247-53219671AA89}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |

"{69029F1A-0C98-47B8-862D-1C8B4B84590E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |

"{6FE70E72-45BE-4DF5-9683-CC238B669F4D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{7AA840EB-4582-42F5-B92B-892EB12CD7C0}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steam.exe |

"{88E8C6DF-ED38-4C74-B0ED-FD8FE82E2633}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"{8CF530AE-6294-4E9E-AF3C-CC5D484E486E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{974923B0-0212-497C-BA5F-04A992E65B98}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{A4596682-76DF-41DE-BB77-07BCC178BDE4}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"{AF26EBE4-992A-4782-9EE7-D2546A4A1000}" = protocol=6 | dir=in | app=f:\program files\vent\ventrilo.exe |

"{B46220A0-6463-4957-B963-2B38D36ABDB0}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{BB423D58-61C6-418A-9843-15ED73B1A3FF}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |

"{C874D4A2-86C2-4BBF-89C3-B498A685DDD9}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |

"{CD0DCE48-CABE-4CE9-8EB8-56B0F662F645}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D674C74B-8DCC-4163-A2C0-C8C001FFB4C5}" = protocol=17 | dir=in | app=e:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |

"{DB928591-5DF1-47CA-837D-6C8C9770F320}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |

"{DE147C40-7B5F-4D29-B259-7C091DC324ED}" = protocol=17 | dir=in | app=f:\program files\vent\ventrilo.exe |

"{EC38F750-641C-4238-B4CB-A3903A4BE501}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{EDB7FE4D-3AC5-409F-ABF6-3A0A844BDC74}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |

"{F17599D4-64BD-4AED-89F5-7C56BDAD186D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{F299396B-C895-467F-9CB8-06BDBDC2D8B7}" = protocol=6 | dir=in | app=e:\cod4\iw3mp.exe |

"{FAFCB0EE-2A75-4E6B-AFF6-D631FDBD7894}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{FE32A8C1-2652-4DB1-8E5B-476068915026}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64

"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64

"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4

"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4

"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)

"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.51

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"SP6" = Logitech SetPoint 6.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt

"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery

"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30

"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw

"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap

"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr

"{c4bdcd59-66e3-487d-a3c4-3ac6e9140ca9}" = Nero 9 Trial

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar

"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug

"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4

"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"AC3Filter_is1" = AC3Filter 1.60b

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4

"Any Video Converter_is1" = Any Video Converter 2.7.8

"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9 BETA

"Audacity_is1" = Audacity 1.2.6

"AutoHotkey" = AutoHotkey 1.0.48.05

"CameraUserGuide-PSSX120IS" = Canon PowerShot SX120 IS Camera User Guide

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDC8" = Canon Utilities CameraWindow DC 8

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivXLand Media Subtitler" = DivXLand Media Subtitler

"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition

"DVD Shrink_is1" = DVD Shrink 3.2

"ESET Online Scanner" = ESET Online Scanner v3

"EVPmaker_is1" = EVPmaker 2.5

"Fraps" = Fraps (remove only)

"Free Internet Window Washer" = Free Internet Window Washer

"Guitar Pro 5_is1" = Guitar Pro 5.0

"GuitarSpeedTrainer_is1" = GST 2.3.8.4

"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"Kremlin" = Kremlin

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox (3.5.14)" = Mozilla Firefox (3.5.14)

"MyCamera" = Canon Utilities MyCamera

"MyCameraDC" = Canon Utilities MyCamera DC

"Personal Printing Guide" = Canon Personal Printing Guide

"PFPortChecker" = PFPortChecker 1.0.32

"PhotoStitch" = Canon Utilities PhotoStitch

"PROHYBRIDR" = 2007 Microsoft Office system

"PunkBusterSvc" = PunkBuster Services

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"SkypePlayer" = Skype Audio Player (remove only)

"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide

"Steam App 42700" = Call of Duty: Black Ops

"Steam App 42710" = Call of Duty: Black Ops - Multiplayer

"Switch" = Switch Sound File Converter

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.0.1

"Winamp" = Winamp

"Windows Live Toolbar" = Windows Live Toolbar

"Xfire" = Xfire (remove only)

"Xvid_is1" = Xvid 1.2.1 final uninstall

"ZoneAlarm Pro" = ZoneAlarm Pro

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8/20/2010 5:47:44 PM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1

Description = Error: Steam folder not found

Error - 8/20/2010 5:49:20 PM | Computer Name = Mike-PC | Source = WinMgmt | ID = 10

Description =

Error - 8/21/2010 5:06:50 AM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1

Description = Error: GetSteamInstallPath failed 2

Error - 8/21/2010 5:06:50 AM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1

Description = Error: Failed to find Steam Path

Error - 8/21/2010 5:06:50 AM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1

Description = Error: Steam folder not found

Error - 8/21/2010 5:08:26 AM | Computer Name = Mike-PC | Source = WinMgmt | ID = 10

Description =

Error - 8/21/2010 7:00:45 AM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1

Description = Error: GetSteamInstallPath failed 2

Error - 8/21/2010 7:00:45 AM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1

Description = Error: Failed to find Steam Path

Error - 8/21/2010 7:00:45 AM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1

Description = Error: Steam folder not found

Error - 8/21/2010 7:02:19 AM | Computer Name = Mike-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 7/17/2011 4:41:17 PM | Computer Name = Mike-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/17/2011 4:41:19 PM | Computer Name = Mike-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/17/2011 4:41:22 PM | Computer Name = Mike-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/17/2011 4:41:24 PM | Computer Name = Mike-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/17/2011 4:41:27 PM | Computer Name = Mike-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/17/2011 4:41:29 PM | Computer Name = Mike-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/17/2011 4:42:45 PM | Computer Name = Mike-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/17/2011 4:42:47 PM | Computer Name = Mike-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/17/2011 4:42:50 PM | Computer Name = Mike-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/17/2011 4:42:52 PM | Computer Name = Mike-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

< End of report >

[aliB]

hi

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

[zube]

here is the report you requested.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: System manufacturer

System Product Name: System Product Name

Logical Drives Mask: 0x0000003c

Kernel Drivers (total 137):

0x0201B000 \SystemRoot\system32\ntoskrnl.exe

0x02533000 \SystemRoot\system32\hal.dll

0x0060F000 \SystemRoot\system32\kdcom.dll

0x00612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x0064D000 \SystemRoot\system32\PSHED.dll

0x00661000 \SystemRoot\system32\CLFS.SYS

0x006BE000 \SystemRoot\system32\CI.dll

0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008E5000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008F3000 \SystemRoot\system32\drivers\acpi.sys

0x00949000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00952000 \SystemRoot\system32\drivers\msisadrv.sys

0x0095C000 \SystemRoot\system32\drivers\pci.sys

0x0098C000 \SystemRoot\System32\drivers\partmgr.sys

0x009A1000 \SystemRoot\system32\drivers\volmgr.sys

0x00770000 \SystemRoot\System32\drivers\volmgrx.sys

0x009B5000 \SystemRoot\system32\drivers\pciide.sys

0x009BC000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x009CC000 \SystemRoot\System32\drivers\mountmgr.sys

0x009DF000 \SystemRoot\system32\drivers\pavboot64.sys

0x009EA000 \SystemRoot\system32\drivers\atapi.sys

0x007D6000 \SystemRoot\system32\drivers\ataport.SYS

0x00A0D000 \SystemRoot\system32\drivers\fltmgr.sys

0x00A54000 \SystemRoot\system32\drivers\fileinfo.sys

0x00A68000 \SystemRoot\System32\Drivers\ksecdd.sys

0x00C01000 \SystemRoot\system32\drivers\ndis.sys

0x00AEF000 \SystemRoot\system32\drivers\msrpc.sys

0x00B3F000 \SystemRoot\system32\drivers\NETIO.SYS

0x00E02000 \SystemRoot\System32\drivers\tcpip.sys

0x00F78000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01001000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01181000 \SystemRoot\system32\drivers\volsnap.sys

0x011C5000 \SystemRoot\System32\Drivers\spldr.sys

0x011CD000 \SystemRoot\System32\Drivers\mup.sys

0x00FA4000 \SystemRoot\System32\drivers\ecache.sys

0x011DF000 \SystemRoot\system32\drivers\disk.sys

0x00FD0000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x011F3000 \SystemRoot\system32\drivers\crcdisk.sys

0x00DE6000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x00DF2000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x00B98000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x0280C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x03533000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x02203000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x022E4000 \SystemRoot\System32\drivers\watchdog.sys

0x022F4000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x02300000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x02346000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x0360B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x036F8000 \SystemRoot\system32\DRIVERS\Rtlh64.sys

0x03729000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x0373B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x0374B000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0x03753000 \SystemRoot\System32\Drivers\AnyDVD.sys

0x03775000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x03791000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x0379A000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x02357000 \SystemRoot\system32\DRIVERS\storport.sys

0x037D3000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x023B4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x037E0000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03535000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x037EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x023D7000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x03566000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x0357E000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03591000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x0359F000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x037FC000 \SystemRoot\system32\DRIVERS\swenum.sys

0x035AB000 \SystemRoot\system32\DRIVERS\ks.sys

0x03600000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x035DF000 \SystemRoot\system32\DRIVERS\umbus.sys

0x00BAB000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04804000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04818000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x0499B000 \SystemRoot\system32\drivers\portcls.sys

0x049D6000 \SystemRoot\system32\drivers\drmk.sys

0x049F9000 \SystemRoot\system32\drivers\ksthunk.sys

0x023F5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x035EF000 \SystemRoot\System32\Drivers\Null.SYS

0x035F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x009F2000 \SystemRoot\System32\drivers\vga.sys

0x04C0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x04C34000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x04C3D000 \SystemRoot\system32\drivers\rdpencdd.sys

0x04C46000 \SystemRoot\System32\Drivers\Msfs.SYS

0x04C51000 \SystemRoot\System32\Drivers\Npfs.SYS

0x04C62000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x04C6B000 \SystemRoot\system32\DRIVERS\tdx.sys

0x04C88000 \SystemRoot\system32\DRIVERS\smb.sys

0x04CA3000 \SystemRoot\system32\drivers\afd.sys

0x04D0E000 \SystemRoot\System32\DRIVERS\netbt.sys

0x04D52000 \SystemRoot\system32\DRIVERS\vsdatant.sys

0x04DC3000 \SystemRoot\system32\DRIVERS\pacer.sys

0x04DE1000 \SystemRoot\system32\DRIVERS\netbios.sys

0x04E0D000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x04E28000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x04E75000 \SystemRoot\system32\drivers\nsiproxy.sys

0x04E81000 \SystemRoot\System32\Drivers\ElbyCDIO.sys

0x04E8B000 \SystemRoot\System32\Drivers\dfsc.sys

0x04EA8000 \SystemRoot\system32\DRIVERS\udfs.sys

0x04EF6000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x04F12000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x04F14000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x04F1D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x04F2F000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x04F3A000 \SystemRoot\System32\Drivers\crashdmp.sys

0x04F48000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x04F54000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x04F5C000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

0x04F70000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x04F7B000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

0x00050000 \SystemRoot\System32\win32k.sys

0x04F8F000 \SystemRoot\System32\drivers\Dxapi.sys

0x04F9B000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004D0000 \SystemRoot\System32\TSDDD.dll

0x00670000 \SystemRoot\System32\cdd.dll

0x00820000 \SystemRoot\System32\ATMFD.DLL

0x04FAE000 \SystemRoot\system32\drivers\luafv.sys

0x08C02000 \SystemRoot\system32\drivers\spsys.sys

0x08C9C000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x08CB0000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x08CC8000 \SystemRoot\system32\drivers\HTTP.sys

0x08D6B000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x08D94000 \SystemRoot\system32\DRIVERS\bowser.sys

0x08DB2000 \SystemRoot\system32\drivers\mrxdav.sys

0x04FD0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x09001000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0904A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x09069000 \SystemRoot\System32\DRIVERS\srv2.sys

0x0909B000 \SystemRoot\System32\DRIVERS\srv.sys

0x09130000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x0913B000 \SystemRoot\System32\Drivers\adfs.SYS

0x0980D000 \SystemRoot\system32\drivers\peauth.sys

0x098C3000 \SystemRoot\System32\Drivers\secdrv.SYS

0x098CE000 \SystemRoot\System32\drivers\tcpipreg.sys

0x77CA0000 \Windows\System32\ntdll.dll

Processes (total 39):

0 System Idle Process

4 System

460 C:\Windows\System32\smss.exe

528 csrss.exe

596 C:\Windows\System32\wininit.exe

612 csrss.exe

656 C:\Windows\System32\services.exe

668 C:\Windows\System32\lsass.exe

676 C:\Windows\System32\lsm.exe

704 C:\Windows\System32\winlogon.exe

892 C:\Windows\System32\svchost.exe

948 C:\Windows\System32\nvvsvc.exe

984 C:\Windows\System32\svchost.exe

320 C:\Windows\System32\svchost.exe

468 C:\Windows\System32\svchost.exe

516 C:\Windows\System32\svchost.exe

992 C:\Windows\System32\audiodg.exe

1028 C:\Windows\System32\SLsvc.exe

1100 C:\Windows\System32\nvvsvc.exe

1144 C:\Windows\System32\svchost.exe

1252 C:\Windows\System32\svchost.exe

1516 C:\Windows\System32\spoolsv.exe

1548 C:\Windows\System32\svchost.exe

1748 C:\Windows\SysWOW64\PnkBstrA.exe

2064 C:\Windows\System32\dwm.exe

2076 C:\Windows\System32\svchost.exe

2088 C:\Windows\System32\taskeng.exe

2164 C:\Windows\System32\svchost.exe

2244 C:\Windows\System32\svchost.exe

2388 C:\Windows\System32\taskeng.exe

2420 C:\Windows\System32\SearchIndexer.exe

2460 C:\Windows\explorer.exe

2920 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

2468 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

2636 F:\Program Files\Adobe Reader\Reader\reader_sl.exe

2684 C:\Program Files\Logitech\SetPointG\SetPointII.exe

3692 C:\Windows\System32\SearchProtocolHost.exe

3712 C:\Windows\System32\SearchFilterHost.exe

3372 C:\Users\Mike\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000007c`0ae00000 (NTFS)

\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000004a`0ae00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-00H2B0, Rev: 07.04C07

Size Device Name MBR Status

--------------------------------------------

596 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 92953A81AD1CC9184F426D1342D3BB6F9C82196A

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

[aliB]

hi

Step 1

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 2

Download ComboFix here :

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
  Click me
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Things I would like to see in your reply:

• TDSSKiller log
  
• Combofix log

[zube]

ok, here are the 2 logs you requested.

2011/07/18 06:03:20.0206 3728 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/18 06:03:20.0596 3728 ================================================================================

2011/07/18 06:03:20.0596 3728 SystemInfo:

2011/07/18 06:03:20.0596 3728

2011/07/18 06:03:20.0596 3728 OS Version: 6.0.6002 ServicePack: 2.0

2011/07/18 06:03:20.0596 3728 Product type: Workstation

2011/07/18 06:03:20.0596 3728 ComputerName: MIKE-PC

2011/07/18 06:03:20.0596 3728 UserName: Mike

2011/07/18 06:03:20.0596 3728 Windows directory: C:\Windows

2011/07/18 06:03:20.0596 3728 System windows directory: C:\Windows

2011/07/18 06:03:20.0596 3728 Running under WOW64

2011/07/18 06:03:20.0596 3728 Processor architecture: Intel x64

2011/07/18 06:03:20.0596 3728 Number of processors: 8

2011/07/18 06:03:20.0596 3728 Page size: 0x1000

2011/07/18 06:03:20.0596 3728 Boot type: Normal boot

2011/07/18 06:03:20.0596 3728 ================================================================================

2011/07/18 06:03:21.0391 3728 Initialize success

2011/07/18 06:03:25.0400 3676 ================================================================================

2011/07/18 06:03:25.0400 3676 Scan started

2011/07/18 06:03:25.0400 3676 Mode: Manual;

2011/07/18 06:03:25.0400 3676 ================================================================================

2011/07/18 06:03:26.0243 3676 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

2011/07/18 06:03:26.0274 3676 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

2011/07/18 06:03:26.0336 3676 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2011/07/18 06:03:26.0383 3676 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2011/07/18 06:03:26.0399 3676 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2011/07/18 06:03:26.0414 3676 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2011/07/18 06:03:26.0477 3676 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys

2011/07/18 06:03:26.0508 3676 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2011/07/18 06:03:26.0524 3676 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2011/07/18 06:03:26.0555 3676 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

2011/07/18 06:03:26.0570 3676 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2011/07/18 06:03:26.0586 3676 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2011/07/18 06:03:26.0648 3676 AnyDVD (0470de8172887124b84c85e1db495efe) C:\Windows\system32\Drivers\AnyDVD.sys

2011/07/18 06:03:26.0680 3676 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2011/07/18 06:03:26.0711 3676 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2011/07/18 06:03:26.0742 3676 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/18 06:03:26.0820 3676 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

2011/07/18 06:03:26.0960 3676 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2011/07/18 06:03:26.0976 3676 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/18 06:03:26.0992 3676 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2011/07/18 06:03:27.0023 3676 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2011/07/18 06:03:27.0054 3676 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2011/07/18 06:03:27.0070 3676 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2011/07/18 06:03:27.0085 3676 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2011/07/18 06:03:27.0101 3676 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2011/07/18 06:03:27.0132 3676 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2011/07/18 06:03:27.0163 3676 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/18 06:03:27.0194 3676 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/18 06:03:27.0241 3676 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

2011/07/18 06:03:27.0272 3676 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

2011/07/18 06:03:27.0304 3676 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2011/07/18 06:03:27.0319 3676 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

2011/07/18 06:03:27.0366 3676 copperhd (71879a4ab90d21bccf9e3cfcf0bb5f4a) C:\Windows\system32\drivers\copperhd.sys

2011/07/18 06:03:27.0413 3676 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys

2011/07/18 06:03:27.0460 3676 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2011/07/18 06:03:27.0538 3676 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys

2011/07/18 06:03:27.0584 3676 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

2011/07/18 06:03:27.0616 3676 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2011/07/18 06:03:27.0662 3676 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/18 06:03:27.0740 3676 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys

2011/07/18 06:03:27.0772 3676 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2011/07/18 06:03:27.0803 3676 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

2011/07/18 06:03:27.0850 3676 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys

2011/07/18 06:03:27.0959 3676 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2011/07/18 06:03:28.0006 3676 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys

2011/07/18 06:03:28.0130 3676 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2011/07/18 06:03:28.0162 3676 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

2011/07/18 06:03:28.0193 3676 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

2011/07/18 06:03:28.0208 3676 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/18 06:03:28.0224 3676 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2011/07/18 06:03:28.0255 3676 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2011/07/18 06:03:28.0286 3676 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/18 06:03:28.0318 3676 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

2011/07/18 06:03:28.0333 3676 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/18 06:03:28.0364 3676 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2011/07/18 06:03:28.0427 3676 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

2011/07/18 06:03:28.0458 3676 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/18 06:03:28.0505 3676 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2011/07/18 06:03:28.0520 3676 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

2011/07/18 06:03:28.0552 3676 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/18 06:03:28.0583 3676 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2011/07/18 06:03:28.0645 3676 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

2011/07/18 06:03:28.0676 3676 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2011/07/18 06:03:28.0708 3676 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/07/18 06:03:28.0739 3676 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2011/07/18 06:03:28.0770 3676 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2011/07/18 06:03:28.0832 3676 IntcAzAudAddService (f734f6464e8b28712a9ec9eb447c5b92) C:\Windows\system32\drivers\RTKVHD64.sys

2011/07/18 06:03:28.0864 3676 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2011/07/18 06:03:28.0879 3676 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/18 06:03:28.0926 3676 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/18 06:03:28.0957 3676 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2011/07/18 06:03:28.0988 3676 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2011/07/18 06:03:29.0004 3676 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2011/07/18 06:03:29.0035 3676 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2011/07/18 06:03:29.0066 3676 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/07/18 06:03:29.0082 3676 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2011/07/18 06:03:29.0113 3676 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2011/07/18 06:03:29.0129 3676 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/07/18 06:03:29.0300 3676 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/07/18 06:03:29.0378 3676 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/18 06:03:29.0394 3676 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2011/07/18 06:03:29.0456 3676 LHidFilt (ceb6e18dcfad5c72b81c7da1ac3c1cc1) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2011/07/18 06:03:29.0472 3676 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/18 06:03:29.0488 3676 LMouFilt (f9e48f18be4d2b365f138987b8e7885b) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2011/07/18 06:03:29.0519 3676 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2011/07/18 06:03:29.0550 3676 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2011/07/18 06:03:29.0566 3676 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2011/07/18 06:03:29.0581 3676 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2011/07/18 06:03:29.0597 3676 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys

2011/07/18 06:03:29.0690 3676 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys

2011/07/18 06:03:29.0768 3676 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2011/07/18 06:03:29.0800 3676 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2011/07/18 06:03:29.0831 3676 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2011/07/18 06:03:29.0846 3676 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/18 06:03:29.0862 3676 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/18 06:03:29.0878 3676 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/18 06:03:29.0878 3676 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2011/07/18 06:03:29.0909 3676 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2011/07/18 06:03:29.0909 3676 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/18 06:03:29.0940 3676 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2011/07/18 06:03:29.0956 3676 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

2011/07/18 06:03:29.0987 3676 mrxsmb (49a432ddff0ee53ee33abb7ddd1c604a) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/18 06:03:30.0018 3676 mrxsmb10 (5f71620d64d28c399012b2c1b1ce82fb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/18 06:03:30.0018 3676 mrxsmb20 (37abc27460f9d532efdcc0116b7e5e48) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/18 06:03:30.0049 3676 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

2011/07/18 06:03:30.0065 3676 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2011/07/18 06:03:30.0080 3676 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2011/07/18 06:03:30.0096 3676 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2011/07/18 06:03:30.0127 3676 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/18 06:03:30.0143 3676 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/18 06:03:30.0158 3676 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2011/07/18 06:03:30.0190 3676 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

2011/07/18 06:03:30.0205 3676 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/07/18 06:03:30.0221 3676 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2011/07/18 06:03:30.0252 3676 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys

2011/07/18 06:03:30.0268 3676 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

2011/07/18 06:03:30.0424 3676 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/18 06:03:30.0564 3676 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

2011/07/18 06:03:30.0595 3676 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/18 06:03:30.0626 3676 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/18 06:03:30.0642 3676 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/18 06:03:30.0658 3676 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2011/07/18 06:03:30.0704 3676 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/18 06:03:30.0720 3676 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/18 06:03:30.0751 3676 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2011/07/18 06:03:30.0798 3676 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

2011/07/18 06:03:30.0829 3676 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/18 06:03:30.0860 3676 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

2011/07/18 06:03:30.0892 3676 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2011/07/18 06:03:31.0422 3676 nvlddmkm (6f9cbe52517660b68694accee35ec4d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/07/18 06:03:31.0547 3676 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2011/07/18 06:03:31.0578 3676 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2011/07/18 06:03:31.0609 3676 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2011/07/18 06:03:31.0656 3676 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/07/18 06:03:31.0703 3676 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2011/07/18 06:03:31.0718 3676 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

2011/07/18 06:03:31.0750 3676 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys

2011/07/18 06:03:31.0796 3676 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

2011/07/18 06:03:31.0812 3676 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

2011/07/18 06:03:31.0828 3676 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2011/07/18 06:03:31.0859 3676 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2011/07/18 06:03:31.0952 3676 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/18 06:03:31.0968 3676 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2011/07/18 06:03:32.0015 3676 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/18 06:03:32.0046 3676 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2011/07/18 06:03:32.0108 3676 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2011/07/18 06:03:32.0124 3676 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/18 06:03:32.0140 3676 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/18 06:03:32.0155 3676 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/18 06:03:32.0186 3676 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/18 06:03:32.0186 3676 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/18 06:03:32.0218 3676 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/18 06:03:32.0233 3676 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/18 06:03:32.0264 3676 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2011/07/18 06:03:32.0264 3676 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/18 06:03:32.0311 3676 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

2011/07/18 06:03:32.0374 3676 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/18 06:03:32.0405 3676 RTL8169 (390482953c63e81bae52f20386394421) C:\Windows\system32\DRIVERS\Rtlh64.sys

2011/07/18 06:03:32.0436 3676 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2011/07/18 06:03:32.0483 3676 ScreamBAudioSvc (e03b9294a9b70a214328b2b518f20db0) C:\Windows\system32\drivers\ScreamingBAudio64.sys

2011/07/18 06:03:32.0498 3676 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/07/18 06:03:32.0514 3676 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

2011/07/18 06:03:32.0530 3676 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

2011/07/18 06:03:32.0545 3676 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2011/07/18 06:03:32.0561 3676 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2011/07/18 06:03:32.0576 3676 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/18 06:03:32.0592 3676 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/18 06:03:32.0608 3676 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2011/07/18 06:03:32.0623 3676 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2011/07/18 06:03:32.0654 3676 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2011/07/18 06:03:32.0686 3676 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

2011/07/18 06:03:32.0732 3676 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

2011/07/18 06:03:32.0764 3676 srv (b905f2549517ec427d3e74c52fafe735) C:\Windows\system32\DRIVERS\srv.sys

2011/07/18 06:03:32.0795 3676 srv2 (4bd25bf8666ce3f089579e05fe659ed2) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/18 06:03:32.0826 3676 srvnet (caea15e0e52fb15a2c8b505643228057) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/18 06:03:32.0857 3676 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2011/07/18 06:03:32.0888 3676 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2011/07/18 06:03:32.0904 3676 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2011/07/18 06:03:32.0920 3676 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2011/07/18 06:03:32.0966 3676 Tcpip (e52f99b1160a1a1de83223379d2c1828) C:\Windows\system32\drivers\tcpip.sys

2011/07/18 06:03:33.0013 3676 Tcpip6 (e52f99b1160a1a1de83223379d2c1828) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/18 06:03:33.0060 3676 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/18 06:03:33.0076 3676 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2011/07/18 06:03:33.0091 3676 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2011/07/18 06:03:33.0122 3676 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/18 06:03:33.0138 3676 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

2011/07/18 06:03:33.0185 3676 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/18 06:03:33.0200 3676 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2011/07/18 06:03:33.0216 3676 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/18 06:03:33.0232 3676 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2011/07/18 06:03:33.0263 3676 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/18 06:03:33.0310 3676 uisp (75894b827b8ca53fc2bb991c91b6728c) C:\Windows\system32\Drivers\usbicp.sys

2011/07/18 06:03:33.0325 3676 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/18 06:03:33.0341 3676 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2011/07/18 06:03:33.0372 3676 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2011/07/18 06:03:33.0403 3676 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2011/07/18 06:03:33.0419 3676 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/18 06:03:33.0450 3676 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

2011/07/18 06:03:33.0481 3676 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/18 06:03:33.0497 3676 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2011/07/18 06:03:33.0512 3676 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/18 06:03:33.0544 3676 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/18 06:03:33.0575 3676 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

2011/07/18 06:03:33.0590 3676 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/18 06:03:33.0622 3676 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

2011/07/18 06:03:33.0637 3676 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/18 06:03:33.0653 3676 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/18 06:03:33.0684 3676 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

2011/07/18 06:03:33.0715 3676 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/18 06:03:33.0731 3676 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2011/07/18 06:03:33.0746 3676 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2011/07/18 06:03:33.0778 3676 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

2011/07/18 06:03:33.0809 3676 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

2011/07/18 06:03:33.0840 3676 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

2011/07/18 06:03:33.0871 3676 Vsdatant (8dffec0583d93bb465dfcd30d81e225b) C:\Windows\system32\DRIVERS\vsdatant.sys

2011/07/18 06:03:34.0012 3676 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2011/07/18 06:03:34.0058 3676 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2011/07/18 06:03:34.0074 3676 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/18 06:03:34.0074 3676 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/18 06:03:34.0105 3676 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2011/07/18 06:03:34.0136 3676 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/18 06:03:34.0214 3676 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/07/18 06:03:34.0261 3676 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/07/18 06:03:34.0277 3676 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/18 06:03:34.0308 3676 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/18 06:03:34.0339 3676 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0

2011/07/18 06:03:34.0355 3676 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/07/18 06:03:34.0355 3676 Boot (0x1200) (b0db5454c926edd76e661290a4268957) \Device\Harddisk0\DR0\Partition0

2011/07/18 06:03:34.0386 3676 Boot (0x1200) (88c94e9ff223df5c6bcca41a8cadc34f) \Device\Harddisk0\DR0\Partition1

2011/07/18 06:03:34.0402 3676 Boot (0x1200) (545d8c5bd489cd987847e29c731a96a5) \Device\Harddisk0\DR0\Partition2

2011/07/18 06:03:34.0402 3676 ================================================================================

2011/07/18 06:03:34.0402 3676 Scan finished

2011/07/18 06:03:34.0402 3676 ================================================================================

2011/07/18 06:03:34.0402 3700 Detected object count: 1

2011/07/18 06:03:34.0402 3700 Actual detected object count: 1

2011/07/18 06:04:13.0916 3700 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/07/18 06:04:13.0916 3700 \Device\Harddisk0\DR0 - ok

2011/07/18 06:04:13.0916 3700 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/07/18 06:04:44.0524 3736 Deinitialize success

AND

ComboFix 11-07-18.01 - Mike 07/18/2011 6:09.1.8 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4896 [GMT -4:00]

Running from: c:\users\Mike\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - Windows: deleted 24 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}

c:\users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}\chrome.manifest

c:\users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}\chrome\content\_cfg.js

c:\users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}\chrome\content\overlay.xul

c:\users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}\install.rdf

c:\users\Mike\lame_enc_en.dll

c:\users\Mike\lametritonus_en.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_usnjsvc

.

.

((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))

.

.

2011-07-18 10:08 . 2011-07-18 10:08 -------- d-----w- C:\32788R22FWJFW

2011-07-04 12:12 . 2011-07-04 12:12 0 ----a-w- c:\users\Mike\AppData\Local\Rkocuwejatazaleb.bin

2011-07-04 10:54 . 2011-07-04 10:54 -------- d-----w- c:\programdata\Canneverbe Limited

2011-07-04 10:54 . 2011-07-04 10:54 -------- d-----w- c:\users\Mike\AppData\Roaming\Canneverbe Limited

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-06 23:52 . 2010-06-12 01:14 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2010-06-12 01:14 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-01-05 413696]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="f:\program files\Adobe Reader\Reader\Reader_sl.exe" [2009-02-27 35696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [x]

R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-06-01 1038088]

R3 KodakSvc;Kodak AiO Device Service;c:\program files (x86)\Kodak\printer\center\KodakSvc.exe [2008-02-28 18944]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 27648]

R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [x]

R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]

R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 136176]

R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 136176]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

.

2011-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 20:26]

.

2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 20:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF14713.cfxxe" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-26 6962208]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-26 1833504]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = %SystemRoot%\system32\blank.htm

IE: &Windows Live Search - c:\program files (x86)\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 68.87.75.198 68.87.64.150

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

FF - Ext: Eraser: Eraser@vikram - %profile%\extensions\Eraser@vikram

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Wow6432Node-HKLM-Run-NWEReboot - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Ashampoo Burning Studio 9_is1 - f:\program files\abs9\Ashampoo Burning Studio 9\unins000.exe

AddRemove-EVPmaker_is1 - f:\evpmaker\unins000.exe

AddRemove-Fraps - f:\program files\uninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

AddRemove-{F850707C-B6A0-4B56-8709-F89CF8F9AC6D} - c:\users\Mike\AppData\Local\{6EA75E52-8FBA-433F-B3AE-6E2437B75152}\EraserSetup64.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.032"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.abr"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ani"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.arw"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.bay"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.bmp"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.bw"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.cr2"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.crw"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.cs1"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.cur"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.dcr"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.dcx"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.dib"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.djv"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.djvu"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.dng"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.emf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.eps"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.erf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.fff"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.fpx"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.gif"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.hdr"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.icl"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.icn"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.iff"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ilbm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.int"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.inta"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.iw4"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.j2c"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.j2k"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jbr"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jfif"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jif"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jp2"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpc"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpe"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpeg"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpg"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpk"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpx"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.kdc"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.lbm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.mef"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.mos"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.mrw"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.nef"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.orf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pbm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pbr"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pcd"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000)

"Progid"="ACDSee Photo Manager 2009.pct"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pcx"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pef"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pgm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000)

"Progid"="ACDSee Photo Manager 2009.pic"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000)

"Progid"="ACDSee Photo Manager 2009.pict"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pix"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.png"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ppm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.psd"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.psp"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pspbrush"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pspimage"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.raf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ras"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.raw"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rgb"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rgba"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rle"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rsb"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.sgi"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.sr2"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.srf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.tga"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.thm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.tif"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.tiff"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ttc"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ttf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.v11o"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.v11p"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.v11pf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.wbm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.wbmp"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.wmf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.xbm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.xif"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.xmp"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.xpm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\SecuROM\License information*]

"datasecu"=hex:f9,0a,95,2b,e9,d6,99,a4,55,d5,ef,b8,1e,45,d2,75,9c,0e,78,0b,15,

6a,46,84,b7,c1,93,3f,c3,76,01,d3,08,c0,a6,63,26,e2,f9,00,e0,34,d6,82,b0,46,\

"rkeysecu"=hex:a0,7f,4e,50,eb,62,92,f4,e8,ee,a7,ce,56,f4,e7,5a

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2011-07-18 06:18:08 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-18 10:18

.

Pre-Run: 260,868,521,984 bytes free

Post-Run: 260,710,146,048 bytes free

.

Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9

- - End Of File - - CEE7217D0F9C6A14FCE8D1D95657CFBA

[aliB]

hi

Step 1

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Things i would like to see in your reply:

• Malwarebytes Results.
  
• Eset scanner report.
  
• Update on how your computer is running

[zube]

here are the logs you requested. I havent noticed anything out of the ordinary, but havent had alot of time to be online today.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7193

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

7/18/2011 4:46:18 PM

mbam-log-2011-07-18 (16-46-18).txt

Scan type: Quick scan

Objects scanned: 187851

Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-11-05 02:43:19

# local_time=2009-11-05 09:43:19 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=5892 16776638 100 95 55622382 94027657 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16777214 75 74 12794830 24777493 0 0

# scanned=124880

# found=8

# cleaned=0

# scan_time=3248

C:\Program Files (x86)\Nero\Nero 9\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

F:\Junk\Keymaker09_DGN_CW.rar probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

F:\Junk\Nero-9.4.13.2d_trial.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I

F:\Junk\SSoft.AD.AD.HD.v6.5.4.9.Final.Incl.KeY_cw.rar a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I

F:\Junk\rar zip extractions\SetupAnyDVD6549.exe a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I

F:\Junk\unzips\CS4ECK.rar probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

F:\Junk\unzips\CS4 Cracking Kit\adobe-master-cs4-keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-11-08 02:48:24

# local_time=2009-11-08 09:48:24 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=5892 16776638 100 95 55884859 94290134 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16777214 75 74 13057307 25039970 0 0

# scanned=3468

# found=0

# cleaned=0

# scan_time=276

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-11-25 04:56:16

# local_time=2009-11-25 11:56:16 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=5892 16776638 100 95 57358906 95764181 0 0

# compatibility_mode=8192 67108863 100 0 818618 818618 0 0

# compatibility_mode=9217 16777214 75 74 14531354 26514017 0 0

# scanned=100381

# found=1

# cleaned=0

# scan_time=2700

C:\Program Files (x86)\Nero\Nero 9\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-02-26 02:15:34

# local_time=2010-02-26 09:15:34 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=5892 16776638 100 95 65381928 103787203 0 0

# compatibility_mode=8192 67108863 100 0 8841640 8841640 0 0

# compatibility_mode=9217 16777214 75 74 22554376 34537039 0 0

# scanned=130309

# found=4

# cleaned=0

# scan_time=5237

C:\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52d131f4-3d2b91a5 multiple threats 00000000000000000000000000000000 I

F:\Junk\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

F:\Junk\rar zip extractions\SetupAnyDVD6549.exe a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I

F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-02-26 09:10:42

# local_time=2010-02-26 04:10:42 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=5892 16776638 100 95 65406756 103812031 0 0

# compatibility_mode=8192 67108863 100 0 8866468 8866468 0 0

# compatibility_mode=9217 16777214 75 74 22579204 34561867 0 0

# scanned=130181

# found=4

# cleaned=0

# scan_time=5317

C:\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52d131f4-3d2b91a5 multiple threats 00000000000000000000000000000000 I

F:\Junk\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

F:\Junk\rar zip extractions\SetupAnyDVD6549.exe a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I

F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=stopped

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-06-04 11:13:05

# local_time=2010-06-04 07:13:05 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776638 100 45 73886830 112288517 0 0

# compatibility_mode=8192 67108863 100 0 17342954 17342954 0 0

# compatibility_mode=9217 16777214 75 74 31059290 43038353 0 0

# scanned=55231

# found=0

# cleaned=0

# scan_time=3373

ESETSmartInstaller@High as downloader log:

all ok

[aliB]

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[zube]

here is the OTL log

OTL logfile created on: 7/19/2011 4:29:30 PM - Run 2

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Mike\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.97 Gb Available Physical Memory | 82.92% Memory free

12.09 Gb Paging File | 11.14 Gb Available in Paging File | 92.13% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 296.17 Gb Total Space | 242.58 Gb Free Space | 81.91% Space Free | Partition Type: NTFS

Drive D: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 100.00 Gb Total Space | 84.90 Gb Free Space | 84.90% Space Free | Partition Type: NTFS

Drive F: | 200.00 Gb Total Space | 108.56 Gb Free Space | 54.28% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/17 16:33:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr

PRC - [2010/11/25 15:14:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2009/02/27 17:10:28 | 000,035,696 | ---- | M] (Adobe Systems Incorporated) -- F:\Program Files\Adobe Reader\Reader\reader_sl.exe

========== Modules (SafeList) ==========

MOD - [2011/07/17 16:33:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr

MOD - [2009/04/10 23:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/06/01 13:14:19 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2011/07/13 16:57:22 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/11/25 15:14:18 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®

SRV - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/06/01 13:14:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [On_Demand | Stopped] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2008/02/28 17:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/09 22:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC)

DRV:64bit: - [2010/11/09 22:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/06/30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)

DRV:64bit: - [2009/05/09 19:40:14 | 000,120,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AnyDVD.sys -- (AnyDVD)

DRV:64bit: - [2009/04/06 14:19:46 | 000,027,160 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)

DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)

DRV:64bit: - [2009/02/17 13:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2009/02/15 23:11:48 | 000,337,560 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant)

DRV:64bit: - [2008/11/10 08:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/04/22 11:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)

DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®

DRV:64bit: - [2006/11/01 00:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2006/05/24 11:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)

DRV:64bit: - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbicp.sys -- (uisp)

DRV - [2009/05/09 19:40:14 | 000,120,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

DRV - [2001/01/04 10:12:42 | 000,162,900 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\USBICP.sys -- (uisp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: Eraser@vikram:1.03

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:2.7.2.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: F:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/14 09:56:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/05 09:34:49 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D83964CE-3243-438C-8BBB-6D685E628C6C}: C:\Users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}\

[2010/10/23 11:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions

[2009/06/01 12:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2011/07/04 09:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions

[2011/01/13 17:43:43 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2010/11/19 09:36:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/13 07:23:54 | 000,000,000 | ---D | M] (uTorrentBar Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2010/11/19 09:36:20 | 000,000,000 | ---D | M] (Eraser) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\Eraser@vikram

[2011/03/05 09:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/03/05 09:34:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2011/03/05 09:34:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/07/18 06:15:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O8 - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\NV_WP_Green2-16x9.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\NV_WP_Green2-16x9.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/23 15:32:44 | 000,000,133 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 16:40:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/07/18 06:18:09 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/07/18 06:18:09 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\temp

[2011/07/18 06:08:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/07/18 06:08:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/07/18 06:08:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/07/18 06:08:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/07/18 06:08:14 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/18 06:08:10 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2011/07/18 06:07:11 | 004,155,513 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe

[2011/07/18 06:02:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\tdsskiller

[2011/07/17 16:33:02 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr

[2011/07/17 16:32:13 | 001,908,224 | ---- | C] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe

[2011/07/17 09:04:26 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.scr

[2011/07/04 06:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited

[2011/07/04 06:54:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Canneverbe Limited

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Mike\*.tmp files -> C:\Users\Mike\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/19 16:32:43 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/07/19 16:32:43 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/07/19 16:32:43 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/07/19 16:28:24 | 000,052,400 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011/07/19 16:28:23 | 000,052,400 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/07/19 16:28:16 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/19 16:28:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/19 16:28:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/19 16:28:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/18 18:26:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/18 18:03:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

[2011/07/18 06:15:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/07/18 06:07:12 | 004,155,513 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe

[2011/07/18 06:02:18 | 001,383,430 | ---- | M] () -- C:\Users\Mike\Desktop\tdsskiller.zip

[2011/07/17 19:17:45 | 000,080,384 | ---- | M] () -- C:\Users\Mike\Desktop\MBRCheck.exe

[2011/07/17 16:37:11 | 447,573,097 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/07/17 16:33:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr

[2011/07/17 16:32:39 | 001,908,224 | ---- | M] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe

[2011/07/17 09:17:10 | 000,000,000 | ---- | M] () -- C:\Users\Mike\defogger_reenable

[2011/07/17 09:04:42 | 000,302,592 | ---- | M] () -- C:\Users\Mike\Desktop\6sye35yx.exe

[2011/07/17 09:04:10 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.scr

[2011/07/17 08:58:33 | 000,050,477 | ---- | M] () -- C:\Users\Mike\Desktop\Defogger.exe

[2011/07/16 12:35:31 | 000,350,197 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml

[2011/07/16 12:11:06 | 000,729,742 | ---- | M] () -- C:\Users\Mike\AppData\Local\census.cache

[2011/07/16 12:11:03 | 000,190,153 | ---- | M] () -- C:\Users\Mike\AppData\Local\ars.cache

[2011/07/15 07:33:12 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/07/04 09:10:21 | 000,036,352 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/04 08:12:01 | 000,000,120 | ---- | M] () -- C:\Users\Mike\AppData\Local\Vhixeyiqamabimon.dat

[2011/07/04 08:12:01 | 000,000,000 | ---- | M] () -- C:\Users\Mike\AppData\Local\Rkocuwejatazaleb.bin

[2011/07/04 07:06:04 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib

[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Mike\*.tmp files -> C:\Users\Mike\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/18 06:08:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/07/18 06:08:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/07/18 06:08:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/07/18 06:08:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/07/18 06:08:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/07/18 06:02:17 | 001,383,430 | ---- | C] () -- C:\Users\Mike\Desktop\tdsskiller.zip

[2011/07/17 19:17:44 | 000,080,384 | ---- | C] () -- C:\Users\Mike\Desktop\MBRCheck.exe

[2011/07/17 09:17:10 | 000,000,000 | ---- | C] () -- C:\Users\Mike\defogger_reenable

[2011/07/17 09:04:57 | 000,302,592 | ---- | C] () -- C:\Users\Mike\Desktop\6sye35yx.exe

[2011/07/17 09:04:28 | 000,050,477 | ---- | C] () -- C:\Users\Mike\Desktop\Defogger.exe

[2011/07/12 10:42:18 | 000,729,742 | ---- | C] () -- C:\Users\Mike\AppData\Local\census.cache

[2011/07/12 10:42:09 | 000,190,153 | ---- | C] () -- C:\Users\Mike\AppData\Local\ars.cache

[2011/07/04 08:12:01 | 000,000,120 | ---- | C] () -- C:\Users\Mike\AppData\Local\Vhixeyiqamabimon.dat

[2011/07/04 08:12:01 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\Rkocuwejatazaleb.bin

[2011/05/10 15:29:59 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\{02BEBAB3-0F94-479B-A240-33B2C6DA6E2F}

[2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2010/11/09 22:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2010/11/09 22:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2010/08/29 10:43:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/04/09 14:35:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2010/04/09 14:35:06 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010/04/09 14:34:52 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2010/04/09 14:34:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2010/03/26 15:00:50 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2010/03/13 09:55:22 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2010/02/19 08:59:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009/11/05 09:25:03 | 000,000,036 | ---- | C] () -- C:\Users\Mike\AppData\Local\housecall.guid.cache

[2009/10/06 08:36:49 | 000,000,127 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\default.rss

[2009/06/06 09:35:17 | 000,017,043 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\UserTile.png

[2009/06/01 09:42:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009/05/30 14:26:03 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini

[2009/05/30 11:04:06 | 000,000,258 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2009/05/29 14:53:53 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/05/29 14:53:53 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/05/29 06:47:03 | 000,036,352 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/05/28 22:24:00 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2009/05/28 22:23:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2009/05/28 22:23:59 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini

[2009/05/28 14:26:31 | 000,052,400 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/05/28 14:23:09 | 000,052,400 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 22:48:34 | 004,495,360 | ---- | C] () -- C:\Windows\SysWow64\NlsData001d.dll

[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/05/31 09:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ACD Systems

[2011/07/04 07:02:20 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Any Video Converter

[2009/05/28 21:58:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Ashampoo

[2011/07/04 06:54:30 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Canneverbe Limited

[2009/06/07 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/11/05 08:20:40 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\FrostWire

[2009/12/27 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\GARMIN

[2009/11/22 11:30:35 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ICQ

[2010/03/20 18:58:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Leadertech

[2010/09/12 14:56:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\NCH Swift Sound

[2011/03/05 09:36:04 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\OpenOffice.org

[2009/06/06 09:35:17 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\PeerNetworking

[2009/11/05 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Screaming Bee

[2009/08/23 13:18:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\System Requirements Lab BETA

[2009/10/23 10:35:54 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\SystemRequirementsLab

[2011/07/12 07:47:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\uTorrent

[2010/03/14 08:32:34 | 000,000,000 | ---D | M] -- C:\Users\Ty\AppData\Roaming\ACD Systems

[2011/07/18 18:03:00 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job

[2011/07/18 18:38:15 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

[aliB]

hi

do you this file on your desktop ?

6sye35yx.exe

[zube]

yes i do

[aliB]

hi

Congratulations your logs appear clean :thumbsup:

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:

• Click START then RUN
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

NEXT

• Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  
• Click on the CleanUp button.
  
• Click Yes to begin the cleanup process and remove tools, including this application
  
• You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

• Keep Your windows up to date by regularly checking their website at:
  http://windowsupdate.microsoft.com/
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
• Make Internet Explorer more secure
  • Click Start > Run
    
  • Type Inetcpl.cpl & click OK
    
  • Click on the Security tab
    
  • Click Reset all zones to default level
    
  • Make sure the Internet Zone is selected & Click Custom level
    
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

  Here

  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

  • NoScript - for blocking ads and other potential website attacks
    
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
    

  [*]Click Here to learn how to keep a backup of your important files

  [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Stay safe :wave:

[zube]

Thanks very much aliB.. Could u tell me what the problem was ? I do run Firefox 99% of the time. I have taken your suggestions and thank you once again.

[aliB]

you had a Rootkit.Win32.TDSS.tdl4 infection causing redirects and we fixed that

you welcome

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!