Jump to content

Constant IP Blocks from China?


Recommended Posts

I've been getting popups from Malwarebytes Anti-Malware about outgoing connections to an IP in China. More details can be found here.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Tommy at 20:20:02 on 2011-11-12

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3579.1733 [GMT 11:00]

.

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\fsproflt.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Secunia\PSI\PSIA.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\Internet Download Manager\idman.exe

H:\Steam\Steam.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DllHost.exe

C:\PROGRAM FILES\REALTEK\AUDIO\HDA\RTHDVCPL.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uInternet Settings,ProxyOverride = *.local

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [iDMan] c:\program files\internet download manager\idman.exe /onboot

uRun: [steam] "h:\steam\steam.exe" -silent

uRun: [Google Update] "c:\users\tommy\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\tommy\appdata\roaming\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\logitech\setpointp\SetPoint.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm

IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9C6B2315-CBE4-4201-92D6-EA3A99D5C777} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 65.254.62.146 www.minecraft.net

Hosts: 65.254.62.146 minecraft.net

Hosts: 65.254.62.146 server.mojang.com

Hosts: 65.254.62.146 session.minecraft.net

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-8-4 50624]

R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-2-15 43792]

R0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [2009-10-10 20008]

R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-8-6 257064]

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2011-2-13 18544]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-8-4 33656]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 176128]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]

R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2011-2-15 73392]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-10-6 89376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-6 366152]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-11 993848]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-11 399416]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-8-18 2358656]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2010-9-13 464224]

R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\cyberlink\tv enhance\kernel\tv\TVESched.exe [2010-9-13 189792]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-10-13 8598528]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-10-13 257024]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-9-15 232512]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-6 22216]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-2-10 63872]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-2-10 141952]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-4-18 340072]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-8-28 130320]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;c:\program files\red gate\ants memory profiler 7\RedGate.Memory.IISService.exe [2011-8-21 174008]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-25 101392]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 CEDRIVER60;CEDRIVER60;c:\program files\cheat engine 6.1\dbk32.sys [2011-9-24 72576]

S3 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]

S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-7-7 17488]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2010-6-27 32256]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-15 15872]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-9-29 27192]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-26 34384]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-15 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-13 1343400]

S3 wxpSvc;webcamXP Service;c:\program files\wlite\wService.exe [2010-5-3 5027328]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2011-11-12 09:14:20 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f705e487-1fef-49dd-a604-3132c25b12df}\mpengine.dll

2011-11-12 09:14:20 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f705e487-1fef-49dd-a604-3132c25b12df}\offreg.dll

2011-11-12 09:13:08 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-10 04:50:05 -------- d-----w- c:\users\tommy\appdata\local\Akamai

2011-11-09 05:03:30 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 05:03:27 708608 ----a-w- c:\program files\common files\system\wab32.dll

2011-11-09 05:03:26 2341888 ----a-w- c:\windows\system32\win32k.sys

2011-11-09 04:55:33 -------- d-----w- c:\program files\CCleaner

2011-11-05 22:56:57 -------- d-----w- c:\program files\RADVideo

2011-11-05 02:18:05 -------- d-----w- c:\users\tommy\appdata\roaming\f-secure

2011-11-05 02:15:50 -------- d-----w- c:\programdata\F-Secure

2011-11-04 08:43:04 -------- d-----w- c:\windows\system32\directx

2011-11-04 05:09:46 -------- d-----w- c:\programdata\VS

2011-11-03 10:31:08 -------- d-----w- c:\users\tommy\appdata\roaming\Synthesia

2011-11-03 09:43:01 -------- d-----w- c:\program files\Programming Editor

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-11-02 09:01:10 -------- d-----w- c:\program files\common files\TortoiseOverlays

2011-11-02 09:01:09 -------- d-----w- c:\program files\TortoiseSVN

2011-11-01 08:39:19 -------- d-----w- c:\program files\Rock of Ages

2011-11-01 07:06:19 -------- d--h--w- c:\windows\AxInstSV

2011-11-01 02:02:34 -------- d-----w- c:\program files\AMD APP

2011-11-01 01:58:32 -------- d-----w- C:\ATI

2011-10-24 03:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 03:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-20 08:58:25 -------- d-----w- c:\program files\common files\Symantec Shared

2011-10-20 08:47:44 -------- d-----w- c:\programdata\Symantec

2011-10-20 08:47:39 -------- d-----w- c:\programdata\Norton

2011-10-20 08:47:37 -------- d-----w- c:\programdata\NortonInstaller

2011-10-18 05:46:45 -------- d-----w- c:\users\tommy\appdata\roaming\JustDecompile

2011-10-17 05:09:01 -------- d-----w- c:\users\tommy\appdata\roaming\WinPatrol

2011-10-17 05:08:55 -------- d-----w- c:\programdata\InstallMate

2011-10-17 05:08:55 -------- d-----w- c:\program files\BillP Studios

2011-10-16 08:04:51 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-16 08:04:51 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-16 08:00:42 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-16 08:00:42 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-16 07:55:32 18139008 ----a-w- c:\program files\common files\microsoft shared\office14\MSO.DLL

2011-10-16 05:15:37 -------- d-----w- c:\users\tommy\appdata\local\temp

2011-10-14 09:42:00 -------- d-----w- c:\program files\iTunes

2011-10-14 09:42:00 -------- d-----w- c:\program files\iPod

2011-10-14 09:39:45 -------- d-----w- c:\program files\Bonjour

2011-10-14 08:02:34 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll

2011-10-14 05:07:19 -------- d-----w- c:\program files\Sophos

.

==================== Find3M ====================

.

2011-10-25 20:50:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-12 20:55:06 8598528 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-10-12 20:14:36 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2011-10-12 20:14:26 736768 ----a-w- c:\windows\system32\aticfx32.dll

2011-10-12 20:10:28 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-10-12 20:10:00 397312 ----a-w- c:\windows\system32\atieclxx.exe

2011-10-12 20:09:32 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-10-12 20:08:24 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-10-12 20:08:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-10-12 20:07:58 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-10-12 20:07:52 20992 ----a-w- c:\windows\system32\atimuixx.dll

2011-10-12 20:07:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-10-12 20:04:42 4231680 ----a-w- c:\windows\system32\atidxx32.dll

2011-10-12 20:04:14 18630656 ----a-w- c:\windows\system32\atioglxx.dll

2011-10-12 19:46:18 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-10-12 19:46:08 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-10-12 19:44:28 4289024 ----a-w- c:\windows\system32\atiumdag.dll

2011-10-12 19:44:20 1828864 ----a-w- c:\windows\system32\atiumdmv.dll

2011-10-12 19:42:56 8391680 ----a-w- c:\windows\system32\aticaldd.dll

2011-10-12 19:39:36 52736 ----a-w- c:\windows\system32\coinst.dll

2011-10-12 19:33:10 4174848 ----a-w- c:\windows\system32\atiumdva.dll

2011-10-12 19:31:20 335872 ----a-w- c:\windows\system32\atiadlxx.dll

2011-10-12 19:31:02 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2011-10-12 19:30:50 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-10-12 19:30:18 257024 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-10-12 19:29:42 31744 ----a-w- c:\windows\system32\atiuxpag.dll

2011-10-12 19:29:26 29184 ----a-w- c:\windows\system32\atiu9pag.dll

2011-10-12 19:28:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-10-12 19:16:42 53760 ----a-w- c:\windows\system32\atimpc32.dll

2011-10-12 19:16:42 53760 ----a-w- c:\windows\system32\amdpcom32.dll

2011-10-12 05:16:30 56832 ----a-w- c:\windows\system32\OpenVideo.dll

2011-10-12 05:15:40 13753856 ----a-w- c:\windows\system32\amdocl.dll

2011-10-12 05:14:50 43520 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-04 08:00:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll

2011-10-04 03:00:38 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-10-04 03:00:30 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-10-04 03:00:30 280904 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-10-04 02:54:33 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-10-04 02:38:41 138056 ----a-w- c:\users\tommy\appdata\roaming\PnkBstrK.sys

2011-10-04 02:38:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-10-02 18:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-26 01:33:46 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe

2011-09-25 09:33:48 216064 ----a-w- c:\windows\system32\lagarith.dll

2011-09-15 06:39:50 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 07:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-30 12:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 12:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-17 06:15:34 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-08-15 05:06:20 90928 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-08-15 05:06:20 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-08-15 05:06:20 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

.

============= FINISH: 20:20:58.43 ===============

Link to post
Share on other sites

  • Replies 82
  • Created
  • Last Reply

Top Posters In This Topic

Hello master131! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Please generate a new fresh DDS log file. Please post both logs in your next reply.

Link to post
Share on other sites

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Tommy at 19:22:10 on 2011-11-17

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3579.1902 [GMT 11:00]

.

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\fsproflt.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Secunia\PSI\PSIA.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Secunia\PSI\sua.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Internet Download Manager\idman.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\PROGRAM FILES\REALTEK\AUDIO\HDA\RTHDVCPL.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmplayer.exe

H:\Steam\steam.exe

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uInternet Settings,ProxyOverride = *.local

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [iDMan] c:\program files\internet download manager\idman.exe /onboot

uRun: [steam] "h:\steam\steam.exe" -silent

uRun: [Google Update] "c:\users\tommy\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\tommy\appdata\roaming\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\logitech\setpointp\SetPoint.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm

IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9C6B2315-CBE4-4201-92D6-EA3A99D5C777} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-8-4 50624]

R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-2-15 43792]

R0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [2009-10-10 20008]

R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-8-6 257064]

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2011-2-13 18544]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-8-4 33656]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 176128]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]

R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2011-2-15 73392]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-10-6 89376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-6 366152]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-11 993848]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-11 399416]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-8-18 2358656]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2010-9-13 464224]

R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\cyberlink\tv enhance\kernel\tv\TVESched.exe [2010-9-13 189792]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-10-13 8598528]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-10-13 257024]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-9-15 232512]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-6 22216]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-2-10 63872]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-2-10 141952]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-4-18 340072]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-8-28 130320]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;c:\program files\red gate\ants memory profiler 7\RedGate.Memory.IISService.exe [2011-8-21 174008]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-25 101392]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 CEDRIVER60;CEDRIVER60;c:\program files\cheat engine 6.1\dbk32.sys [2011-9-24 72576]

S3 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]

S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-7-7 17488]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2010-6-27 32256]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-15 15872]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-9-29 27192]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-26 34384]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-15 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-13 1343400]

S3 wxpSvc;webcamXP Service;c:\program files\wlite\wService.exe [2010-5-3 5027328]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2011-11-17 04:56:20 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{329f9cc0-0897-4173-b4b1-5cdd342e042a}\offreg.dll

2011-11-16 04:50:11 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{329f9cc0-0897-4173-b4b1-5cdd342e042a}\mpengine.dll

2011-11-13 09:16:50 -------- d-----w- c:\program files\RAM Def XT

2011-11-10 04:50:05 -------- d-----w- c:\users\tommy\appdata\local\Akamai

2011-11-09 05:03:30 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 05:03:27 708608 ----a-w- c:\program files\common files\system\wab32.dll

2011-11-09 05:03:26 2341888 ----a-w- c:\windows\system32\win32k.sys

2011-11-09 04:55:33 -------- d-----w- c:\program files\CCleaner

2011-11-05 22:56:57 -------- d-----w- c:\program files\RADVideo

2011-11-05 02:18:05 -------- d-----w- c:\users\tommy\appdata\roaming\f-secure

2011-11-05 02:15:50 -------- d-----w- c:\programdata\F-Secure

2011-11-04 08:43:04 -------- d-----w- c:\windows\system32\directx

2011-11-04 05:09:46 -------- d-----w- c:\programdata\VS

2011-11-03 10:31:08 -------- d-----w- c:\users\tommy\appdata\roaming\Synthesia

2011-11-03 09:43:01 -------- d-----w- c:\program files\Programming Editor

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-11-02 09:01:10 -------- d-----w- c:\program files\common files\TortoiseOverlays

2011-11-02 09:01:09 -------- d-----w- c:\program files\TortoiseSVN

2011-11-01 08:39:19 -------- d-----w- c:\program files\Rock of Ages

2011-11-01 07:06:19 -------- d--h--w- c:\windows\AxInstSV

2011-11-01 02:02:34 -------- d-----w- c:\program files\AMD APP

2011-11-01 01:58:32 -------- d-----w- C:\ATI

2011-10-24 03:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 03:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-20 08:58:25 -------- d-----w- c:\program files\common files\Symantec Shared

2011-10-20 08:47:44 -------- d-----w- c:\programdata\Symantec

2011-10-20 08:47:39 -------- d-----w- c:\programdata\Norton

2011-10-20 08:47:37 -------- d-----w- c:\programdata\NortonInstaller

.

==================== Find3M ====================

.

2011-11-13 04:25:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-12 20:55:06 8598528 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-10-12 20:14:36 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2011-10-12 20:14:26 736768 ----a-w- c:\windows\system32\aticfx32.dll

2011-10-12 20:10:28 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-10-12 20:10:00 397312 ----a-w- c:\windows\system32\atieclxx.exe

2011-10-12 20:09:32 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-10-12 20:08:24 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-10-12 20:08:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-10-12 20:07:58 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-10-12 20:07:52 20992 ----a-w- c:\windows\system32\atimuixx.dll

2011-10-12 20:07:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-10-12 20:04:42 4231680 ----a-w- c:\windows\system32\atidxx32.dll

2011-10-12 20:04:14 18630656 ----a-w- c:\windows\system32\atioglxx.dll

2011-10-12 19:46:18 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-10-12 19:46:08 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-10-12 19:44:28 4289024 ----a-w- c:\windows\system32\atiumdag.dll

2011-10-12 19:44:20 1828864 ----a-w- c:\windows\system32\atiumdmv.dll

2011-10-12 19:42:56 8391680 ----a-w- c:\windows\system32\aticaldd.dll

2011-10-12 19:39:36 52736 ----a-w- c:\windows\system32\coinst.dll

2011-10-12 19:33:10 4174848 ----a-w- c:\windows\system32\atiumdva.dll

2011-10-12 19:31:20 335872 ----a-w- c:\windows\system32\atiadlxx.dll

2011-10-12 19:31:02 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2011-10-12 19:30:50 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-10-12 19:30:18 257024 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-10-12 19:29:42 31744 ----a-w- c:\windows\system32\atiuxpag.dll

2011-10-12 19:29:26 29184 ----a-w- c:\windows\system32\atiu9pag.dll

2011-10-12 19:28:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-10-12 19:16:42 53760 ----a-w- c:\windows\system32\atimpc32.dll

2011-10-12 19:16:42 53760 ----a-w- c:\windows\system32\amdpcom32.dll

2011-10-12 05:16:30 56832 ----a-w- c:\windows\system32\OpenVideo.dll

2011-10-12 05:15:40 13753856 ----a-w- c:\windows\system32\amdocl.dll

2011-10-12 05:14:50 43520 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-04 08:00:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll

2011-10-04 03:00:38 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-10-04 03:00:30 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-10-04 03:00:30 280904 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-10-04 02:54:33 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-10-04 02:38:41 138056 ----a-w- c:\users\tommy\appdata\roaming\PnkBstrK.sys

2011-10-04 02:38:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-10-02 18:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-26 01:33:46 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe

2011-09-25 09:33:48 216064 ----a-w- c:\windows\system32\lagarith.dll

2011-09-15 06:39:50 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 07:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-30 12:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 12:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll

.

============= FINISH: 19:23:21.52 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 12/04/2011 10:48:28 PM

System Uptime: 17/11/2011 3:53:38 PM (4 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD3

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | Socket 1156 | 3000/150mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 212.34 GiB free.

D: is CDROM ()

H: is FIXED (NTFS) - 932 GiB total, 844.862 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: sptd

Device ID: ROOT\LEGACY_SPTD\0000

Manufacturer:

Name: sptd

PNP Device ID: ROOT\LEGACY_SPTD\0000

Service: sptd

.

==== System Restore Points ===================

.

RP188: 9/11/2011 3:52:38 PM - Windows Update

RP189: 9/11/2011 5:30:47 PM - Windows Update

RP190: 11/11/2011 4:18:52 PM - Windows Update

RP192: 11/11/2011 5:03:54 PM - Installed DirectX

RP193: 16/11/2011 3:49:50 PM - Windows Update

.

==== Installed Programs ======================

.

.NET Reflector 6

3D Ripper DX v1.8.1

ActiveState ActivePython 2.6.5.14 (32-bit)

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe CMaps CS4

Adobe Color Video Profiles AE CS4

Adobe Community Help

Adobe Default Language CS4

Adobe Dynamiclink Support

Adobe ExtendScript Toolkit CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Flash Professional CS5

Adobe Fonts All

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS5

Adobe Reader X (10.1.1)

Adobe Setup

Adobe Shockwave Player 11.6

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe XMP Panels CS4

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

ANTS Memory Profiler 7

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASIO4ALL

ATI AVIVO Codecs

ATI Catalyst Registration

ATI Problem Report Wizard

Autodesk DirectConnect 2009

AutoHotkey 1.0.48.05.L61

Battlefield 3™ Open Beta

Battlelog Web Plugins

Bonjour

Call of Duty® - World at War

Call of Duty® - World at War 1.1 Patch

Call of Duty® - World at War 1.2 Patch

Call of Duty® - World at War 1.4 Patch

Call of Duty® - World at War 1.5 Patch

Call of Duty® - World at War 1.6 Patch

Call of Duty® - World at War 1.7 Patch

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Call of Duty: Modern Warfare 2

Call of Duty: Modern Warfare 2 - Multiplayer

Call of Duty: Modern Warfare 3

Call of Duty: Modern Warfare 3 - Dedicated Server

Call of Duty: Modern Warfare 3 - Multiplayer

Captcha.trader Mipony Plugin 1.0

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

ccc-utility

CCC Help English

CCleaner

Cheat Engine 6.1

ConvertXtoDVD 4.1.10.348

CoreAAC

CPUID HWMonitor 1.17

Crystal Reports for Visual Studio

CyberLink PowerCinema

DAEMON Tools Lite

Data Lifeguard Diagnostic for Windows 1.22

Debugging Tools for Windows (x86)

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DotNetBar v8.8.0.0

Driver Genius Professional Edition

Dxtory 2.0.109

Easy Tune 6 B10.1024.1

Eazfuscator.NET

eReg

ESET Online Scanner v3

ESET Smart Security

ESN Sonar

Exception Hunter 2

Folding@home-x86

Fraps (remove only)

From Dust

GameMaker 8.1

Garena 2010

Google Chrome

Grand Theft Auto IV

Gyazo 1.0

Hide Folders 2009 3.2 for Windows XP/Vista

High-Definition Video Playback 10

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2522890)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2565057)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)

HxD Hex Editor version 1.7.7.0

HydraVision

Internet Download Manager

iTunes

Java Auto Updater

Java 6 Update 29

K-Lite Mega Codec Pack 7.8.0

LEAD MCMP_MJPEG Codec

Little Fighter 2 version 2.0a

Logitech SetPoint 6.30

Malwarebytes' Anti-Malware version 1.51.2.1300

marvell 91xx driver

Maya 2009

Maya 2009 Documentation (en_US)

MediaInfo 0.7.50

Messenger Plus! 5

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

Microsoft Choice Guard

Microsoft Corporation

Microsoft DirectX SDK (June 2010)

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Help Viewer 1.1

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime v1.0 SP1 (x86)

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Sync Framework Services v1.0 SP1 (x86)

Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)

Microsoft Team Foundation Server 2010 Object Model - ENU

Microsoft Visual Basic 2010 Express - ENU

Microsoft Visual C# 2010 Express - ENU

Microsoft Visual C++ Compilers 2010 Standard - enu - x86

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual C++ 2010 Express - ENU

Microsoft Visual F# 2.0 Runtime

Microsoft Visual J# 2.0 Redistributable Package - SE

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Office Developer Tools (x86)

Microsoft Visual Studio 2010 Professional - ENU

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2010 SharePoint Developer Tools

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

Microsoft Visual Studio Macro Tools

Microsoft Word 2010

Microsoft WSE 3.0 Runtime

Microsoft XML Parser

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

MiPony 1.5.1

MKVtoolnix 3.3.0

MPEG2 Codec(libmpeg2/mad)

MSI Afterburner 2.1.0

MSVCRT

MSXML 4.0 SP2 Parser and SDK

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero Burning ROM 10

Nero Control Center 10

Nero Core Components 10

Nero Dolby Files 10

Nero Express 10

Nero Multimedia Suite 10

Nero StartSmart 10

Nero Update

Nexon Game Manager

Notepad++

NVIDIA Photoshop Plug-ins

NVIDIA PhysX

NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit

ON_OFF Charge B11.0110.1

OpenAL

Orb Runtime libraries

Origin

PDF Settings CS5

PE Explorer 1.99 R6

Photoshop Camera Raw

PlayFLV

Portal

PRGrep

Programming Editor

Project64 1.6

Python 2.6 py2exe-0.6.9

Python 2.7

QuickTime

RAD Video Tools

RapidShare Manager

Realtek Ethernet Controller Driver

Realtek HDMI Audio Driver for ATI

Realtek High Definition Audio Driver

Recuva

Renesas Electronics USB 3.0 Host Controller Driver

Revo Uninstaller Pro 2.5.5

RoboForm 7-4-1 (All Users)

Rockstar Games Social Club

Sandboxie 3.58 (32-bit)

Secunia PSI (2.0.0.3001)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Service Pack 1 for SQL Server 2008 (KB968369)

SizeExplorer Free 4.1

Skype™ 5.5

SlimDX SDK (March 2011)

SmartAssembly 6

Snagit 10

SpeedConnect Internet Accelerator v.7.5

SpywareBlaster 4.4

Sql Server Customer Experience Improvement Program

Steam

StudioCompiler v0.4A

Suite Shared Configuration CS4

SUPERAntiSpyware

swMSM

System Requirements Lab CYRI

Team Fortress 2

TeamSpeak 3 Client

TeamViewer 6

Telerik RadControls for WinForms Q2 2010 SP2

Text-To-Speech-Runtime

The Compressonator 1.50

The Lord of the Rings FREE Trial

Thumbplug TGA

TomTom HOME 2.7.6.2056

TomTom HOME Visual Studio Merge Modules

TortoiseSVN 1.7.1.22161 (32 bit)

TVersity Codec Pack 1.4

Ubisoft Game Launcher

Unity Web Player

Unlocker 1.9.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

VBConversions VB.Net to C# Converter Version 2.30

VideoMate U500 Family Driver

VirusTotal Uploader 2.0

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VTF Shell Extensions 1.0.6.1

WCF RIA Services V1.0 SP1

Web Deployment Tool

Windows Installer Clean Up

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

Windows XP Mode

WinPatrol

WinPcap 4.1.2

WinSCP 4.1.8

XChat-WDK

.

==== Event Viewer Messages From Past Week ========

.

17/11/2011 3:54:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd

17/11/2011 3:53:40 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .

13/11/2011 3:25:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

13/11/2011 3:25:28 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

13/11/2011 2:58:45 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

13/11/2011 11:40:02 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer LISA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9C6B2315-CBE4-4201-92D6-EA3A99D5C7. The master browser is stopping or an election is being forced.

12/11/2011 8:08:26 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

12/11/2011 12:02:06 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Desktop Window Manager Session Manager service, but this action failed with the following error: An instance of the service is already running.

12/11/2011 12:01:06 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.

12/11/2011 12:00:06 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/11/2011 12:00:06 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/11/2011 12:00:06 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/11/2011 12:00:06 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/11/2011 12:00:06 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/11/2011 12:00:06 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/11/2011 12:00:06 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

12/11/2011 12:00:06 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/11/2011 12:00:06 AM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/11/2011 12:00:06 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/11/2011 12:00:06 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/11/2011 6:14:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.

.

==== End Of File ===========================

Link to post
Share on other sites

Alright, I got it again very late last night:

22:18:38 Tommy IP-BLOCK 222.69.210.82 (Type: outgoing, Port: 64938, Process: svchost.exe)

22:18:46 Tommy IP-BLOCK 222.69.210.82 (Type: outgoing, Port: 64938, Process: svchost.exe)

22:18:46 Tommy IP-BLOCK 222.69.210.82 (Type: outgoing, Port: 64938, Process: svchost.exe)

22:47:52 Tommy IP-BLOCK 222.69.210.82 (Type: outgoing, Port: 64938, Process: svchost.exe)

22:48:00 Tommy IP-BLOCK 222.69.210.82 (Type: outgoing, Port: 64938, Process: svchost.exe)

22:48:00 Tommy IP-BLOCK 222.69.210.82 (Type: outgoing, Port: 64938, Process: svchost.exe)

22:48:00 Tommy IP-BLOCK 222.69.210.82 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:31:41 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:31:41 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:31:41 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:31:41 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:31:41 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:31:41 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:31:49 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:31:49 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:31:49 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:31:49 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:31:57 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:32:05 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:32:05 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:32:05 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:32:05 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:32:05 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:32:05 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:32:05 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:32:05 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:32:13 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

23:32:13 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 64938, Process: svchost.exe)

IDM was indeed running in the background (because of the integration thing) though so I don't know if it was that causing it.

Link to post
Share on other sites

It happened again, despite IDM being uninstalled:

20:01:06 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:06 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:14 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:14 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:14 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:14 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:14 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:14 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:14 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:14 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:22 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:22 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:22 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:22 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:22 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:22 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:22 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:30 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:30 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:38 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:38 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:38 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:38 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:46 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:46 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:46 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:46 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:46 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

20:01:46 Tommy IP-BLOCK 220.248.167.238 (Type: outgoing, Port: 64938, Process: svchost.exe)

Link to post
Share on other sites

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Tommy at 15:51:30 on 2011-11-22

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3579.1691 [GMT 11:00]

.

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\fsproflt.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Program Files\Secunia\PSI\sua.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\sppsvc.exe

C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

H:\Steam\Steam.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tommy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [steam] "h:\steam\steam.exe" -silent

uRun: [Google Update] "c:\users\tommy\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\tommy\appdata\roaming\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\logitech\setpointp\SetPoint.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm

IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9C6B2315-CBE4-4201-92D6-EA3A99D5C777} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-8-4 50624]

R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-2-15 43792]

R0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [2009-10-10 20008]

R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-8-6 257064]

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2011-2-13 18544]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-8-4 33656]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 176128]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]

R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2011-2-15 73392]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-11 993848]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-11 399416]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-8-18 2358656]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2010-9-13 464224]

R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\cyberlink\tv enhance\kernel\tv\TVESched.exe [2010-9-13 189792]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-10-13 8598528]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-10-13 257024]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-9-15 232512]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-2-10 63872]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-2-10 141952]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-4-18 340072]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-8-28 130320]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-6 366152]

S2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]

S3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;c:\program files\red gate\ants memory profiler 7\RedGate.Memory.IISService.exe [2011-8-21 174008]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-25 101392]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 CEDRIVER60;CEDRIVER60;c:\program files\cheat engine 6.1\dbk32.sys [2011-9-24 72576]

S3 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]

S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-7-7 17488]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2010-6-27 32256]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-6 22216]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-15 15872]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-9-29 27192]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-26 34384]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-15 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-13 1343400]

S3 wxpSvc;webcamXP Service;c:\program files\wlite\wService.exe [2010-5-3 5027328]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2011-11-19 13:19:17 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d730c68a-50a1-42f4-9ae5-690994b5b6ee}\mpengine.dll

2011-11-13 09:16:50 -------- d-----w- c:\program files\RAM Def XT

2011-11-10 04:50:05 -------- d-----w- c:\users\tommy\appdata\local\Akamai

2011-11-09 05:03:30 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 05:03:27 708608 ----a-w- c:\program files\common files\system\wab32.dll

2011-11-09 05:03:26 2341888 ----a-w- c:\windows\system32\win32k.sys

2011-11-09 04:55:33 -------- d-----w- c:\program files\CCleaner

2011-11-05 22:56:57 -------- d-----w- c:\program files\RADVideo

2011-11-05 02:18:05 -------- d-----w- c:\users\tommy\appdata\roaming\f-secure

2011-11-05 02:15:50 -------- d-----w- c:\programdata\F-Secure

2011-11-04 08:43:04 -------- d-----w- c:\windows\system32\directx

2011-11-04 05:09:46 -------- d-----w- c:\programdata\VS

2011-11-03 10:31:08 -------- d-----w- c:\users\tommy\appdata\roaming\Synthesia

2011-11-03 09:43:01 -------- d-----w- c:\program files\Programming Editor

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-11-03 06:37:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-11-02 09:01:10 -------- d-----w- c:\program files\common files\TortoiseOverlays

2011-11-02 09:01:09 -------- d-----w- c:\program files\TortoiseSVN

2011-11-01 08:39:19 -------- d-----w- c:\program files\Rock of Ages

2011-11-01 07:06:19 -------- d--h--w- c:\windows\AxInstSV

2011-11-01 02:02:34 -------- d-----w- c:\program files\AMD APP

2011-11-01 01:58:32 -------- d-----w- C:\ATI

2011-10-24 03:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 03:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

==================== Find3M ====================

.

2011-11-13 04:25:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-22 11:05:08 65536 ----a-w- c:\windows\system32\frapsvid.dll

2011-10-12 20:55:06 8598528 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-10-12 20:14:36 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2011-10-12 20:14:26 736768 ----a-w- c:\windows\system32\aticfx32.dll

2011-10-12 20:10:28 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-10-12 20:10:00 397312 ----a-w- c:\windows\system32\atieclxx.exe

2011-10-12 20:09:32 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-10-12 20:08:24 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-10-12 20:08:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-10-12 20:07:58 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-10-12 20:07:52 20992 ----a-w- c:\windows\system32\atimuixx.dll

2011-10-12 20:07:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-10-12 20:04:42 4231680 ----a-w- c:\windows\system32\atidxx32.dll

2011-10-12 20:04:14 18630656 ----a-w- c:\windows\system32\atioglxx.dll

2011-10-12 19:46:18 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-10-12 19:46:08 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-10-12 19:44:28 4289024 ----a-w- c:\windows\system32\atiumdag.dll

2011-10-12 19:44:20 1828864 ----a-w- c:\windows\system32\atiumdmv.dll

2011-10-12 19:42:56 8391680 ----a-w- c:\windows\system32\aticaldd.dll

2011-10-12 19:39:36 52736 ----a-w- c:\windows\system32\coinst.dll

2011-10-12 19:33:10 4174848 ----a-w- c:\windows\system32\atiumdva.dll

2011-10-12 19:31:20 335872 ----a-w- c:\windows\system32\atiadlxx.dll

2011-10-12 19:31:02 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2011-10-12 19:30:50 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-10-12 19:30:18 257024 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-10-12 19:29:42 31744 ----a-w- c:\windows\system32\atiuxpag.dll

2011-10-12 19:29:26 29184 ----a-w- c:\windows\system32\atiu9pag.dll

2011-10-12 19:28:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-10-12 19:16:42 53760 ----a-w- c:\windows\system32\atimpc32.dll

2011-10-12 19:16:42 53760 ----a-w- c:\windows\system32\amdpcom32.dll

2011-10-12 05:16:30 56832 ----a-w- c:\windows\system32\OpenVideo.dll

2011-10-12 05:15:40 13753856 ----a-w- c:\windows\system32\amdocl.dll

2011-10-12 05:14:50 43520 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-04 08:00:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll

2011-10-04 03:00:38 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-10-04 03:00:30 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-10-04 03:00:30 280904 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-10-04 02:54:33 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-10-04 02:38:41 138056 ----a-w- c:\users\tommy\appdata\roaming\PnkBstrK.sys

2011-10-04 02:38:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-10-02 18:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-26 01:33:46 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe

2011-09-25 09:33:48 216064 ----a-w- c:\windows\system32\lagarith.dll

2011-09-15 06:39:50 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 07:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-30 12:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 12:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll

.

============= FINISH: 15:52:55.67 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 12/04/2011 10:48:28 PM

System Uptime: 22/11/2011 3:50:20 PM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD3

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | Socket 1156 | 3000/150mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 211.72 GiB free.

D: is CDROM ()

H: is FIXED (NTFS) - 932 GiB total, 847.516 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: sptd

Device ID: ROOT\LEGACY_SPTD\0000

Manufacturer:

Name: sptd

PNP Device ID: ROOT\LEGACY_SPTD\0000

Service: sptd

.

==== System Restore Points ===================

.

RP188: 9/11/2011 3:52:38 PM - Windows Update

RP189: 9/11/2011 5:30:47 PM - Windows Update

RP190: 11/11/2011 4:18:52 PM - Windows Update

RP192: 11/11/2011 5:03:54 PM - Installed DirectX

RP193: 16/11/2011 3:49:50 PM - Windows Update

RP194: 20/11/2011 12:18:58 AM - Windows Update

.

==== Installed Programs ======================

.

.NET Reflector 6

3D Ripper DX v1.8.1

ActiveState ActivePython 2.6.5.14 (32-bit)

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe CMaps CS4

Adobe Color Video Profiles AE CS4

Adobe Community Help

Adobe Default Language CS4

Adobe Dynamiclink Support

Adobe ExtendScript Toolkit CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Flash Professional CS5

Adobe Fonts All

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS5

Adobe Reader X (10.1.1)

Adobe Setup

Adobe Shockwave Player 11.6

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe XMP Panels CS4

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

ANTS Memory Profiler 7

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASIO4ALL

ATI AVIVO Codecs

ATI Catalyst Registration

ATI Problem Report Wizard

Autodesk DirectConnect 2009

AutoHotkey 1.0.48.05.L61

Battlefield 3™ Open Beta

Battlelog Web Plugins

Bonjour

Call of Duty® - World at War

Call of Duty® - World at War 1.1 Patch

Call of Duty® - World at War 1.2 Patch

Call of Duty® - World at War 1.4 Patch

Call of Duty® - World at War 1.5 Patch

Call of Duty® - World at War 1.6 Patch

Call of Duty® - World at War 1.7 Patch

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Call of Duty: Modern Warfare 2

Call of Duty: Modern Warfare 2 - Multiplayer

Call of Duty: Modern Warfare 3

Call of Duty: Modern Warfare 3 - Dedicated Server

Call of Duty: Modern Warfare 3 - Multiplayer

Captcha.trader Mipony Plugin 1.0

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

ccc-utility

CCC Help English

CCleaner

Cheat Engine 6.1

ConvertXtoDVD 4.1.10.348

CoreAAC

CPUID HWMonitor 1.17

Crystal Reports for Visual Studio

CyberLink PowerCinema

DAEMON Tools Lite

Data Lifeguard Diagnostic for Windows 1.22

Debugging Tools for Windows (x86)

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DotNetBar v8.8.0.0

Driver Genius Professional Edition

Dxtory 2.0.109

Easy Tune 6 B10.1024.1

Eazfuscator.NET

eReg

ESET Online Scanner v3

ESET Smart Security

ESN Sonar

Exception Hunter 2

Folding@home-x86

Fraps (remove only)

From Dust

GameMaker 8.1

Garena 2010

Google Chrome

Grand Theft Auto IV

Gyazo 1.0

Hide Folders 2009 3.2 for Windows XP/Vista

High-Definition Video Playback 10

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2522890)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2565057)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)

HxD Hex Editor version 1.7.7.0

HydraVision

iTunes

Java Auto Updater

Java 6 Update 29

K-Lite Mega Codec Pack 7.8.0

LEAD MCMP_MJPEG Codec

Little Fighter 2 version 2.0a

Logitech SetPoint 6.30

Malwarebytes' Anti-Malware version 1.51.2.1300

marvell 91xx driver

Maya 2009

Maya 2009 Documentation (en_US)

MediaInfo 0.7.50

Messenger Plus! 5

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

Microsoft Choice Guard

Microsoft Corporation

Microsoft DirectX SDK (June 2010)

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Help Viewer 1.1

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime v1.0 SP1 (x86)

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Sync Framework Services v1.0 SP1 (x86)

Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)

Microsoft Team Foundation Server 2010 Object Model - ENU

Microsoft Visual Basic 2010 Express - ENU

Microsoft Visual C# 2010 Express - ENU

Microsoft Visual C++ Compilers 2010 Standard - enu - x86

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual C++ 2010 Express - ENU

Microsoft Visual F# 2.0 Runtime

Microsoft Visual J# 2.0 Redistributable Package - SE

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Office Developer Tools (x86)

Microsoft Visual Studio 2010 Professional - ENU

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2010 SharePoint Developer Tools

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

Microsoft Visual Studio Macro Tools

Microsoft Word 2010

Microsoft WSE 3.0 Runtime

Microsoft XML Parser

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

MiPony 1.5.2

MKVtoolnix 3.3.0

MPEG2 Codec(libmpeg2/mad)

MSI Afterburner 2.1.0

MSVCRT

MSXML 4.0 SP2 Parser and SDK

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero Burning ROM 10

Nero Control Center 10

Nero Core Components 10

Nero Dolby Files 10

Nero Express 10

Nero Multimedia Suite 10

Nero StartSmart 10

Nero Update

Nexon Game Manager

Notepad++

NVIDIA Photoshop Plug-ins

NVIDIA PhysX

NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit

ON_OFF Charge B11.0110.1

OpenAL

Orb Runtime libraries

Origin

PDF Settings CS5

PE Explorer 1.99 R6

Photoshop Camera Raw

PlayFLV

Portal

PRGrep

Programming Editor

Project64 1.6

Python 2.6 py2exe-0.6.9

Python 2.7

QuickTime

RAD Video Tools

Realtek Ethernet Controller Driver

Realtek HDMI Audio Driver for ATI

Realtek High Definition Audio Driver

Recuva

Renesas Electronics USB 3.0 Host Controller Driver

Revo Uninstaller Pro 2.5.5

RoboForm 7-4-1 (All Users)

Rockstar Games Social Club

Sandboxie 3.58 (32-bit)

Secunia PSI (2.0.0.3001)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Service Pack 1 for SQL Server 2008 (KB968369)

SizeExplorer Free 4.1

Skype™ 5.5

SlimDX SDK (March 2011)

SmartAssembly 6

Snagit 10

SpeedConnect Internet Accelerator v.7.5

SpywareBlaster 4.4

Sql Server Customer Experience Improvement Program

Steam

StudioCompiler v0.4A

Suite Shared Configuration CS4

SUPERAntiSpyware

swMSM

System Requirements Lab CYRI

Team Fortress 2

TeamSpeak 3 Client

TeamViewer 6

Telerik RadControls for WinForms Q2 2010 SP2

Text-To-Speech-Runtime

The Compressonator 1.50

The Lord of the Rings FREE Trial

Thumbplug TGA

TomTom HOME 2.7.6.2056

TomTom HOME Visual Studio Merge Modules

TortoiseSVN 1.7.1.22161 (32 bit)

TVersity Codec Pack 1.4

Ubisoft Game Launcher

Unity Web Player

Unlocker 1.9.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

VBConversions VB.Net to C# Converter Version 2.30

VideoMate U500 Family Driver

VirusTotal Uploader 2.0

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VTF Shell Extensions 1.0.6.1

WCF RIA Services V1.0 SP1

Web Deployment Tool

Windows Installer Clean Up

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

Windows XP Mode

WinPatrol

WinPcap 4.1.2

WinSCP 4.1.8

XChat-WDK

.

==== Event Viewer Messages From Past Week ========

.

22/11/2011 3:50:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd

22/11/2011 3:50:22 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .

20/11/2011 12:29:18 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer LISA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9C6B2315-CBE4-4201-92D6-EA3A99D5C7. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8213

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

22/11/2011 10:25:41 PM

mbam-log-2011-11-22 (22-25-41).txt

Scan type: Quick scan

Objects scanned: 206187

Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Step 1

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Step 2

  1. Download aswMBR.exe (1870KB) to your desktop.
  2. Double click the aswMBR.exe to run it
    aswMBR1.png
  3. Click the [scan] button to start scan
    aswMBR2.png
  4. On completion of the scan click [save log], save it to your desktop and post in your next reply.

In your next reply, please post the following log files:

  • OTL log with Extras.txt
  • aswMBR log

Link to post
Share on other sites

OTL logfile created on: 23/11/2011 4:04:59 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tommy\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.50 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 47.26% Memory free

6.99 Gb Paging File | 4.78 Gb Available in Paging File | 68.33% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 297.99 Gb Total Space | 214.73 Gb Free Space | 72.06% Space Free | Partition Type: NTFS

Drive H: | 931.51 Gb Total Space | 845.40 Gb Free Space | 90.76% Space Free | Partition Type: NTFS

Computer Name: TOMMY-PC | User Name: Tommy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tommy\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Internet Download Manager\idman.exe (Tonec Inc.)

PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

PRC - H:\Steam\Steam.exe (Valve Corporation)

PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)

PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)

PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)

PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)

PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)

PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()

PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()

PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()

PRC - C:\Windows\System32\fsproflt.exe (FSPro Labs)

========== Modules (No Company Name) ==========

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()

MOD - C:\Users\Tommy\AppData\Local\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll ()

MOD - C:\Users\Tommy\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll ()

MOD - C:\Users\Tommy\AppData\Local\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()

MOD - C:\Users\Tommy\AppData\Local\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()

MOD - C:\Users\Tommy\AppData\Local\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()

MOD - C:\Users\Tommy\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()

MOD - H:\Steam\bin\libcef.dll ()

MOD - H:\Steam\bin\avcodec-52.dll ()

MOD - H:\Steam\bin\chromehtml.dll ()

MOD - H:\Steam\bin\avformat-52.dll ()

MOD - H:\Steam\bin\avutil-50.dll ()

MOD - C:\Program Files\TortoiseSVN\bin\libsasl32.dll ()

MOD - C:\Program Files\TortoiseSVN\bin\CrashRpt.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()

MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()

MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()

MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)

SRV - (ANTS Memory Profiler 7 Service) -- C:\Program Files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe (Red Gate Software Ltd.)

SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)

SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)

SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)

SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)

SRV - (wxpSvc) -- C:\Program Files\wLite\wService.exe (Moonware Studios)

SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe ()

SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()

SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (fsproflt) -- C:\Windows\System32\fsproflt.exe (FSPro Labs)

========== Driver Services (SafeList) ==========

DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)

DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)

DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)

DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)

DRV - (epfwwfp) -- C:\Windows\system32\DRIVERS\epfwwfp.sys (ESET)

DRV - (EpfwLWF) -- C:\Windows\System32\drivers\EpfwLWF.sys (ESET)

DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)

DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)

DRV - (CEDRIVER60) -- C:\Program Files\Cheat Engine 6.1\dbk32.sys ()

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows ® 2000 DDK provider)

DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® 2000 DDK provider)

DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys ()

DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)

DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)

DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)

DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)

DRV - (mv91xx) -- C:\Windows\system32\DRIVERS\mv91xx.sys (Marvell Semiconductor, Inc.)

DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)

DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)

DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)

DRV - (mv91cons) -- C:\Windows\system32\DRIVERS\mv91cons.sys (Marvell Semiconductor Inc.)

DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)

DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)

DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)

DRV - (FSProFilter) -- C:\Windows\System32\Drivers\FSPFltd.sys (FSPro Labs)

DRV - (giveio) -- C:\Windows\system32\giveio.sys ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 01 B6 43 4E D6 CA 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4

FF - prefs.js..extensions.enabledItems: iLeopardMail@reo-2007:3.2.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tommy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tommy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/08/17 17:04:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/10/05 19:04:52 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Tommy\AppData\Roaming\IDM\idmmzcc5 [2011/11/22 18:54:52 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Tommy\AppData\Roaming\IDM\idmmzcc5 [2011/11/22 18:54:52 | 000,000,000 | ---D | M]

[2011/10/10 20:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Extensions

[2010/05/04 17:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010/04/06 17:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

[2011/10/10 20:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/04/12 22:58:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

[2011/04/12 22:58:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011/04/12 22:58:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/04/12 22:58:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/06/13 11:07:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2011/05/04 05:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/09/06 04:04:56 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2011/08/18 13:22:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2011/08/18 13:22:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2011/08/18 13:22:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2011/08/18 13:22:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2011/08/18 13:22:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2011/08/18 13:22:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2011/08/18 13:22:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tommy\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\Microsoft Office\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Tommy\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tommy\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Tommy\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Angry Birds = C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\

CHR - Extension: Linkify Plus = C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkokhlhigdfkgjdjijcecpkgjpcfnagf\2.1_0\

CHR - Extension: Net Usage Item = C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhpcpakpimadnpalbfjcnaloaekhljog\1.3.335_0\

CHR - Extension: Rapidshare Links Checker = C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\manofdanhfkeamobibcjojjmcbghipep\1.0_0\

CHR - Extension: F.B. Purity - Cleans Up Facebook = C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl\5.0.0_0\

O1 HOSTS File: ([2011/11/13 14:58:06 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKCU..\Run: [Google Update] C:\Users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [iDMan] C:\Program Files\Internet Download Manager\idman.exe (Tonec Inc.)

O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKCU..\Run: [steam] H:\Steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()

O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)

O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C6B2315-CBE4-4201-92D6-EA3A99D5C777}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) -C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) -C:\Windows\System32\livessp.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/07/11 21:36:36 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/23 16:02:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe

[2011/11/22 20:56:31 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\ZUploader

[2011/11/22 20:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZUploader

[2011/11/22 20:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\ZUploader

[2011/11/22 16:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011/11/22 16:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/11/22 16:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/11/20 11:27:55 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps

[2011/11/15 00:39:02 | 000,089,376 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys

[2011/11/13 20:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\RAM Def XT

[2011/11/13 20:16:50 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAM Def

[2011/11/12 20:19:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tommy\Desktop\dds.scr

[2011/11/10 15:50:05 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Local\Akamai

[2011/11/09 16:03:26 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/11/09 15:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva

[2011/11/09 15:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

[2011/11/09 15:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2011/11/09 15:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011/11/07 16:03:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/11/07 16:03:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/11/07 16:03:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/11/06 09:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\RADVideo

[2011/11/06 09:56:57 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bink and Smacker

[2011/11/05 13:18:05 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\f-secure

[2011/11/05 13:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

[2011/11/04 19:43:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx

[2011/11/04 16:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1

[2011/11/04 16:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK

[2011/11/04 16:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\VS

[2011/11/03 21:31:08 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Synthesia

[2011/11/03 20:49:03 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\PICAXE

[2011/11/03 20:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revolution Education

[2011/11/03 20:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Programming Editor

[2011/11/03 17:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011/11/03 17:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011/11/02 20:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN

[2011/11/02 20:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays

[2011/11/02 20:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN

[2011/11/01 19:39:45 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rock of Ages

[2011/11/01 19:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Rock of Ages

[2011/11/01 18:06:19 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV

[2011/11/01 13:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2011/11/01 13:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP

[2011/11/01 13:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011/11/01 12:58:32 | 000,000,000 | ---D | C] -- C:\ATI

[2011/10/30 08:08:53 | 000,000,000 | R--D | C] -- C:\Users\Tommy\Documents\Scanned Documents

[2011/10/05 23:22:19 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll

[2010/09/29 21:21:43 | 000,303,616 | ---- | C] ( ) -- C:\Windows\SetACL.exe

[2010/03/28 18:15:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Tommy\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/23 16:07:11 | 000,731,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/11/23 16:07:11 | 000,150,618 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/11/23 16:05:55 | 000,023,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/11/23 16:05:55 | 000,023,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/11/23 16:02:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe

[2011/11/23 16:01:00 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\AutoRearm.job

[2011/11/23 16:00:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/11/22 22:16:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3752665119-1962638515-2146304993-1000UA.job

[2011/11/22 21:41:28 | 000,007,603 | ---- | M] () -- C:\Users\Tommy\AppData\Local\Resmon.ResmonCfg

[2011/11/22 20:55:29 | 000,000,999 | ---- | M] () -- C:\Users\Tommy\Desktop\ZUploader.lnk

[2011/11/22 16:16:39 | 000,002,365 | ---- | M] () -- C:\Users\Tommy\Desktop\Google Chrome.lnk

[2011/11/22 15:56:16 | 000,000,824 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

[2011/11/21 19:00:45 | 000,618,135 | ---- | M] () -- C:\Users\Tommy\Desktop\ManualMap.rar

[2011/11/21 16:00:17 | 000,000,965 | ---- | M] () -- C:\Users\Tommy\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk

[2011/11/19 08:16:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3752665119-1962638515-2146304993-1000Core.job

[2011/11/18 17:04:55 | 000,004,608 | ---- | M] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/17 18:59:06 | 000,000,672 | ---- | M] () -- C:\Users\Tommy\Desktop\MW3 Modding.lnk

[2011/11/13 20:16:50 | 000,000,971 | ---- | M] () -- C:\Users\Tommy\Desktop\RAM Def XT.lnk

[2011/11/13 15:25:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011/11/13 14:58:06 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/11/12 20:19:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tommy\Desktop\dds.scr

[2011/11/10 18:17:10 | 000,001,352 | ---- | M] () -- C:\Users\Tommy\Documents\cc_20111110_181708.reg

[2011/11/10 18:16:43 | 000,010,356 | ---- | M] () -- C:\Users\Tommy\Documents\cc_20111110_181641.reg

[2011/11/10 15:49:27 | 006,172,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/11/09 15:57:41 | 000,625,028 | ---- | M] () -- C:\Users\Tommy\Documents\cc_20111109_155734.reg

[2011/11/09 15:55:35 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/11/03 20:43:06 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\PICAXE Programming Editor.lnk

[2011/11/02 15:57:42 | 000,000,672 | ---- | M] () -- C:\Users\Tommy\Desktop\MW2 Modding.lnk

[2011/10/27 20:58:27 | 000,001,456 | ---- | M] () -- C:\Users\Tommy\AppData\Local\Adobe Save for Web 12.0 Prefs

========== Files Created - No Company Name ==========

[2011/11/22 21:04:46 | 000,000,999 | ---- | C] () -- C:\Users\Tommy\Desktop\ZUploader.lnk

[2011/11/22 15:56:16 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

[2011/11/21 19:00:41 | 000,618,135 | ---- | C] () -- C:\Users\Tommy\Desktop\ManualMap.rar

[2011/11/17 18:59:06 | 000,000,672 | ---- | C] () -- C:\Users\Tommy\Desktop\MW3 Modding.lnk

[2011/11/13 20:16:50 | 000,000,971 | ---- | C] () -- C:\Users\Tommy\Desktop\RAM Def XT.lnk

[2011/11/10 18:17:09 | 000,001,352 | ---- | C] () -- C:\Users\Tommy\Documents\cc_20111110_181708.reg

[2011/11/10 18:16:42 | 000,010,356 | ---- | C] () -- C:\Users\Tommy\Documents\cc_20111110_181641.reg

[2011/11/09 15:57:36 | 000,625,028 | ---- | C] () -- C:\Users\Tommy\Documents\cc_20111109_155734.reg

[2011/11/09 15:55:35 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/11/03 20:43:06 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\PICAXE Programming Editor.lnk

[2011/11/02 15:57:42 | 000,000,672 | ---- | C] () -- C:\Users\Tommy\Desktop\MW2 Modding.lnk

[2011/10/27 16:42:55 | 000,004,608 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/10/14 19:02:34 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll

[2011/10/12 16:16:30 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll

[2011/10/05 23:22:20 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/10/05 23:22:19 | 003,164,160 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

[2011/10/05 23:22:19 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011/10/05 23:22:19 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011/10/05 23:22:19 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2011/08/29 18:57:22 | 000,432,719 | ---- | C] () -- C:\Users\Tommy\AppData\Local\census.cache

[2011/08/29 18:56:59 | 000,211,287 | ---- | C] () -- C:\Users\Tommy\AppData\Local\ars.cache

[2011/08/29 18:32:45 | 000,000,036 | ---- | C] () -- C:\Users\Tommy\AppData\Local\housecall.guid.cache

[2011/08/18 06:48:44 | 000,237,701 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011/07/31 12:07:04 | 000,000,132 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\Adobe Targa Format CS5 Prefs

[2011/07/08 00:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll

[2011/05/22 17:43:58 | 000,662,396 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2011/05/16 23:50:06 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2011/05/01 14:52:33 | 000,167,862 | ---- | C] () -- C:\Users\Tommy\AppData\Local\debuggee.mdmp

[2011/04/18 14:14:17 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2011/04/15 21:07:18 | 000,007,603 | ---- | C] () -- C:\Users\Tommy\AppData\Local\Resmon.ResmonCfg

[2011/04/15 00:14:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011/04/15 00:12:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/04/14 19:49:36 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll

[2011/04/14 19:49:36 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll

[2011/04/13 01:55:01 | 000,001,456 | ---- | C] () -- C:\Users\Tommy\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/04/12 23:32:12 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat

[2011/04/12 22:48:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/04/09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011/02/13 18:37:12 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe

[2011/02/13 18:37:11 | 000,018,544 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys

[2011/01/30 17:16:35 | 000,005,259 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\servetome-fonts.conf

[2011/01/28 02:14:16 | 000,000,065 | ---- | C] () -- C:\Windows\Offsets.ini

[2011/01/15 23:14:06 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll

[2011/01/05 18:57:10 | 000,108,471 | ---- | C] () -- C:\Windows\Thumbplug TGA Uninstaller.exe

[2010/12/24 11:49:11 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2010/12/22 19:06:14 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini

[2010/12/22 13:06:09 | 000,140,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2010/12/22 13:05:26 | 000,280,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2010/12/22 13:05:25 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe

[2010/12/22 13:05:25 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2010/12/18 00:24:38 | 000,000,132 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2010/11/07 20:05:54 | 000,004,420 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\VsbLayout.xml

[2010/11/07 20:05:54 | 000,000,155 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\VsbSettings.xml

[2010/09/27 02:13:06 | 000,004,612 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2010/09/15 22:25:14 | 000,000,132 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2010/09/13 14:38:21 | 000,045,056 | ---- | C] () -- C:\Windows\System32\remove.dll

[2010/08/15 17:02:56 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LCodcCMP2.dll

[2010/08/15 17:02:54 | 000,233,472 | ---- | C] () -- C:\Windows\System32\LMOggSpl.dll

[2010/08/15 17:02:54 | 000,212,992 | ---- | C] () -- C:\Windows\System32\LMOggMux.dll

[2010/08/15 17:02:53 | 000,503,808 | ---- | C] () -- C:\Windows\System32\LtAct14n.dll

[2010/08/15 17:02:53 | 000,135,168 | R--- | C] () -- C:\Windows\System32\ltact.dll

[2010/08/15 17:02:53 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ltserial.dll

[2010/07/17 18:37:16 | 002,169,856 | ---- | C] () -- C:\Windows\System32\hale.exe.old

[2010/07/07 23:37:02 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys

[2010/07/05 17:54:34 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll

[2010/07/04 22:29:06 | 000,353,280 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll

[2010/07/04 22:29:06 | 000,109,568 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll

[2010/07/04 13:19:57 | 000,000,000 | ---- | C] () -- C:\Windows\Twister.INI

[2010/06/26 12:13:09 | 000,000,000 | ---- | C] () -- C:\Windows\RingtoneMaker.INI

[2010/06/26 04:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

[2010/06/14 23:08:51 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll

[2010/05/23 22:41:36 | 000,000,600 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\winscp.rnd

[2010/05/23 14:52:44 | 000,114,688 | ---- | C] () -- C:\Windows\System32\avizlib.dll

[2010/05/16 22:30:52 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2010/05/08 00:06:48 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI

[2010/05/07 12:52:15 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2010/05/05 22:30:11 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin

[2010/05/04 17:21:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/04/27 18:06:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2010/04/21 22:07:02 | 000,000,045 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\svighost.dll

[2010/04/14 18:54:30 | 000,000,000 | ---- | C] () -- C:\Windows\musicmaker.INI

[2010/04/14 18:51:27 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll

[2010/04/14 18:50:49 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2010/04/11 13:52:45 | 000,138,056 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\PnkBstrK.sys

[2010/03/28 19:23:41 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini

[2010/03/28 18:15:33 | 000,007,887 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\pcouffin.cat

[2010/03/28 18:15:33 | 000,001,144 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\pcouffin.inf

[2010/03/28 17:51:46 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/03/28 14:10:47 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL

[2010/03/28 14:10:47 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL

[2010/03/28 14:07:24 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2009/09/30 08:16:26 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini

[2009/08/27 18:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe

[2009/07/14 15:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 15:33:53 | 006,172,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/14 13:05:48 | 000,731,802 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/14 13:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/14 13:05:48 | 000,150,618 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/14 13:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/14 13:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/14 13:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/14 10:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 10:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/07/14 08:40:48 | 000,050,648 | ---- | C] () -- C:\Windows\System32\command32.com

[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2009/04/20 02:35:04 | 000,126,976 | ---- | C] () -- C:\Windows\gdf.dll

[2008/04/14 10:34:54 | 000,585,728 | ---- | C] () -- C:\Windows\System32\VTFLib.dll

[2007/08/13 04:24:02 | 000,081,920 | ---- | C] () -- C:\Windows\System32\TkTool.dll

[2006/11/11 00:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys

[2005/09/24 17:53:20 | 000,135,168 | ---- | C] () -- C:\Windows\System32\detfile.dll

[2005/09/01 02:43:10 | 000,522,752 | ---- | C] () -- C:\Windows\System32\p2xdll.dll

[2005/08/31 16:12:40 | 000,925,696 | ---- | C] () -- C:\Windows\System32\Flpcad.dll

[1996/04/04 06:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011/11/20 13:42:41 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\.minecraft

[2011/04/12 23:17:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\.servetome-fontconfig

[2011/10/25 21:47:49 | 000,000,000 | RHSD | M] -- C:\Users\Tommy\AppData\Roaming\1012

[2011/04/12 23:17:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Acoustica

[2011/07/21 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Audacity

[2011/07/28 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Autodesk

[2011/04/12 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\avidemux

[2011/04/12 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Avnex

[2011/04/14 20:14:38 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\BugTrap Console Test108

[2011/04/12 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Caphyon

[2011/04/12 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/11/09 15:56:53 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\CoreFTP

[2011/11/09 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools Lite

[2011/11/09 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools Pro

[2011/04/12 17:29:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Dev-Cpp

[2011/11/22 22:27:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DMCache

[2011/04/12 23:18:32 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Dropbox

[2011/08/18 12:26:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ESET

[2011/11/05 13:18:05 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\f-secure

[2011/04/12 23:18:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\FileZilla

[2011/04/12 23:18:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Folding@home-x86

[2011/09/27 16:31:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\GameMaker

[2011/04/12 23:18:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\GamesCafe

[2010/08/01 09:11:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\GetRightToGo

[2010/07/07 17:38:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\gnupg

[2011/04/12 23:18:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\gtk-2.0

[2011/04/12 23:18:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Gyazo

[2011/08/28 16:06:21 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Hex-Rays

[2011/11/01 19:48:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Hive Cluster

[2011/04/14 02:22:35 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ICSharpCode

[2011/11/22 18:54:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\IDM

[2011/04/12 23:18:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ImTOO Software Studio

[2010/08/24 09:34:46 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\IrfanView

[2011/04/12 23:18:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\JaMP Player

[2011/08/21 16:10:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\JetBrains

[2011/10/18 16:46:46 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\JustDecompile

[2011/04/12 23:18:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Leadertech

[2011/09/01 18:15:41 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LolClient

[2011/04/12 23:18:38 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mael

[2011/04/12 23:18:38 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\MAGIX

[2011/04/12 23:18:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\MessengerDiscovery 2

[2011/11/22 21:38:43 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mipony

[2011/04/12 23:18:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\mkvtoolnix

[2011/04/12 23:18:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\MuldeR

[2011/04/12 23:18:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\MusicBrainz

[2011/08/07 11:53:27 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\netz

[2011/06/23 21:53:18 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Notepad++

[2011/10/04 00:39:59 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Origin

[2011/04/12 23:18:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PE Explorer

[2011/04/12 23:18:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PlatinumHideIP

[2011/04/12 23:18:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PowerCinema

[2010/08/13 22:28:44 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Publish Providers

[2011/10/10 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\QuickScan

[2011/04/12 23:18:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Rovio

[2011/08/21 16:27:43 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\SciTech

[2011/04/12 23:18:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Screaming Bee

[2011/04/12 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Snapter Images

[2011/04/12 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Sony

[2011/04/12 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Subversion

[2011/11/03 21:38:25 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Synthesia

[2011/04/12 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\SystemRequirementsLab

[2011/04/12 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TeamViewer

[2011/06/02 18:56:18 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Thinstall

[2011/04/12 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Thunderbird

[2011/04/12 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TomTom

[2011/04/12 23:18:55 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Tonido

[2011/04/12 23:18:55 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Trillian

[2011/11/20 00:34:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TS3Client

[2011/04/12 23:18:59 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TuneUp Software

[2011/04/12 23:19:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Uniblue

[2011/04/12 23:19:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Unity

[2011/04/12 23:19:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Vso

[2011/04/12 23:19:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\WindSolutions

[2011/10/17 16:09:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\WinPatrol

[2011/11/15 17:38:31 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\X-Chat 2

[2011/11/23 16:01:00 | 000,000,274 | ---- | M] () -- C:\Windows\Tasks\AutoRearm.job

[2011/11/08 16:27:54 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 23/11/2011 4:04:59 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tommy\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.50 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 47.26% Memory free

6.99 Gb Paging File | 4.78 Gb Available in Paging File | 68.33% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 297.99 Gb Total Space | 214.73 Gb Free Space | 72.06% Space Free | Partition Type: NTFS

Drive H: | 931.51 Gb Total Space | 845.40 Gb Free Space | 90.76% Space Free | Partition Type: NTFS

Computer Name: TOMMY-PC | User Name: Tommy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol

"{030FF28D-42E3-44C1-BDC6-7451CB89B41D}" = Exception Hunter 2

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{0552BD92-B707-42DE-B1A0-715FD56DEF08}" = Programming Editor

"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK

"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War 1.6 Patch

"{082175CF-174B-47DC-B6A9-9AC1A9D66DD1}" = VideoMate U500 Family Driver

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0A9CEFAF-A83A-4473-87FA-E5BAF7CE8D5D}" = SlimDX SDK (March 2011)

"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{1034B036-EDC8-4CF1-83CC-859673F81A30}" = Eazfuscator.NET

"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{17544ACA-6428-424B-926B-8751610836AE}" = TortoiseSVN 1.7.1.22161 (32 bit)

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files

"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20c31435-2a0a-4580-be8b-ac06fc243ca4}" = Python 2.7

"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{22F97839-122D-4082-99D6-4AA6C36DF525}" = ESET Smart Security

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10

"{2392FE6E-3A6D-6CAC-DB03-59A68FE34A53}" = ATI Problem Report Wizard

"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema

"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java 6 Update 29

"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10

"{2A168DCB-EC12-C3D6-AC15-F276B3ED5165}" = AMD Media Foundation Decoders

"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War 1.2 Patch

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2E2253E9-3EAD-D9DF-EDCA-A893551EB081}" = AMD Catalyst Install Manager

"{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}" = Maya 2009

"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86

"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver

"{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup

"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets

"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1024.1

"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta

"{45C9DB7E-0C2D-FEB9-6191-3ED32ADC077F}" = ccc-utility

"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4

"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4CDC2E42-2EE6-4719-B038-E4F00A2881AE}" = ANTS Memory Profiler 7

"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client

"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter

"{578485F8-60F3-4C61-9183-0698E581B902}" = From Dust

"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV

"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1

"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services

"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU

"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1

"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10

"{5C46703D-92EE-40d9-BCF8-DEADBEEFBBBB}" = The Compressonator 1.50

"{5C9885BC-AE82-3E65-A77F-F5F0AFA1581E}" = Catalyst Control Center InstallProxy

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{617B349B-B3EF-DEA0-B862-AB7860AD8283}" = CCC Help English

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5

"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War 1.7 Patch

"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10

"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{827990C7-4D30-3627-A2D1-5FFA09198BB2}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial

"{8D2705D8-9527-CC7B-3238-158350DAC184}" = ATI AVIVO Codecs

"{8DF3BC1D-4977-476A-A3E7-B8443B8BCBDB}" = AMD Drag and Drop Transcoding

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010

"{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.WORD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.WORD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.WORD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.WORD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.WORD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.WORD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.WORD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{97C4F970-C753-443F-B61C-525C739BBC3D}" = Maya 2009 Documentation (en_US)

"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War 1.4 Patch

"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker

"{A1D14FC8-FF6E-4700-A501-BCAFD22B7D15}" = ActiveState ActivePython 2.6.5.14 (32-bit)

"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime

"{A2CC79C0-D0AB-635E-1438-BB77A9661A6E}" = HydraVision

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A944C55A-ECF0-42A9-B66C-0225C6428720}" = Portal

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War 1.1 Patch

"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}" = Microsoft Expression Encoder 4

"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{BFE4A2B6-4894-436C-8847-70FF3F18D892}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit

"{C10968FA-DAA0-4939-918D-F87453850545}" = Telerik RadControls for WinForms Q2 2010 SP2

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War 1.5 Patch

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5

"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files

"{D52C4488-04B1-4986-85A1-6F811A655826}" = LEAD MCMP_MJPEG Codec

"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU

"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1

"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348

"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)

"{DD047850-4CE3-4859-B0D8-9B2894F22E16}" = SmartAssembly 6

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE

"{E07F6BCF-0237-430B-AEC2-824BD009BBA7}" = .NET Reflector 6

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)

"{F9A07813-F6A5-4B47-D833-13740767E04B}" = Catalyst Control Center

"{F9EC30D1-F688-4708-9850-CB5120074AAA}" = Microsoft Expression Encoder 4 Screen Capture Codec

"{FAA1581E-2C88-6910-BA69-447D63E8EF12}" = Catalyst Control Center Graphics Previews Common

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"3D Ripper DX_is1" = 3D Ripper DX v1.8.1

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4

"Afterburner" = MSI Afterburner 2.1.0

"AI RoboForm" = RoboForm 7-4-1 (All Users)

"ASIO4ALL" = ASIO4ALL

"AutoHotkey" = AutoHotkey 1.0.48.05.L61

"Battlelog Web Plugins" = Battlelog Web Plugins

"Captcha.trader Mipony Plugin" = Captcha.trader Mipony Plugin 1.0

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Cheat Engine 6.1_is1" = Cheat Engine 6.1

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"CoreAAC" = CoreAAC

"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17

"DAEMON Tools Lite" = DAEMON Tools Lite

"DotNetBar_is1" = DotNetBar v8.8.0.0

"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition

"Dxtory2.0_is1" = Dxtory 2.0.109

"Encoder_4.0.3205.0" = Microsoft Expression Encoder 4

"ESET Online Scanner" = ESET Online Scanner v3

"ESN Sonar-0.70.0" = ESN Sonar

"FLVCodec" = PlayFLV

"Fraps" = Fraps (remove only)

"Garena" = Garena 2010

"Hide Folders 2009_is1" = Hide Folders 2009 3.2 for Windows XP/Vista

"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0

"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War 1.6 Patch

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema

"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War 1.2 Patch

"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1024.1

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War 1.7 Patch

"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch

"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War 1.4 Patch

"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War 1.1 Patch

"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War 1.5 Patch

"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"Internet Download Manager" = Internet Download Manager

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.8.0

"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a

"MagniDriver" = marvell 91xx driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"MediaInfo" = MediaInfo 0.7.50

"Messenger Plus!" = Messenger Plus! 5

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU

"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU

"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU

"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE

"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"MiPony" = MiPony 1.5.2

"MKVtoolnix" = MKVtoolnix 3.3.0

"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)

"Notepad++" = Notepad++

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"Office14.WORD" = Microsoft Word 2010

"OpenAL" = OpenAL

"Origin" = Origin

"PE Explorer_is1" = PE Explorer 1.99 R6

"PRGrep" = PRGrep

"py2exe-py2.6" = Python 2.6 py2exe-0.6.9

"RADVideo" = RAD Video Tools

"Recuva" = Recuva

"Sandboxie" = Sandboxie 3.58 (32-bit)

"Secunia PSI" = Secunia PSI (2.0.0.3001)

"SEF4_is1" = SizeExplorer Free 4.1

"sp6" = Logitech SetPoint 6.30

"SpeedConnect Internet Accelerator v.7.5_is1" = SpeedConnect Internet Accelerator v.7.5

"SpywareBlaster_is1" = SpywareBlaster 4.4

"Steam App 10180" = Call of Duty: Modern Warfare 2

"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer

"Steam App 42680" = Call of Duty: Modern Warfare 3

"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer

"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server

"Steam App 440" = Team Fortress 2

"StudioCompiler" = StudioCompiler v0.4A

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"TeamViewer 6" = TeamViewer 6

"Thumbplug TGA" = Thumbplug TGA

"TomTom HOME" = TomTom HOME 2.7.6.2056

"TVersity Codec Pack" = TVersity Codec Pack 1.4

"Unlocker" = Unlocker 1.9.0

"VBConversions VB.Net to C# Converter_is1" = VBConversions VB.Net to C# Converter Version 2.30

"VirusTotalUploader2.0" = VirusTotal Uploader 2.0

"VTF Shell Extensions 1.0.6.1" = VTF Shell Extensions 1.0.6.1

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.2

"winscp3_is1" = WinSCP 4.1.8

"XChat-WDK_is1" = XChat-WDK

"ZUploader_is1" = ZUploader 4.7.2.2905

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GameMaker81" = GameMaker 8.1

"Google Chrome" = Google Chrome

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 18/03/2011 1:24:16 AM | Computer Name = Tommy-PC | Source = Application Error | ID = 1000

Description = Faulting application name: ProcessManager.exe, version: 10.0.3010.11,

time stamp: 0x4d5e6650 Faulting module name: rtl120.bpl, version: 12.0.3420.21218,

time stamp: 0x4a0b8b7f Exception code: 0xc0000005 Fault offset: 0x00027475 Faulting

process id: 0x75c Faulting application start time: 0x01cbe52cb2328df4 Faulting application

path: C:\Program Files\TuneUp Utilities 2011\ProcessManager.exe Faulting module

path: C:\Program Files\TuneUp Utilities 2011\rtl120.bpl Report Id: f78483d6-511f-11e0-9c2b-005056c00008

Error - 18/03/2011 1:24:39 AM | Computer Name = Tommy-PC | Source = Application Error | ID = 1000

Description = Faulting application name: ProcessManager.exe, version: 10.0.3010.11,

time stamp: 0x4d5e6650 Faulting module name: rtl120.bpl, version: 12.0.3420.21218,

time stamp: 0x4a0b8b7f Exception code: 0xc0000005 Fault offset: 0x00027475 Faulting

process id: 0x15e0 Faulting application start time: 0x01cbe52cbfdcaded Faulting application

path: C:\Program Files\TuneUp Utilities 2011\ProcessManager.exe Faulting module

path: C:\Program Files\TuneUp Utilities 2011\rtl120.bpl Report Id: 04eba664-5120-11e0-9c2b-005056c00008

Error - 18/03/2011 5:10:43 AM | Computer Name = Tommy-PC | Source = Application Error | ID = 1000

Description = Faulting application name: plugin-container.exe, version: 1.9.2.4079,

time stamp: 0x4d6fb663 Faulting module name: NPSWF32.dll, version: 10.2.152.32,

time stamp: 0x4d648f0d Exception code: 0xc0000005 Fault offset: 0x00178b6a Faulting

process id: 0x16bc Faulting application start time: 0x01cbe52fa032e757 Faulting application

path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:

C:\Windows\system32\Macromed\Flash\NPSWF32.dll Report Id: 999be022-513f-11e0-9a29-005056c00008

Error - 20/03/2011 6:28:49 AM | Computer Name = Tommy-PC | Source = Application Error | ID = 1000

Description = Faulting application name: wmprph.exe, version: 12.0.7600.16385, time

stamp: 0x4a5bccac Faulting module name: ntdll.dll, version: 6.1.7601.17514, time

stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00032239 Faulting process

id: 0x14e0 Faulting application start time: 0x01cbe6e999d8927a Faulting application

path: C:\Program Files\Windows Media Player\wmprph.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report

Id: d7ccbe5f-52dc-11e0-b9ee-005056c00008

Error - 22/03/2011 7:08:31 AM | Computer Name = Tommy-PC | Source = Application Error | ID = 1000

Description = Faulting application name: egui.exe, version: 4.2.58.3, time stamp:

0x4c2305c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xf34 Faulting application

start time: 0x01cbe8575b0d708d Faulting application path: C:\Program Files\ESET\ESET

Smart Security\egui.exe Faulting module path: unknown Report Id: b815e61b-5474-11e0-9bfb-005056c00008

Error - 22/03/2011 8:13:51 PM | Computer Name = Tommy-PC | Source = VSTTExecution | ID = 0

Description =

Error - 23/03/2011 12:50:36 AM | Computer Name = Tommy-PC | Source = Application Error | ID = 1000

Description = Faulting application name: BlackOps.exe, version: 0.0.0.0, time stamp:

0x4ce4bc96 Faulting module name: BlackOps.exe, version: 0.0.0.0, time stamp: 0x4ce4bc96

Exception

code: 0x40000015 Fault offset: 0x002672e4 Faulting process id: 0x424 Faulting application

start time: 0x01cbe915b287bb94 Faulting application path: C:\Users\Tommy\Desktop\Black

Ops Modding\Call.of.Duty.Black.Ops.SKIDROW\BlackOps.exe Faulting module path: C:\Users\Tommy\Desktop\Black

Ops Modding\Call.of.Duty.Black.Ops.SKIDROW\BlackOps.exe Report Id: 17221dc9-5509-11e0-9941-005056c00008

Error - 23/03/2011 7:23:40 AM | Computer Name = Tommy-PC | Source = Application Error | ID = 1000

Description = Faulting application name: egui.exe, version: 4.2.58.3, time stamp:

0x4c2305c5 Faulting module name: MFC80U.DLL, version: 8.0.50727.4053, time stamp:

0x4a595928 Exception code: 0xc0000005 Fault offset: 0x000323b3 Faulting process id:

0xf90 Faulting application start time: 0x01cbe8d72d652626 Faulting application path:

C:\Program Files\ESET\ESET Smart Security\egui.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Report

Id: 0029f3e9-5540-11e0-9941-005056c00008

Error - 26/03/2011 11:30:07 PM | Computer Name = Tommy-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Crysis2.exe, version: 1.0.0.5858, time

stamp: 0x21544c46 Faulting module name: Crysis2.exe, version: 1.0.0.5858, time stamp:

0x21544c46 Exception code: 0xc0000005 Fault offset: 0x01055ea6 Faulting process id:

0xebc Faulting application start time: 0x01cbec1dfe7d9cb1 Faulting application path:

C:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe Faulting module

path: C:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe Report

Id: 8291485c-5822-11e0-9579-005056c00008

Error - 27/03/2011 1:39:13 AM | Computer Name = Tommy-PC | Source = Application Error | ID = 1000

Description = Faulting application name: ts3client_win32.exe, version: 1.0.0.0,

time stamp: 0x4cd405af Faulting module name: fmodex.dll, version: 0.4.31.2, time

stamp: 0x4be340a5 Exception code: 0xc0000005 Fault offset: 0x0001e4f3 Faulting process

id: 0x16c0 Faulting application start time: 0x01cbec3db6ac1fce Faulting application

path: C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe Faulting module path:

C:\Program Files\TeamSpeak 3 Client\fmodex.dll Report Id: 8ba7ee62-5834-11e0-9579-005056c00008

[ System Events ]

Error - 22/11/2011 12:50:22 AM | Computer Name = Tommy-PC | Source = sptd | ID = 262148

Description = Driver detected an internal error in its data structures for .

Error - 22/11/2011 12:50:56 AM | Computer Name = Tommy-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

sptd

Error - 22/11/2011 1:04:37 AM | Computer Name = Tommy-PC | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 22/11/2011 1:04:46 AM | Computer Name = Tommy-PC | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 2 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 22/11/2011 1:05:46 AM | Computer Name = Tommy-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Apple Mobile Device service,

but this action failed with the following error: %%1056

Error - 22/11/2011 4:41:02 AM | Computer Name = Tommy-PC | Source = sptd | ID = 262148

Description = Driver detected an internal error in its data structures for .

Error - 22/11/2011 4:41:23 AM | Computer Name = Tommy-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 7:38:38 PM on ?11/?22/?2011 was unexpected.

Error - 22/11/2011 4:41:37 AM | Computer Name = Tommy-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

sptd

Error - 23/11/2011 1:00:21 AM | Computer Name = Tommy-PC | Source = sptd | ID = 262148

Description = Driver detected an internal error in its data structures for .

Error - 23/11/2011 1:00:52 AM | Computer Name = Tommy-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

sptd

< End of report >

Link to post
Share on other sites

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-23 16:16:56

-----------------------------

16:16:56.741 OS Version: Windows 6.1.7601 Service Pack 1

16:16:56.741 Number of processors: 4 586 0x1E05

16:16:56.742 ComputerName: TOMMY-PC UserName: Tommy

16:16:58.449 Initialize success

16:17:12.640 AVAST engine defs: 11110900

16:17:15.239 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-9

16:17:15.240 Disk 0 Vendor: WDC_WD3200AAKS-00L9A0 01.03E01 Size: 305245MB BusType: 3

16:17:15.242 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5

16:17:15.244 Disk 1 Vendor: WDC_WD10EARS-00Y5B1 80.00A80 Size: 953869MB BusType: 3

16:17:17.252 Disk 0 MBR read successfully

16:17:17.254 Disk 0 MBR scan

16:17:17.257 Disk 0 Windows 7 default MBR code

16:17:17.260 Disk 0 scanning sectors +625139712

16:17:17.341 Disk 0 scanning C:\Windows\system32\drivers

16:17:24.096 Service scanning

16:17:25.261 Modules scanning

16:17:29.889 Disk 0 trace - called modules:

16:17:29.911 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

16:17:29.915 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87684220]

16:17:29.918 3 CLASSPNP.SYS[8d3c559e] -> nt!IofCallDriver -> [0x86894918]

16:17:29.921 5 ACPI.sys[8cc953d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-9[0x8682e030]

16:17:31.024 AVAST engine scan C:\Windows

16:17:33.313 AVAST engine scan C:\Windows\system32

16:19:10.176 AVAST engine scan C:\Windows\system32\drivers

16:19:18.202 AVAST engine scan C:\Users\Tommy

16:30:34.086 AVAST engine scan C:\ProgramData

16:32:00.725 Scan finished successfully

16:32:30.157 Disk 0 MBR has been saved successfully to "C:\Users\Tommy\Desktop\MBR.dat"

16:32:30.160 The log file has been saved successfully to "C:\Users\Tommy\Desktop\aswMBR.txt"

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    C:\Users\Tommy\AppData\Roaming\1012


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Also, just an update on the situation. I got it again yesterday:

15:17:13 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 58409, Process: svchost.exe)

15:17:22 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 58409, Process: svchost.exe)

15:17:22 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 58409, Process: svchost.exe)

15:17:22 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 58409, Process: svchost.exe)

15:17:22 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 58409, Process: svchost.exe)

15:17:22 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 58409, Process: svchost.exe)

15:17:22 Tommy IP-BLOCK 220.248.167.237 (Type: outgoing, Port: 58409, Process: svchost.exe)

Link to post
Share on other sites

ComboFix 11-11-25.01 - Tommy 25/11/2011 21:02:49.3.4 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3579.2290 [GMT 11:00]

Running from: c:\users\Tommy\Desktop\ComboFix.exe

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Tommy\AppData\Local\Topblast

c:\users\Tommy\AppData\Local\Topblast\Red_Dragon_5.4.exe_Url_0prmzhagor3ehuzajojzrra12k4m0tbr\5.4.0.0\user.config

c:\users\Tommy\AppData\Local\Topblast\Red_Dragon_5.4.exe_Url_i0ctalgow2zdzgbjp2yt220rnb0j3i4f\5.4.0.0\user.config

c:\users\Tommy\AppData\Local\Topblast\Red_Dragon_5.4.exe_Url_pikhlfjelditjcjduyjlxtopwfivjejb\5.4.0.0\user.config

c:\users\Tommy\AppData\Local\Topblast\Red_Dragon_5.4.exe_Url_vtdge3netsj2f3l2pygyewos3vn2t5sk\5.4.0.0\user.config

c:\users\Tommy\AppData\Local\Topblast\Red_Dragon_5.4_Extreme.ex_Url_5yt4et0duiewd42zc3thm3aani0psw0t\5.4.0.0\user.config

c:\users\Tommy\AppData\Local\Topblast\Red_Dragon_5.7_Extreme.ex_Url_tcrajupie4t2zjfgkchu0f0fub0mhheh\5.7.0.0\user.config

c:\users\Tommy\AppData\Local\Topblast\Red_Dragon_6.exe_Url_hqbcvcq3i042rkvhy3xpglunzhhnctvt\6.0.0.0\user.config

c:\users\Tommy\AppData\Local\Topblast\Red_Dragon_6.exe_Url_kr2hnajyopilb3plzk13x0m41vjlrskc\6.0.0.0\user.config

.

.

((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))

.

.

2011-11-25 10:09 . 2011-11-25 10:09 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-11-25 10:09 . 2011-11-25 10:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-25 10:09 . 2011-11-25 10:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-11-25 04:52 . 2011-11-25 04:52 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44BA8436-C749-4BC3-B6C5-10D5BB1F73EC}\offreg.dll

2011-11-23 05:04 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44BA8436-C749-4BC3-B6C5-10D5BB1F73EC}\mpengine.dll

2011-11-22 09:55 . 2011-11-22 09:55 -------- d-----w- c:\program files\ZUploader

2011-11-22 05:06 . 2011-11-22 05:06 -------- d-----w- c:\program files\iTunes

2011-11-22 05:06 . 2011-11-22 05:06 -------- d-----w- c:\program files\iPod

2011-11-14 13:39 . 2011-07-06 13:14 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys

2011-11-13 09:16 . 2011-11-13 09:16 -------- d-----w- c:\program files\RAM Def XT

2011-11-10 04:50 . 2011-11-10 07:15 -------- d-----w- c:\users\Tommy\AppData\Local\Akamai

2011-11-09 05:03 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 05:03 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-09 05:03 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys

2011-11-09 04:58 . 2011-11-09 04:58 -------- d-----w- c:\program files\Recuva

2011-11-09 04:55 . 2011-11-09 04:55 -------- d-----w- c:\program files\CCleaner

2011-11-05 22:56 . 2011-11-05 22:56 -------- d-----w- c:\program files\RADVideo

2011-11-05 02:18 . 2011-11-05 02:18 -------- d-----w- c:\users\Tommy\AppData\Roaming\f-secure

2011-11-05 02:15 . 2011-11-05 02:15 -------- d-----w- c:\programdata\F-Secure

2011-11-04 05:09 . 2011-11-04 05:09 -------- d-----w- c:\programdata\VS

2011-11-03 10:31 . 2011-11-03 10:38 -------- d-----w- c:\users\Tommy\AppData\Roaming\Synthesia

2011-11-03 09:43 . 2011-11-03 09:43 -------- d-----w- c:\program files\Programming Editor

2011-11-03 06:37 . 2011-11-03 06:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2011-11-03 06:37 . 2011-11-03 06:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2011-11-03 06:37 . 2011-11-03 06:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2011-11-03 06:37 . 2011-11-03 06:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2011-11-03 06:37 . 2011-11-03 06:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2011-11-03 06:37 . 2011-11-03 06:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2011-11-03 06:37 . 2011-11-03 06:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2011-11-03 06:37 . 2011-11-03 06:37 -------- d-----w- c:\program files\QuickTime

2011-11-02 09:01 . 2011-11-02 09:01 -------- d-----w- c:\program files\Common Files\TortoiseOverlays

2011-11-02 09:01 . 2011-11-02 09:01 -------- d-----w- c:\program files\TortoiseSVN

2011-11-01 08:39 . 2011-11-01 08:48 -------- d-----w- c:\program files\Rock of Ages

2011-11-01 07:06 . 2011-11-01 07:10 -------- d--h--w- c:\windows\AxInstSV

2011-11-01 02:03 . 2011-11-01 02:03 -------- d-----w- c:\programdata\ATI

2011-11-01 02:02 . 2011-11-01 02:02 -------- d-----w- c:\program files\AMD APP

2011-11-01 01:58 . 2011-11-01 01:58 -------- d-----w- C:\ATI

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 21:38 . 2011-05-17 06:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-05 07:10 . 2010-11-21 04:46 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-11-04 05:25 . 2010-09-07 09:35 199616 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

2011-11-04 05:25 . 2010-07-13 06:20 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll

2011-11-04 05:14 . 2010-06-29 11:36 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2011-10-24 03:29 . 2011-10-24 03:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 03:29 . 2011-10-24 03:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-22 11:05 . 2011-10-22 11:05 65536 ----a-w- c:\windows\system32\frapsvid.dll

2011-10-12 20:55 . 2011-10-12 20:55 8598528 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-10-12 20:14 . 2011-10-12 20:14 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2011-10-12 20:14 . 2010-09-29 01:55 736768 ----a-w- c:\windows\system32\aticfx32.dll

2011-10-12 20:10 . 2011-10-12 20:10 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-10-12 20:10 . 2011-10-12 20:10 397312 ----a-w- c:\windows\system32\atieclxx.exe

2011-10-12 20:09 . 2011-10-12 20:09 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-10-12 20:08 . 2011-10-12 20:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-10-12 20:08 . 2011-10-12 20:08 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-10-12 20:07 . 2011-10-12 20:07 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-10-12 20:07 . 2011-10-12 20:07 20992 ----a-w- c:\windows\system32\atimuixx.dll

2011-10-12 20:07 . 2011-10-12 20:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-10-12 20:04 . 2010-09-29 01:46 4231680 ----a-w- c:\windows\system32\atidxx32.dll

2011-10-12 20:04 . 2011-10-12 20:04 18630656 ----a-w- c:\windows\system32\atioglxx.dll

2011-10-12 19:46 . 2011-10-12 19:46 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-10-12 19:46 . 2011-10-12 19:46 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-10-12 19:44 . 2011-07-08 03:00 4289024 ----a-w- c:\windows\system32\atiumdag.dll

2011-10-12 19:44 . 2011-10-12 19:44 1828864 ----a-w- c:\windows\system32\atiumdmv.dll

2011-10-12 19:42 . 2011-10-12 19:42 8391680 ----a-w- c:\windows\system32\aticaldd.dll

2011-10-12 19:39 . 2010-09-29 01:22 52736 ----a-w- c:\windows\system32\coinst.dll

2011-10-12 19:33 . 2011-07-08 02:55 4174848 ----a-w- c:\windows\system32\atiumdva.dll

2011-10-12 19:31 . 2011-10-12 19:31 335872 ----a-w- c:\windows\system32\atiadlxx.dll

2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2011-10-12 19:30 . 2011-10-12 19:30 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-10-12 19:30 . 2011-10-12 19:30 257024 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-10-12 19:29 . 2010-09-29 01:14 31744 ----a-w- c:\windows\system32\atiuxpag.dll

2011-10-12 19:29 . 2010-09-29 01:13 29184 ----a-w- c:\windows\system32\atiu9pag.dll

2011-10-12 19:28 . 2011-10-12 19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\system32\atimpc32.dll

2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\system32\amdpcom32.dll

2011-10-12 05:16 . 2011-10-12 05:16 56832 ----a-w- c:\windows\system32\OpenVideo.dll

2011-10-12 05:15 . 2011-10-12 05:15 13753856 ----a-w- c:\windows\system32\amdocl.dll

2011-10-12 05:14 . 2011-10-12 05:14 43520 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-04 08:00 . 2011-10-05 12:22 74752 ----a-w- c:\windows\system32\ff_vfw.dll

2011-10-04 03:00 . 2010-12-22 02:06 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-10-04 03:00 . 2010-12-22 02:18 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-10-04 03:00 . 2010-12-22 02:05 280904 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-10-04 02:54 . 2010-12-22 02:05 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-10-04 02:38 . 2010-04-11 02:52 138056 ----a-w- c:\users\Tommy\AppData\Roaming\PnkBstrK.sys

2011-10-04 02:38 . 2010-12-22 02:05 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-10-02 18:06 . 2010-04-19 10:49 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-30 04:57 . 2011-09-30 04:57 40960 ----a-r- c:\users\Tommy\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2011-09-30 04:57 . 2011-09-30 04:57 40960 ----a-r- c:\users\Tommy\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2011-09-26 01:33 . 2010-12-22 02:05 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe

2011-09-25 09:33 . 2011-10-05 12:22 216064 ----a-w- c:\windows\system32\lagarith.dll

2011-09-15 06:39 . 2011-09-15 06:39 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-09-01 02:35 . 2011-10-16 11:54 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28 . 2011-10-16 11:54 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22 . 2011-10-16 11:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 07:00 . 2011-03-05 22:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-30 12:05 . 2011-08-30 12:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 12:05 . 2011-08-30 12:05 73064 ----a-w- c:\windows\system32\dnssd.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-12 23:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 14:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-08-17 107000]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-12 4617600]

"Steam"="h:\steam\steam.exe" [2011-10-23 1242448]

"IDMan"="c:\program files\Internet Download Manager\idman.exe" [2011-11-13 3437976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-16 113288]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

SetPoint.lnk - c:\program files\Logitech\SetPointP\SetPoint.exe [2011-6-24 1386776]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-11 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

2011-11-13 19:52 3437976 ----a-w- c:\program files\Internet Download Manager\idman.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-05 691696]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;c:\program files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe [2011-08-21 174008]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-16 101392]

R3 CEDRIVER60;CEDRIVER60;c:\program files\Cheat Engine 6.1\dbk32.sys [2011-06-11 72576]

R3 cpuz130;cpuz130;c:\users\Tommy\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]

R3 eqDlZWbrye;eqDlZWbrye;c:\users\Tommy\Desktop\MHS6.1\FIYOI [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-06 17488]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 KnFMFwYAL;KnFMFwYAL;c:\users\Tommy\Desktop\MHS6.1\OOGAKR [x]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2009-06-24 32256]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E60A.tmp [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 104752]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-12 1343400]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Moo0\SystemMonitor 1.63\WinRing0.sys [x]

R3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [2010-05-02 5027328]

R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]

R3 ZgfbPKE;ZgfbPKE;c:\users\Tommy\Desktop\MHS6.1\EWKRD [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-29 239336]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 366936]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-03 50624]

S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]

S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-09 20008]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-06 257064]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-03 118104]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-03 33656]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 176128]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-05-03 73392]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-09-29 464224]

S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-09-29 189792]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-12 8598528]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-12 257024]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-15 232512]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 63872]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 141952]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-25 c:\windows\Tasks\AutoRearm.job

- c:\windows\AutoRearm\AutoRearm.exe [2011-10-16 07:35]

.

2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3752665119-1962638515-2146304993-1000Core.job

- c:\users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 05:52]

.

2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3752665119-1962638515-2146304993-1000UA.job

- c:\users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 05:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/

uInternet Settings,ProxyOverride = *.local

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm

IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wxpSvc]

"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\eqDlZWbrye]

"ImagePath"="\??\c:\users\Tommy\Desktop\MHS6.1\FIYOI"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KnFMFwYAL]

"ImagePath"="\??\c:\users\Tommy\Desktop\MHS6.1\OOGAKR"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\E60A.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ZgfbPKE]

"ImagePath"="\??\c:\users\Tommy\Desktop\MHS6.1\EWKRD"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3752665119-1962638515-2146304993-1000_Classes\CLSID\{01f3f54e-4872-4abc-8691-1979f83a4a36}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000cf

"Therad"=dword:0000001a

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_USERS\S-1-5-21-3752665119-1962638515-2146304993-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):51,a9,ee,4d,df,0d,f9,f3,a7,37,1f,3e,f0,71,54,c4,cb,e0,20,53,c9,

47,13,9b,87,f8,9c,65,c5,c7,7c,e4,fb,cf,6f,0a,f5,8e,dc,11,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-11-25 21:11:12

ComboFix-quarantined-files.txt 2011-11-25 10:11

.

Pre-Run: 229,646,585,856 bytes free

Post-Run: 230,137,737,216 bytes free

.

- - End Of File - - D4F166478EFA4D25C04F29A84F9C0C72

Link to post
Share on other sites

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.