Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Hijack this log


Recommended Posts

Posted

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 16:56:26, on 2011-1-15

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Fingerprint Sensor\AtService.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Acer Bio Protection\CompPtcVUI.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Acer Bio Protection\BASVC.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Soluto\SolutoService.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Spybot

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Soluto\soluto.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Acer Bio Protection\PdtWzd.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Users\owner\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe

 

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\SPYBOT~1\SDHelper.dll

O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [VitaKeyPdtWzd] "C:\Program Files\Acer Bio Protection\PdtWzd.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O8 - Extra context menu item: Save Image To humyo.com -

O8 - Extra context menu item: Save Target To humyo.com -

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O9 - Extra button: OneNote Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}ONLINESCANNER.OnlineScannerCtrl.1 - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

O23 - Service: AMD External Events Utility (AMD External Events Utility) - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -

O23 - Service: Diagnostic Policy Service (DPS) - Unknown -

O23 - Service: Group Policy Client (gpsvc) - Unknown -

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: humyo.com (humyo.com) - humyo.com Ltd. - C:\Program Files\humyo SmartDrive\hrfscore.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files\Acer Bio Protection\BASVC.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe

O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -

O23 - Service: Security Accounts Manager (SamSs) - Unknown -

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown - C:\Program Files\Spybot.dll

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: TomTomHOMEService (TomTomHOMEService) - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -

O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -

O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

 

 

Internet access very jumpy. Speedtest shows connection from 1MB to 32MB on an 8MB connection

Posted

DDS (Ver_10-12-12.02) - NTFSx86

Run by owner at 17:03:32.29 on 15/01/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2270.970 [GMT 0:00]

 

AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Security 360 *Enabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Acer Bio Protection\CompPtcVUI.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Acer Bio Protection\BASVC.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\svchost.exe -k Akamai

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\owner\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [VitaKeyPdtWzd] "c:\program files\acer bio protection\PdtWzd.exe"

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\owner\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\owner\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: Save Image To humyo.com

IE: Save Target To humyo.com

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

Hosts: 127.0.0.1 http://www.spywareinfo.com

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\39fui9ve.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - http://www.google.com

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p=

FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll

FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\39fui9ve.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\owner\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Nectar Search Toolbar: {841468a1-d7f4-4bd3-84e6-bb0f13a06c64} - %profile%\extensions\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}

FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}

FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

 

============= SERVICES / DRIVERS ===============

 

R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2010-12-9 64608]

R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [2010-12-9 33744]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-10-25 101904]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-10-22 671488]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-9-3 119256]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-12-8 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-12-8 8456]

S3 hrfsmrx;hrfsmrx;c:\windows\system32\drivers\hrfsmrx.sys [2010-9-4 144368]

 

=============== File Associations ===============

 

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

 

=============== Created Last 30 ================

 

2011-01-15 14:24:33 -------- d-----w- c:\users\owner\Backups

2011-01-15 14:23:20 -------- d-----w- c:\users\owner\appdata\roaming\Comodo

2011-01-15 14:16:02 24383 ----a-w- c:\windows\cscmondump.bin

2011-01-15 14:09:57 -------- d-----w- c:\program files\COMODO

2011-01-15 14:09:28 1060864 ----a-w- c:\windows\system32\mfc71.dll

2011-01-15 13:38:22 -------- d-----w- c:\program files\Veetle

2011-01-15 13:01:08 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{20ca2b37-9673-4dc0-8a16-e43cbba45d3e}\mpengine.dll

2011-01-10 16:54:57 181704 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys

2011-01-10 16:54:56 -------- d-----w- c:\program files\Soluto

2011-01-10 16:53:18 -------- d-----w- c:\progra~2\Soluto

2011-01-08 16:13:16 -------- d-----w- c:\users\owner\appdata\roaming\Zoner

2011-01-08 16:13:15 -------- d-----w- c:\users\owner\appdata\local\Zoner

2011-01-08 16:11:44 -------- d-----w- c:\program files\Zoner

2011-01-08 16:00:49 -------- d-----w- c:\program files\1-abc

2011-01-08 11:22:30 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2011-01-08 11:22:30 -------- d-----w- c:\program files\MagicDisc

2011-01-03 16:44:54 -------- d-----w- c:\program files\iSkysoft

2011-01-02 16:26:11 -------- d-----w- c:\windows\system32\oodag

2011-01-02 16:22:07 -------- d-----w- c:\users\owner\appdata\local\O&O

2011-01-02 16:21:41 -------- d-----w- c:\program files\OO Software

2011-01-02 16:20:48 -------- d-----w- c:\users\owner\appdata\local\Downloaded Installations

2010-12-31 14:08:08 -------- d-----w- c:\users\owner\appdata\roaming\DVDVideoSoftIEHelpers

2010-12-31 14:06:19 -------- d-----w- c:\users\owner\appdata\roaming\DVDVideoSoft

2010-12-31 14:06:09 -------- d-----w- c:\program files\common files\DVDVideoSoft

2010-12-31 14:06:04 -------- d-----w- c:\program files\DVDVideoSoft

2010-12-25 00:56:04 -------- d-----w- c:\program files\iPod

2010-12-25 00:56:03 -------- d-----w- c:\program files\iTunes

2010-12-25 00:56:03 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-12-19 12:07:58 -------- d-----w- c:\users\owner\appdata\roaming\Sports Interactive

2010-12-19 12:07:58 -------- d-----w- c:\users\owner\appdata\local\Sports Interactive

2010-12-19 11:11:42 453456 ----a-w- c:\windows\d3dx10_41.dll

2010-12-19 11:11:38 4178264 ----a-w- c:\windows\D3DX9_41.dll

2010-12-19 08:28:59 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com

2010-12-19 08:28:19 -------- d-----w- c:\program files\SUPERAntiSpyware

 

==================== Find3M ====================

 

2011-01-08 20:11:21 87608 ----a-w- c:\users\owner\appdata\roaming\inst.exe

2011-01-08 20:11:21 47360 ----a-w- c:\users\owner\appdata\roaming\pcouffin.sys

2010-12-09 19:23:46 157777 ----a-w- c:\progra~2\bdinstall.bin

2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-25 20:31:27 691 ----a-w- c:\users\owner\appdata\roaming\GetValue.vbs

2010-11-25 20:31:27 35 ----a-w- c:\users\owner\appdata\roaming\SetValue.bat

2010-11-25 20:31:26 1958 ----a-w- c:\windows\system32\tmp.reg

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-02 04:41:36 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2010-11-02 04:41:36 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2010-11-02 04:41:36 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 04:36:16 801792 ----a-w- c:\windows\system32\FntCache.dll

2010-11-02 04:35:51 1074176 ----a-w- c:\windows\system32\DWrite.dll

2010-11-02 04:35:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2010-11-02 04:35:34 739840 ----a-w- c:\windows\system32\d2d1.dll

2010-11-02 04:35:34 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2010-11-02 04:35:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe

2010-11-02 04:23:44 107520 ----a-w- c:\windows\system32\cdd.dll

2010-10-28 12:23:06 2217088 ----a-w- c:\windows\system32\BootMan.exe

2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll

2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

 

============= FINISH: 17:11:34.79 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 03/09/2010 13:33:10

System Uptime: 15/01/2011 16:27:26 (1 hours ago)

 

Motherboard: Acer, Inc. | | Capitan

Processor: AMD Athlon X2 Dual-Core QL-64 | Socket M2/S1G1 | 2100/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 298 GiB total, 148.831 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is CDROM (CDFS)

 

==== Disabled Device Manager Items =============

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0001

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #2

PNP Device ID: ROOT\*ISATAP\0001

Service: tunnel

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

 

Class GUID:

Description:

Device ID: ROOT\SYSTEM\0001

Manufacturer:

Name:

PNP Device ID: ROOT\SYSTEM\0001

Service:

 

Class GUID:

Description:

Device ID: ROOT\LEGACY_LAVASOFT_KERNEXPLORER\0000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_LAVASOFT_KERNEXPLORER\0000

Service:

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0000

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter

PNP Device ID: ROOT\*ISATAP\0000

Service: tunnel

 

==== System Restore Points ===================

 

 

==== Installed Programs ======================

 

Acer Bio Protection

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Shockwave Player 11.5

Advanced SystemCare 3

Akamai NetSession Interface

AMD USB Filter Driver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

µTorrent

AuthenTec Fingerprint Software

Bonjour

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

COMODO System-Cleaner

ConvertXtoDVD 4.1.2.336

D3DX10

Definition update for Microsoft Office 2010 (KB982726)

doPDF 7.1 printer

Dropbox

DVD Identifier

DVD Shrink 3.2

EASEUS Partition Master 6.5.1 Professional

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Print CD

EPSON PX650 Series Printer Uninstall

EPSON Scan

ESET Online Scanner v3

File Shredder 2.0

Fingerprint Solution

Free Studio version 5.0.3

Google Chrome

Google Earth

Google Update Helper

HDAUDIO Soft Data Fax Modem with SmartCP

High-Definition Video Playback 10

humyo SmartDrive

iDump (Freeware) Build:31

ImgBurn

IObit Security 360

iSkysoft Video Converter(Build 2.2.0.0)

iTunes

Java Auto Updater

Java 6 Update 20

Java 6 Update 21

JMicron Flash Media Controller Driver

K-Lite Codec Pack 4.0.0 (Full)

Kaspersky Internet Security 2011

Launch Manager

MagicDisc 2.7.106

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.6.12)

Mozilla Thunderbird (3.1.6)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero DiscCopy Gadget 10

Nero DiscCopyGadget 10 Help (CHM)

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Multimedia Suite 10

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero SoundTrax 10

Nero SoundTrax 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor 10

Nero WaveEditor 10 Help (CHM)

Nitro PDF Reader

novaPDF Lite Desktop 7.1 printer

O&O Defrag Professional

PeerBlock 1.1 (r518)

QuickTime

Realtek High Definition Audio Driver

Recuva

Revo Uninstaller 1.91

Smart Defrag

Software Informer 1.0 BETA

Soluto

Spybot - Search & Destroy

SUPERAntiSpyware

Synaptics Pointing Device Driver

System TuneUp

TeamViewer 5

TomTom HOME 2.7.6.2056

TomTom HOME Visual Studio Merge Modules

Uniblue SpeedUpMyPC

Uninstall 1.0.0.1

Unlocker 1.9.0

Upgrade Kit

Veetle TV 0.9.18

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 1.1.5

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

WinFF 1.3.1

WinRAR

Wise Disk Cleaner 5.71

Xvid 1.2.2 final uninstall

Youtube Downloader HD v. 2.2

Zoner Photo Studio 12

 

==== End Of File ===========================

Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

8. Please do not run any other tools unless requested by myself.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

****************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

 

******************************************

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

**********************************************

P2P - I see you have P2P software installed on your machine (µTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

*************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Posted

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 01/22/2011 at 04:32 PM

 

Application Version : 4.47.1000

 

Core Rules Database Version : 6214

Trace Rules Database Version: 4026

 

Scan type : Complete Scan

Total Scan Time : 02:46:07

 

Memory items scanned : 471

Memory threats detected : 0

Registry items scanned : 9017

Registry threats detected : 0

File items scanned : 114290

File threats detected : 3

 

Adware.Tracking Cookie

media1.break.com [ C:\Users\owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\47L5SUZK ]

secure-us.imrworldwide.com [ C:\Users\owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\47L5SUZK ]

http://www.naiadsystems.com [ C:\Users\owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\47L5SUZK ]

Posted

Results of screen317's Security Check version 0.99.8

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

 

 

Kaspersky crashed the other day after I posted first logs. Could not recover it or reinstal it so installed avast free and pctools firewall

Posted
I still need the MBAM log.

 

Just finished

 

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 5571

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

22/01/2011 18:55:17

mbam-log-2011-01-22 (18-55-17).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 269180

Time elapsed: 2 hour(s), 13 minute(s), 46 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Posted

Download OTL to your desktop.

 

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

* When the window appears, underneath Output at the top change it to Minimal Output.

* Check the boxes beside LOP Check and Purity Check.

* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

 

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

 

Please copy and pate the contents of these files, one at a time, into your next reply.

 

Note: You may need two or more posts to fit them all in.

Posted

OTL Extras logfile created on: 22/01/2011 19:21:42 - Run 1

OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\owner\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free

5.00 Gb Paging File | 3.00 Gb Available in Paging File | 58.00% Paging File free

Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 297.99 Gb Total Space | 141.06 Gb Free Space | 47.34% Space Free | Partition Type: NTFS

Drive F: | 2.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

 

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0x00000000

"FirewallDisableNotify" = 0x00000000

"UpdatesDisableNotify" = 0x00000000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0DCF3CFB-0FB6-01DF-AA2B-3DBC40A5839F}" = Catalyst Control Center Graphics Full Existing

"{10035C61-374F-4E19-3DE6-FFAD64F20152}" = CCC Help Portuguese

"{1107B37C-A748-A839-7B95-C22668E84446}" = CCC Help Chinese Standard

"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)

"{172BE173-7514-13D8-26A0-21BE6D02849A}" = CCC Help Finnish

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1BB4C660-E5E0-8C76-52CA-861A3F1C122C}" = CCC Help Dutch

"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{1FA94A28-5D32-CDC3-4FC7-F8AB6842AB55}" = CCC Help Japanese

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java 6 Update 20

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 23

"{26E5F8B6-CB96-D266-6631-C2E998138A48}" = CCC Help Thai

"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10

"{2C997A7A-B527-6250-B6FE-696E72290CCF}" = CCC Help German

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{3143EA78-CF29-631E-DD1D-E567A0939D73}" = Catalyst Control Center Graphics Light

"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{36A98148-A6B5-EBA5-6353-9833C7F5C06E}" = Catalyst Control Center Graphics Full New

"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2

"{3B9D1BC9-B8FE-4CD8-945F-A72897E904B6}" = Soluto

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3DBA8005-4659-C0C2-32FC-CCAEBA155AC6}" = CCC Help Russian

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{453DC0A2-6F09-FCEC-57A0-2B3540B363B4}" = CCC Help Korean

"{46E6CCE4-99DA-F751-555A-A83D08727108}" = CCC Help Polish

"{48FD7162-300B-FBD6-BBF1-E787DCA61C02}" = CCC Help Swedish

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{5239B19E-21EE-327A-7F8A-47ABC68BA306}" = CCC Help English

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic

"{6560081A-2245-41B9-CF3C-7EA6C9BEAE51}" = Catalyst Control Center Localization All

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6C810E30-FC8A-7059-5752-8800FCA6203C}" = CCC Help Chinese Traditional

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{6E699A98-4FDF-AC94-8F2B-8ECCAC09794A}" = ccc-utility

"{6E810309-4B18-4DC4-A383-F0FB830B02B1}" = AuthenTec Fingerprint Software

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{75EF9F92-76D4-F910-6A98-AE8F2EBF99BB}" = ccc-core-static

"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)

"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10

"{7BC46298-4325-EDF3-D3EA-C39390B315AF}" = CCC Help Turkish

"{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}" = O&O Defrag Professional

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10

"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB39BF09-4A6D-4D5A-C18C-5FA93ACA7AEF}" = Catalyst Control Center InstallProxy

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B2717DE0-E633-F8A5-727A-30EE10F85932}" = CCC Help Norwegian

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C0AF9DFE-8B2A-4AC4-22B8-F0EF518C8443}" = CCC Help Greek

"{C12F5BC8-AA4A-6046-2C5C-5822317733CD}" = CCC Help French

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C4039DC0-905D-4372-8B20-120F0B6CF283}" = COMODO System-Cleaner

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C6A037B6-C14B-D618-01F2-75F7C6DFF69E}" = CCC Help Danish

"{C7C7ABDD-3787-A13B-1F47-27CA9C39DB96}" = CCC Help Spanish

"{C9FD8F40-C7BB-A23E-4C87-57485D7501EF}" = CCC Help Czech

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DB44C345-3CD6-0076-D710-47936E6B4BA6}" = CCC Help Hungarian

"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.2.336

"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)

"{DDB21979-9370-4D64-A54C-BE43F2282F18}" = Nitro PDF Reader

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10

"{E2DFCB25-A7CE-AEF9-99C2-2421F076C840}" = CCC Help Italian

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC

"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:31

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{EFBB78E7-56FF-9793-E36D-E2F4FEEFB6C7}" = ATI Catalyst Install Manager

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Advanced SystemCare 3_is1" = Advanced SystemCare 3

"Akamai" = Akamai NetSession Interface

"avast5" = avast! Free Antivirus

"CCleaner" = CCleaner

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"doPDF 7 printer_is1" = doPDF 7.1 printer

"DVD Identifier_is1" = DVD Identifier

"DVD Shrink_is1" = DVD Shrink 3.2

"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 6.5.1 Professional

"EPSON PX650 Series" = EPSON PX650 Series Printer Uninstall

"EPSON Scanner" = EPSON Scan

"ESET Online Scanner" = ESET Online Scanner v3

"File Shredder_is1" = File Shredder 2.0

"Football Manager 2010" = Football Manager 2010

"Free Studio_is1" = Free Studio version 5.0.3

"HFRS_is1" = humyo SmartDrive

"ImgBurn" = ImgBurn

"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection

"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011

"IObit Security 360_is1" = IObit Security 360

"iSkysoft Video Converter_is1" = iSkysoft Video Converter(Build 2.2.0.0)

"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)

"LManager" = Launch Manager

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)

"novaPDF Lite Desktop 7 printer_is1" = novaPDF Lite Desktop 7.1 printer

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0

"Recuva" = Recuva

"Revo Uninstaller" = Revo Uninstaller 1.91

"Smart Defrag_is1" = Smart Defrag

"Software Informer_is1" = Software Informer 1.0 BETA

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"System TuneUp_is1" = System TuneUp

"TeamViewer 5" = TeamViewer 5

"TomTom HOME" = TomTom HOME 2.7.6.2056

"Uninstall_is1" = Uninstall 1.0.0.1

"Unlocker" = Unlocker 1.9.0

"uTorrent" = µTorrent

"Veetle TV" = Veetle TV 0.9.18

"VLC media player" = VLC media player 1.1.5

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinFF_is1" = WinFF 1.3.1

"WinLiveSuite" = Windows Live Essentials

"WinRAR" = WinRAR

"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.71

"Xvid_is1" = Xvid 1.2.2 final uninstall

"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.2

"ZonerPhotoStudio12_EN_is1" = Zoner Photo Studio 12

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 17/01/2011 09:01:37 | Computer Name = owner-PC | Source = Windows Search Service | ID = 3058

Description =

 

Error - 17/01/2011 09:01:37 | Computer Name = owner-PC | Source = Windows Search Service | ID = 7010

Description =

 

Error - 17/01/2011 11:26:41 | Computer Name = owner-PC | Source = VSS | ID = 8194

Description =

 

Error - 19/01/2011 02:49:58 | Computer Name = owner-PC | Source = Application Error | ID = 1000

Description = Faulting application name: AtService.exe, version: 8.5.2.3, time stamp:

0x4a794298 Faulting module name: AtService.exe, version: 8.5.2.3, time stamp: 0x4a794298

Exception

code: 0x40000015 Fault offset: 0x000d64a4 Faulting process id: 0x394 Faulting application

start time: 0x01cbb7a508bd9610 Faulting application path: C:\Program Files\Fingerprint

Sensor\AtService.exe Faulting module path: C:\Program Files\Fingerprint Sensor\AtService.exe

Report

Id: 54262af2-2398-11e0-8ee5-00238bee7c86

 

Error - 19/01/2011 02:53:43 | Computer Name = owner-PC | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 1.9.2.3989 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 16c0 Start

Time: 01cbb7a57ec82c6f Termination Time: 177 Application Path: C:\Program Files\Mozilla

Firefox\firefox.exe Report Id: d46b187e-2398-11e0-8ee5-00238bee7c86

 

Error - 19/01/2011 08:48:02 | Computer Name = owner-PC | Source = Application Error | ID = 1000

Description = Faulting application name: AtService.exe, version: 8.5.2.3, time stamp:

0x4a794298 Faulting module name: AtService.exe, version: 8.5.2.3, time stamp: 0x4a794298

Exception

code: 0x40000015 Fault offset: 0x000d64a4 Faulting process id: 0x3a0 Faulting application

start time: 0x01cbb7d70dec2c59 Faulting application path: C:\Program Files\Fingerprint

Sensor\AtService.exe Faulting module path: C:\Program Files\Fingerprint Sensor\AtService.exe

Report

Id: 59619331-23ca-11e0-bdaf-00238bee7c86

 

Error - 20/01/2011 04:29:46 | Computer Name = owner-PC | Source = Application Error | ID = 1000

Description = Faulting application name: AtService.exe, version: 8.5.2.3, time stamp:

0x4a794298 Faulting module name: AtService.exe, version: 8.5.2.3, time stamp: 0x4a794298

Exception

code: 0x40000015 Fault offset: 0x000d64a4 Faulting process id: 0x3a4 Faulting application

start time: 0x01cbb87c21810dd6 Faulting application path: C:\Program Files\Fingerprint

Sensor\AtService.exe Faulting module path: C:\Program Files\Fingerprint Sensor\AtService.exe

Report

Id: 6fbb593e-246f-11e0-b1e4-00238bee7c86

 

Error - 20/01/2011 04:46:10 | Computer Name = owner-PC | Source = Application Error | ID = 1000

Description = Faulting application name: vlc.exe, version: 1.1.5.0, time stamp:

0x4cdec0ee Faulting module name: vlc.exe, version: 1.1.5.0, time stamp: 0x4cdec0ee

Exception

code: 0xc0000005 Fault offset: 0x000016e8 Faulting process id: 0x9ac Faulting application

start time: 0x01cbb87e769ae066 Faulting application path: C:\Program Files\VideoLAN\VLC\vlc.exe

Faulting

module path: C:\Program Files\VideoLAN\VLC\vlc.exe Report Id: ba0d12c2-2471-11e0-b1e4-00238bee7c86

 

Error - 20/01/2011 04:46:44 | Computer Name = owner-PC | Source = Application Error | ID = 1000

Description = Faulting application name: vlc.exe, version: 1.1.5.0, time stamp:

0x4cdec0ee Faulting module name: vlc.exe, version: 1.1.5.0, time stamp: 0x4cdec0ee

Exception

code: 0xc0000005 Fault offset: 0x000016e8 Faulting process id: 0x15d4 Faulting application

start time: 0x01cbb87e8b94e777 Faulting application path: C:\Program Files\VideoLAN\VLC\vlc.exe

Faulting

module path: C:\Program Files\VideoLAN\VLC\vlc.exe Report Id: ce3ac625-2471-11e0-b1e4-00238bee7c86

 

Error - 20/01/2011 04:47:00 | Computer Name = owner-PC | Source = Application Error | ID = 1000

Description = Faulting application name: vlc.exe, version: 1.1.5.0, time stamp:

0x4cdec0ee Faulting module name: vlc.exe, version: 1.1.5.0, time stamp: 0x4cdec0ee

Exception

code: 0xc0000005 Fault offset: 0x000016e8 Faulting process id: 0x13c0 Faulting application

start time: 0x01cbb87e96615832 Faulting application path: C:\Program Files\VideoLAN\VLC\vlc.exe

Faulting

module path: C:\Program Files\VideoLAN\VLC\vlc.exe Report Id: d7ff11d1-2471-11e0-b1e4-00238bee7c86

 

[ Media Center Events ]

Error - 08/11/2010 21:34:45 | Computer Name = owner-PC | Source = MCUpdate | ID = 0

Description = 01:34:45 - Error connecting to the internet. 01:34:45 - Unable

to contact server..

 

Error - 08/11/2010 21:34:58 | Computer Name = owner-PC | Source = MCUpdate | ID = 0

Description = 01:34:50 - Error connecting to the internet. 01:34:50 - Unable

to contact server..

 

Error - 19/11/2010 19:04:26 | Computer Name = owner-PC | Source = MCUpdate | ID = 0

Description = 23:04:22 - Error connecting to the internet. 23:04:22 - Unable

to contact server..

 

Error - 19/11/2010 19:15:46 | Computer Name = owner-PC | Source = MCUpdate | ID = 0

Description = 23:04:39 - Error connecting to the internet. 23:04:39 - Unable

to contact server..

 

Error - 19/11/2010 20:15:47 | Computer Name = owner-PC | Source = MCUpdate | ID = 0

Description = 00:15:47 - Error connecting to the internet. 00:15:47 - Unable

to contact server..

 

Error - 19/11/2010 20:15:58 | Computer Name = owner-PC | Source = MCUpdate | ID = 0

Description = 00:15:53 - Error connecting to the internet. 00:15:53 - Unable

to contact server..

 

Error - 19/11/2010 21:16:05 | Computer Name = owner-PC | Source = MCUpdate | ID = 0

Description = 01:16:05 - Error connecting to the internet. 01:16:05 - Unable

to contact server..

 

Error - 19/11/2010 21:16:16 | Computer Name = owner-PC | Source = MCUpdate | ID = 0

Description = 01:16:10 - Error connecting to the internet. 01:16:10 - Unable

to contact server..

 

Error - 19/11/2010 22:16:22 | Computer Name = owner-PC | Source = MCUpdate | ID = 0

Description = 02:16:22 - Error connecting to the internet. 02:16:22 - Unable

to contact server..

 

Error - 19/11/2010 22:16:30 | Computer Name = owner-PC | Source = MCUpdate | ID = 0

Description = 02:16:27 - Error connecting to the internet. 02:16:27 - Unable

to contact server..

 

[ System Events ]

Error - 20/01/2011 04:29:02 | Computer Name = owner-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

 

Error - 20/01/2011 04:29:12 | Computer Name = owner-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

 

Error - 20/01/2011 04:29:27 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000

Description = The Kaspersky Anti-Virus Service service failed to start due to the

following error: %%2

 

Error - 20/01/2011 04:30:13 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7034

Description = The AuthenTec Fingerprint Service service terminated unexpectedly.

It has done this 1 time(s).

 

Error - 20/01/2011 10:16:14 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the SolutoService service.

 

Error - 20/01/2011 10:16:15 | Computer Name = owner-PC | Source = DCOM | ID = 10010

Description =

 

Error - 22/01/2011 04:52:50 | Computer Name = owner-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

 

Error - 22/01/2011 04:53:00 | Computer Name = owner-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

 

Error - 22/01/2011 04:53:15 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000

Description = The Kaspersky Anti-Virus Service service failed to start due to the

following error: %%2

 

Error - 22/01/2011 09:25:22 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the eventlog service.

 

 

< End of report >

Posted

OTL logfile created on: 22/01/2011 19:21:42 - Run 1

OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\owner\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free

5.00 Gb Paging File | 3.00 Gb Available in Paging File | 58.00% Paging File free

Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 297.99 Gb Total Space | 141.06 Gb Free Space | 47.34% Space Free | Partition Type: NTFS

Drive F: | 2.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

 

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe ()

PRC - C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)

PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)

PRC - C:\Program Files\Soluto\SolutoService.exe (Soluto)

PRC - C:\Program Files\Soluto\Soluto.exe (Soluto)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\IObit\IObit Security 360\is360.exe (IObit)

PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()

PRC - C:\Program Files\IObit\IObit Security 360\is360tray.exe (IObit)

PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)

PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)

PRC - C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)

PRC - C:\Program Files\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)

PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\owner\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (AVP) -- File not found

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll ()

SRV - (Cleaner_Validator) -- C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe ()

SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (NitroReaderDriverReadSpool) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software)

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (humyo.com) -- C:\Program Files\humyo SmartDrive\hrfscore.exe (humyo.com Ltd.)

SRV - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)

SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)

SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (IGBASVC) -- C:\Program Files\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)

SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)

DRV - (CFRPD) -- C:\Windows\System32\drivers\CFRPD.sys (Windows ® Win 7 DDK provider)

DRV - (CFRMD) -- C:\Windows\System32\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)

DRV - (PCTAppEvent) -- C:\Windows\System32\drivers\PCTAppEvent.sys (PC Tools)

DRV - (pctplfw) -- C:\Windows\System32\drivers\pctplfw.sys (PC Tools)

DRV - (PCTFW-PacketFilter) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys (PC Tools)

DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (PCGenFAM) -- C:\Windows\system32\DRIVERS\PCGenFAM.sys (Soluto LTD.)

DRV - (hrfsmrx) -- C:\Windows\System32\Drivers\hrfsmrx.sys (humyo.com Ltd.)

DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)

DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()

DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()

DRV - (pctNdisMP) -- C:\Windows\System32\drivers\pctNdis.sys (PC Tools)

DRV - (pctNdis) -- C:\Windows\System32\drivers\pctNdis.sys (PC Tools)

DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)

DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)

DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)

DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)

DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)

DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)

DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)

DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)

DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)

DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)

DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()

DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)

DRV - (SBKUPNT) -- C:\Windows\System32\drivers\SBKUPNT.SYS ()

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 75 9B 73 D0 8C CB 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.selectedEngine: "eBay Negs"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.6.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {841468a1-d7f4-4bd3-84e6-bb0f13a06c64}:1.300.346

FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501

FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: twitzerTiny@shorttext.com:1.5

FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p="

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/19 09:15:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/18 08:43:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/10 16:35:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/12/19 09:15:51 | 000,000,000 | ---D | M]

 

[2010/09/05 01:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions

[2010/09/05 01:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010/09/04 13:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

[2011/01/22 09:21:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\39fui9ve.default\extensions

[2011/01/17 11:41:21 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\39fui9ve.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

[2010/12/22 20:35:34 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\39fui9ve.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}

[2010/12/31 13:28:17 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\39fui9ve.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

[2010/12/10 17:47:05 | 000,000,000 | ---D | M] (Nectar Search Toolbar) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\39fui9ve.default\extensions\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}

[2010/12/31 14:08:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\39fui9ve.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010/12/25 00:48:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\39fui9ve.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/01/22 09:20:49 | 000,000,000 | ---D | M] (Twitzer - Twitter more!) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\39fui9ve.default\extensions\twitzerTiny@shorttext.com

[2010/09/23 09:38:16 | 000,000,903 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\39fui9ve.default\searchplugins\ebay-negs.xml

[2010/12/10 17:47:52 | 000,001,147 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\39fui9ve.default\searchplugins\yahoo-search.xml

[2011/01/18 08:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/18 16:05:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/04 16:16:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2011/01/18 08:49:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2010/12/09 19:42:12 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru

[2010/12/09 19:42:10 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/07/23 00:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/07/23 00:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/07/23 00:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/07/23 00:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

 

O1 HOSTS File: ([2011/01/22 10:03:13 | 000,428,727 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 http://www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 http://www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 http://www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 http://www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 http://www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 http://www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 http://www.100888290cs.com

O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 http://www.10sek.com

O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 14759 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)

O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube Download - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)

O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - File not found

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/07/30 08:30:42 | 000,000,154 | R--- | M] () - F:\autorun.cfg -- [ UDF ]

O32 - AutoRun File - [2008/11/27 12:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - F:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2006/09/11 13:26:42 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Posted

========== Files/Folders - Created Within 30 Days ==========

 

[2011/01/22 19:18:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

[2011/01/22 16:39:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/01/22 16:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/01/22 16:38:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/01/18 08:49:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/01/18 08:49:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/01/18 08:49:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/01/17 15:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive

[2011/01/17 15:31:27 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Sports Interactive

[2011/01/17 15:28:15 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll

[2011/01/17 15:28:14 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll

[2011/01/17 15:28:14 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll

[2011/01/17 15:28:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll

[2011/01/17 15:28:13 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll

[2011/01/17 15:28:13 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll

[2011/01/17 15:28:12 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll

[2011/01/17 15:28:11 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll

[2011/01/17 15:28:11 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll

[2011/01/17 15:28:11 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll

[2011/01/17 15:28:10 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll

[2011/01/17 15:28:10 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll

[2011/01/17 15:28:10 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll

[2011/01/17 15:28:09 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll

[2011/01/17 15:28:09 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll

[2011/01/17 15:28:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll

[2011/01/17 15:28:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll

[2011/01/17 15:28:08 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll

[2011/01/17 15:28:08 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll

[2011/01/17 15:28:07 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll

[2011/01/17 15:28:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll

[2011/01/17 15:28:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll

[2011/01/17 15:28:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll

[2011/01/17 15:28:06 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll

[2011/01/17 15:28:05 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll

[2011/01/17 15:28:05 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll

[2011/01/17 15:28:05 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll

[2011/01/17 15:28:05 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll

[2011/01/17 15:28:05 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll

[2011/01/17 15:28:04 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll

[2011/01/17 15:28:03 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll

[2011/01/17 15:28:03 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll

[2011/01/17 15:28:03 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll

[2011/01/17 15:28:02 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll

[2011/01/17 15:28:02 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll

[2011/01/17 15:28:01 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll

[2011/01/17 15:28:01 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll

[2011/01/17 15:28:00 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll

[2011/01/17 15:28:00 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll

[2011/01/17 15:28:00 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll

[2011/01/17 15:28:00 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll

[2011/01/17 15:27:59 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll

[2011/01/17 15:27:58 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll

[2011/01/17 15:27:58 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll

[2011/01/17 15:27:58 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll

[2011/01/17 15:27:57 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll

[2011/01/17 15:27:57 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll

[2011/01/17 15:27:55 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll

[2011/01/17 15:27:54 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll

[2011/01/17 15:27:54 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll

[2011/01/17 15:27:53 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll

[2011/01/17 15:27:52 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll

[2011/01/17 15:27:51 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll

[2011/01/17 15:27:51 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll

[2011/01/17 15:27:51 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll

[2011/01/17 15:27:50 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll

[2011/01/17 15:27:50 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll

[2011/01/17 15:27:50 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll

[2011/01/17 15:27:49 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll

[2011/01/17 15:27:49 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll

[2011/01/17 15:27:40 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll

[2011/01/17 15:27:39 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll

[2011/01/17 15:27:39 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll

[2011/01/17 15:27:39 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll

[2011/01/17 15:27:39 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll

[2011/01/17 15:27:37 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll

[2011/01/17 15:27:37 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll

[2011/01/17 15:27:37 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll

[2011/01/17 15:27:36 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll

[2011/01/17 15:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Sports Interactive

[2011/01/17 15:19:31 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry

[2011/01/17 15:18:52 | 000,000,000 | -H-D | C] -- C:\Users\owner\InstallAnywhere

[2011/01/17 13:24:15 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys

[2011/01/17 13:24:15 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys

[2011/01/17 13:24:10 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys

[2011/01/17 13:24:10 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys

[2011/01/17 13:11:01 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2011/01/17 13:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2011/01/17 13:11:00 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2011/01/17 13:10:54 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2011/01/17 13:10:50 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2011/01/17 13:10:47 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2011/01/17 13:10:17 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/01/17 13:10:15 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2011/01/17 13:09:41 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\PCToolsFirewallPlus

[2011/01/17 13:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Firewall Plus

[2011/01/17 13:09:00 | 000,089,192 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys

[2011/01/17 13:09:00 | 000,057,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis.sys

[2011/01/17 13:09:00 | 000,032,808 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys

[2011/01/17 13:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2011/01/17 13:08:59 | 000,124,992 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys

[2011/01/17 13:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus

[2011/01/17 13:01:06 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2011/01/15 14:24:33 | 000,000,000 | ---D | C] -- C:\Users\owner\Backups

[2011/01/15 14:23:20 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Comodo

[2011/01/15 14:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO

[2011/01/15 14:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2011/01/15 14:09:28 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll

[2011/01/15 13:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle

[2011/01/11 23:21:43 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll

[2011/01/11 23:21:39 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011/01/11 23:21:39 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011/01/11 23:21:39 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll

[2011/01/11 23:21:39 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011/01/11 23:21:39 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011/01/11 23:21:38 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll

[2011/01/11 23:21:38 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011/01/11 23:21:38 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011/01/11 23:21:38 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys

[2011/01/11 23:21:38 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011/01/11 23:21:38 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011/01/11 23:21:38 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011/01/10 16:54:57 | 000,181,704 | ---- | C] (Soluto LTD.) -- C:\Windows\System32\drivers\PCGenFAM.sys

[2011/01/10 16:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto

[2011/01/10 16:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto

[2011/01/10 16:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto

[2011/01/08 16:14:14 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\ZPS12

[2011/01/08 16:13:16 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Zoner

[2011/01/08 16:13:15 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Zoner

[2011/01/08 16:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 12

[2011/01/08 16:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Zoner

[2011/01/08 16:00:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-abc

[2011/01/08 16:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\1-abc

[2011/01/08 11:24:17 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc

[2011/01/08 11:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc

[2011/01/08 11:22:30 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys

[2011/01/08 11:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc

[2011/01/07 13:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

[2011/01/03 16:48:43 | 022,996,174 | ---- | C] (iSkysoft Software ) -- C:\Users\owner\Documents\download.exe

[2011/01/03 16:45:56 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\iSkysoft Video Converter

[2011/01/03 16:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft

[2011/01/03 16:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\iSkysoft

[2011/01/02 16:26:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\oodag

[2011/01/02 16:22:07 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\O&O

[2011/01/02 16:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software

[2011/01/02 16:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software

[2011/01/02 16:20:48 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Downloaded Installations

[2010/12/31 14:08:08 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers

[2010/12/31 14:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2010/12/31 14:06:19 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\DVDVideoSoft

[2010/12/31 14:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft

[2010/12/31 14:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft

[2010/12/31 14:05:54 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\DVDVideoSoft

[2010/12/29 13:11:21 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2010/12/25 00:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2010/12/25 00:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/12/25 00:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/12/25 00:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/11/10 15:36:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\owner\AppData\Roaming\pcouffin.sys

 

========== Files - Modified Within 30 Days ==========

 

[2011/01/22 19:46:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/01/22 19:27:05 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2035037363-3567214866-567279524-1000UA.job

[2011/01/22 19:19:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

[2011/01/22 14:10:05 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\COMODO Updater.job

[2011/01/22 13:30:46 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/01/22 13:30:46 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/01/22 10:03:13 | 000,428,727 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/01/22 08:54:28 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job

[2011/01/22 08:53:23 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job

[2011/01/22 08:53:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/01/22 08:53:00 | 1785,532,416 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/22 08:52:59 | 000,033,544 | ---- | M] () -- C:\Windows\System32\oodbs.lor

[2011/01/20 14:52:40 | 000,128,318 | ---- | M] () -- C:\Windows\cscmondump.bin

[2011/01/20 14:52:27 | 000,321,438 | ---- | M] () -- C:\Windows\CSC_ActiveCleanLog.dat

[2011/01/20 14:52:27 | 000,142,808 | ---- | M] () -- C:\Windows\CSC_ServiceDump.dat

[2011/01/17 13:11:02 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/01/17 13:10:47 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2011/01/15 14:36:24 | 000,000,124 | ---- | M] () -- C:\Users\owner\Documents\ax_files.xml

[2011/01/15 14:10:45 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\COMODO System-Cleaner.lnk

[2011/01/15 14:09:28 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll

[2011/01/15 13:55:57 | 000,428,727 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110122-100312.backup

[2011/01/15 13:52:58 | 000,428,727 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110115-135557.backup

[2011/01/15 13:27:56 | 000,002,397 | ---- | M] () -- C:\Users\owner\Desktop\Google Chrome.lnk

[2011/01/15 12:54:27 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/01/13 08:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/01/13 08:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2011/01/13 08:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2011/01/13 08:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2011/01/13 08:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2011/01/13 08:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2011/01/13 08:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2011/01/11 21:27:00 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2035037363-3567214866-567279524-1000Core.job

[2011/01/11 07:48:33 | 000,166,768 | ---- | M] () -- C:\Users\owner\Documents\sdfclfraud.docx

[2011/01/10 16:56:44 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2011/01/10 16:24:49 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job

[2011/01/10 16:24:47 | 000,631,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/01/10 16:24:47 | 000,111,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/01/10 15:14:16 | 000,167,054 | ---- | M] () -- C:\Users\owner\Documents\experian.docx

[2011/01/10 15:13:19 | 000,167,087 | ---- | M] () -- C:\Users\owner\Documents\ccredit.docx

[2011/01/10 15:12:19 | 000,167,002 | ---- | M] () -- C:\Users\owner\Documents\efax.docx

[2011/01/10 14:59:45 | 000,165,438 | ---- | M] () -- C:\Users\owner\Documents\mlhp.docx

[2011/01/09 09:31:31 | 000,001,889 | ---- | M] () -- C:\Users\owner\Desktop\PeerBlock.lnk

[2011/01/09 09:16:07 | 000,001,183 | ---- | M] () -- C:\Users\owner\Desktop\Downloads - Shortcut.lnk

[2011/01/08 20:11:21 | 000,087,608 | ---- | M] () -- C:\Users\owner\AppData\Roaming\inst.exe

[2011/01/08 20:11:21 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\owner\AppData\Roaming\pcouffin.sys

[2011/01/08 20:11:21 | 000,007,887 | ---- | M] () -- C:\Users\owner\AppData\Roaming\pcouffin.cat

[2011/01/08 20:11:21 | 000,001,144 | ---- | M] () -- C:\Users\owner\AppData\Roaming\pcouffin.inf

[2011/01/08 16:49:25 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/01/08 16:12:18 | 000,002,039 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 12.lnk

[2011/01/08 16:12:18 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Zoner Photo Studio 12.lnk

[2011/01/08 11:24:17 | 000,000,923 | ---- | M] () -- C:\Users\owner\Desktop\MagicDisc.lnk

[2011/01/07 13:26:53 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2011/01/03 16:50:35 | 022,996,174 | ---- | M] (iSkysoft Software ) -- C:\Users\owner\Documents\download.exe

[2011/01/03 16:45:03 | 000,001,225 | ---- | M] () -- C:\Users\owner\Desktop\iSkysoft Video Converter.lnk

[2011/01/03 15:39:38 | 000,428,463 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110115-135258.backup

[2011/01/02 16:21:44 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk

[2010/12/31 14:07:56 | 000,001,197 | ---- | M] () -- C:\Users\owner\Desktop\DVDVideoSoft Free Studio.lnk

[2010/12/29 13:11:23 | 000,001,222 | ---- | M] () -- C:\Users\owner\Desktop\Revo Uninstaller.lnk

[2010/12/25 00:57:19 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

 

========== Files Created - No Company Name ==========

 

[2011/01/17 13:11:02 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/01/15 16:18:15 | 000,321,438 | ---- | C] () -- C:\Windows\CSC_ActiveCleanLog.dat

[2011/01/15 16:18:15 | 000,142,808 | ---- | C] () -- C:\Windows\CSC_ServiceDump.dat

[2011/01/15 14:16:02 | 000,128,318 | ---- | C] () -- C:\Windows\cscmondump.bin

[2011/01/15 14:10:56 | 000,000,450 | ---- | C] () -- C:\Windows\tasks\COMODO Updater.job

[2011/01/15 14:10:45 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\COMODO System-Cleaner.lnk

[2011/01/10 16:56:44 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2011/01/10 15:14:15 | 000,167,054 | ---- | C] () -- C:\Users\owner\Documents\experian.docx

[2011/01/10 15:13:18 | 000,167,087 | ---- | C] () -- C:\Users\owner\Documents\ccredit.docx

[2011/01/10 15:12:18 | 000,167,002 | ---- | C] () -- C:\Users\owner\Documents\efax.docx

[2011/01/10 14:59:44 | 000,165,438 | ---- | C] () -- C:\Users\owner\Documents\mlhp.docx

[2011/01/10 14:58:48 | 000,166,768 | ---- | C] () -- C:\Users\owner\Documents\sdfclfraud.docx

[2011/01/09 09:16:07 | 000,001,183 | ---- | C] () -- C:\Users\owner\Desktop\Downloads - Shortcut.lnk

[2011/01/08 16:12:18 | 000,002,039 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 12.lnk

[2011/01/08 16:12:18 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Zoner Photo Studio 12.lnk

[2011/01/08 11:24:17 | 000,000,923 | ---- | C] () -- C:\Users\owner\Desktop\MagicDisc.lnk

[2011/01/07 13:26:53 | 000,001,823 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

[2011/01/07 13:26:53 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2011/01/03 16:45:03 | 000,001,225 | ---- | C] () -- C:\Users\owner\Desktop\iSkysoft Video Converter.lnk

[2011/01/03 15:24:56 | 000,033,544 | ---- | C] () -- C:\Windows\System32\oodbs.lor

[2011/01/02 16:21:44 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\O&O Defrag.lnk

[2010/12/31 14:07:56 | 000,001,197 | ---- | C] () -- C:\Users\owner\Desktop\DVDVideoSoft Free Studio.lnk

[2010/12/25 00:57:19 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/12/08 10:06:39 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll

[2010/12/08 10:06:39 | 000,013,192 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys

[2010/12/08 10:06:39 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys

[2010/11/27 10:45:28 | 000,000,036 | ---- | C] () -- C:\Users\owner\AppData\Local\housecall.guid.cache

[2010/11/25 20:31:27 | 000,000,691 | ---- | C] () -- C:\Users\owner\AppData\Roaming\GetValue.vbs

[2010/11/25 20:31:27 | 000,000,035 | ---- | C] () -- C:\Users\owner\AppData\Roaming\SetValue.bat

[2010/11/12 12:23:13 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010/11/10 16:46:35 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini

[2010/11/10 15:36:32 | 000,087,608 | ---- | C] () -- C:\Users\owner\AppData\Roaming\inst.exe

[2010/11/10 15:36:32 | 000,007,887 | ---- | C] () -- C:\Users\owner\AppData\Roaming\pcouffin.cat

[2010/11/10 15:36:32 | 000,001,144 | ---- | C] () -- C:\Users\owner\AppData\Roaming\pcouffin.inf

[2010/11/10 12:34:07 | 000,436,792 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2010/11/01 13:06:18 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2010/10/09 16:02:56 | 000,000,417 | ---- | C] () -- C:\Windows\wininit.ini

[2010/10/09 15:22:33 | 000,157,777 | ---- | C] () -- C:\ProgramData\bdinstall.bin

[2010/09/29 19:54:51 | 000,001,057 | ---- | C] () -- C:\Users\owner\AppData\Roaming\vso_ts_preview.xml

[2010/09/05 13:43:47 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS

[2010/09/05 13:43:37 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI

[2010/09/03 18:04:03 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll

[2010/09/03 13:18:13 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/09/03 13:18:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010/09/03 13:18:07 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2010/09/03 13:18:07 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/09/03 13:18:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/09/03 13:18:05 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2008/09/11 12:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll

[2008/09/09 09:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll

[2008/09/09 09:38:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2008/03/12 11:52:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys

[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll

 

========== LOP Check ==========

 

[2010/11/08 15:00:09 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AnvSoft

[2010/11/25 17:32:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\BatteryBar

[2010/10/09 15:15:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Downloaded Installations

[2011/01/08 15:27:15 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dropbox

[2010/12/31 14:07:13 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DVDVideoSoft

[2010/12/31 14:08:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers

[2010/11/06 17:22:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Easeware

[2010/10/20 18:01:54 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\EPSON

[2010/10/08 12:42:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Free AVI MPEG WMV MP4 FLV Video Joiner

[2010/11/25 17:46:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\HandBrake

[2010/12/02 13:09:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ImgBurn

[2011/01/17 12:50:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\IObit

[2010/09/03 18:17:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\iolo

[2011/01/03 15:15:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Nitro PDF

[2010/09/03 13:14:53 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org

[2010/09/18 16:41:17 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Passware

[2011/01/17 13:31:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PCToolsFirewallPlus

[2010/10/09 15:24:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\QuickScan

[2010/09/03 19:38:32 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Softland

[2010/12/08 10:02:40 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Software Informer

[2011/01/17 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Sports Interactive

[2010/10/20 10:37:34 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Steganos VPN

[2010/11/25 22:00:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TeamViewer

[2010/09/05 01:54:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Thunderbird

[2010/09/04 13:02:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TomTom

[2010/11/03 16:17:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TuneUp Software

[2010/11/06 16:27:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Uniblue

[2011/01/17 17:24:46 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\uTorrent

[2011/01/08 20:11:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Vso

[2010/12/30 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinFF

[2010/09/18 16:41:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Youtube Downloader HD

[2011/01/08 16:14:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Zoner

[2011/01/17 11:58:25 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ZumoCast

[2011/01/22 08:54:28 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job

[2011/01/22 08:53:23 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job

[2010/12/16 18:48:22 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011/01/10 16:24:49 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E965A533

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C31F31E6

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF

 

< End of report >

Posted

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

 

:OTL
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value foundO3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value foundO3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value foundO4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

 

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

*******************************************************

Please download Rooter and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Posted

All processes killed

Error: Unable to interpret <O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.> in the current context!

Error: Unable to interpret <O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value foundO3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value foundO3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value foundO4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)> in the current context!

Error: Unable to interpret <O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found> in the current context!

Error: Unable to interpret <O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found> in the current context!

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: owner

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1173213 bytes

->Java cache emptied: 28876 bytes

->FireFox cache emptied: 41821697 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 525312 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 42.00 mb

 

 

OTL by OldTimer - Version 3.2.20.4 log created on 01232011_091713

 

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

Posted

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

 

You will need to enter your name, e-mail address and location in order to access the download page.

 

  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
     
  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)
    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

    [*]If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry

    [*]To clean up these entries click on the Clean up checked items button

    [*]If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up

    [*]Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so

    [*]When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now

.

Posted
Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

 

You will need to enter your name, e-mail address and location in order to access the download page.

  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)
    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

    [*]If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry

    [*]To clean up these entries click on the Clean up checked items button

    [*]If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up

    [*]Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so

    [*]When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now

.

 

 

Diferent set up it tried to install to programme files changed to root directory Running processes grey out.

Posted

Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Local\Temp\AT_seed29241.rnd

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available) Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Roaming\Thunderbird\Profiles\xq7pen2n.default\ImapMail\imap.mail.yahoo.com\Drafts.msf

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available) Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Roaming\Sports Interactive\Installer Launcher \settings\Version 791\temporary_folder_in_user_data_folder.xml

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available) Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Roaming\Sports Interactive\Installer Launcher \settings\Version 791\channel-assert.xml

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available)Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Roaming\Sports Interactive\Installer Launcher \settings\Version 791\channel-default.xml

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available) Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Roaming\Sports Interactive\Installer Launcher \settings\Version 791\channel-FILE_NAME_ERRORS.xml

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available)Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Roaming\Sports Interactive\Installer Launcher \settings\Version 791\channel-OPEN_FILE_CHANNEL.xml

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available) Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Roaming\Sports Interactive\Installer Launcher \settings\Version 791\channel-unit testing timings.xml

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available) Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Roaming\Sports Interactive\Installer Launcher \settings\Version 791\channel-unit testing errors.xml

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available)Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Roaming\Sports Interactive\Installer Launcher \settings\Version 791\channel-unit testing output.xml

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available)Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Roaming\Sports Interactive\Installer Launcher \settings\Version 791\channel-unit testing.xml

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail availableArea: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Roaming\Sports Interactive\Installer Launcher \settings\Version 791\channel-test log.xml

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available)Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Roaming\Sports Interactive\Installer Launcher \settings\Version 791\channel-machine.xml

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available)Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Roaming\Sports Interactive\Installer Launcher \settings\Version 791\channel-MEMORY_CHANNEL.xml

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available) Area: Local hard drives

Description: Unknown hidden file

Location: C:\Windows\System32\drivers\sptd.sys

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available)Area: Local hard drives

Description: Unknown hidden file

Location: C:\Users\owner\AppData\Local\Temp\AT_seed23083.rnd

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available)

Posted

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 13:30:22, on 2011-1-24

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Acer Bio Protection\CompPtcVUI.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Acer Bio Protection\BASVC.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\Program Files\Soluto\SolutoService.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Spybot

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Soluto\soluto.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Acer Bio Protection\PdtWzd.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\owner\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [VitaKeyPdtWzd] "C:\Program Files\Acer Bio Protection\PdtWzd.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O9 - Extra button: OneNote Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Acer Bio Protection\PwdBank.exe

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}ONLINESCANNER.OnlineScannerCtrl.1 - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_23 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}Java Plug-in 1.6.0_23 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_23 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

O23 - Service: AMD External Events Utility (AMD External Events Utility) - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe

O23 - Service: avast! Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Unknown - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: humyo.com (humyo.com) - humyo.com Ltd. - C:\Program Files\humyo SmartDrive\hrfscore.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files\Acer Bio Protection\BASVC.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe

O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown - C:\Program Files\Spybot.dll

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: TomTomHOMEService (TomTomHOMEService) - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

Posted

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Posted

C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\Program Files\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}\rbia.exe Win32/RegistryBooster application cleaned by deleting - quarantined

Posted

ran ccleaner

ran avast antivirus ok

ran 360 security ok (deleted 4 tracking cockies)

ran search and destroy ok

all above ran in safe mode

 

Deleted prefetch

deleted temp folder( empty thanks to ccleaner)

deleted all restore points.

 

Avast has just auto updated

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...