translation toolbar installed dropper and trojans

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

translation toolbar installed dropper and trojans

Post by makotochan on Fri 17 Dec 2010, 3:12 pm

First topic message reminder :

OTL logfile created on: 12/16/2010 10:14:05 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = E:\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 87.00% Memory free
12.00 Gb Paging File | 11.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 72.57 Gb Total Space | 8.70 Gb Free Space | 11.99% Space Free | Partition Type: NTFS
Drive D: | 79.81 Gb Total Space | 46.28 Gb Free Space | 57.98% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 497.46 Gb Free Space | 53.40% Space Free | Partition Type: NTFS
Drive F: | 76.89 Gb Total Space | 73.98 Gb Free Space | 96.21% Space Free | Partition Type: NTFS
Drive G: | 76.17 Gb Total Space | 71.58 Gb Free Space | 93.96% Space Free | Partition Type: NTFS
Drive H: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: THEMACHINE-PC | User Name: Makotochan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/16 22:12:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.com
PRC - [2010/12/13 19:23:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/12/13 19:23:59 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe


========== Modules (SafeList) ==========

MOD - [2010/12/16 22:12:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.com
MOD - [2010/12/05 14:48:49 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 20:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/06/10 16:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
MOD - [2009/06/10 16:14:54 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/26 08:58:08 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2006/10/11 17:36:58 | 000,561,152 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\dlcxcoms.exe -- (dlcx_device)
SRV - [2010/12/13 19:37:30 | 000,167,936 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Users\Makotochan\AppData\Local\Temp\F-Secure\Anti-Virus\fsblsrv.exe -- (F-Secure BlackLight Sensor)
SRV - [2010/12/10 18:57:21 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/02 21:16:37 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 00:21:06 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/01/12 07:15:52 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\BurnAware Free\NMSAccess32.exe -- (NMSAccess)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWow64\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/22 09:42:32 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/10/26 09:23:32 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/10/26 09:23:32 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/26 08:22:36 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/16 02:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/03/02 11:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/26 13:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 13:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 13:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 13:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/02/09 17:13:46 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/01/28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/23 18:07:34 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/05 03:33:22 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/03/05 03:33:22 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/23 00:21:54 | 000,014,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys -- (AODDriver)
DRV - [1999/09/10 18:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\aspi32.BAK -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 34 52 2C E3 9A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://netscape.aol.com/"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.3

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/07/29 12:42:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/05 14:48:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C465B7E3-4BFC-4EBD-B3C2-9767FA160916}: C:\Windows\system32\config\systemprofile\AppData\Local\{C465B7E3-4BFC-4EBD-B3C2-9767FA160916}\ [2010/12/11 16:02:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{11964B21-8964-4404-BEA9-BC5F895206E5}: C:\Users\Makotochan\AppData\Local\{11964B21-8964-4404-BEA9-BC5F895206E5} [2010/12/11 21:53:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/13 19:24:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/13 19:24:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Windows.old\Program Files\Mozilla Thunderbird\components [2010/12/10 19:08:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Windows.old\Program Files\Mozilla Thunderbird\plugins [2010/12/10 19:08:33 | 000,000,000 | ---D | M]

[2010/11/06 21:34:23 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Mozilla\Extensions
[2010/11/06 21:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Makotochan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/13 12:58:06 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Mozilla\Firefox\Profiles\lj2kfok5.default\extensions
[2010/11/17 22:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Makotochan\AppData\Roaming\Mozilla\Firefox\Profiles\lj2kfok5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/11/17 22:05:41 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Mozilla\Firefox\Profiles\lj2kfok5.default\extensions\djziggy@gmail.com
[2010/12/13 12:58:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/28 11:20:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 15:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/12/10 21:18:00 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2010/05/20 07:58:58 | 000,001,306 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [DLCXCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLCXtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] E:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Makotochan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/16 17:13:07 | 001,246,440 | R--- | M] (BioWare) - H:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/04/13 22:17:18 | 000,000,058 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{44661786-132f-11df-b653-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{44661786-132f-11df-b653-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe -- [2009/07/16 17:13:07 | 001,246,440 | R--- | M] (BioWare)
O33 - MountPoints2\{e6479beb-161c-11df-a064-0030672b8eac}\Shell - "" = AutoRun
O33 - MountPoints2\{e6479beb-161c-11df-a064-0030672b8eac}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: findad32 - (C:\Windows\system32\compPING.dll) - C:\Windows\SysWow64\compPING.dll File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DA3FEEA-0EDE-73B4-DFB8-BB152E551EE4} - Themes Setup
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/12/15 03:35:59 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010/12/15 03:35:59 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/15 03:35:59 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010/12/15 03:35:58 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/15 03:35:58 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010/12/15 03:35:58 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/15 03:35:58 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010/12/15 03:35:58 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010/12/15 03:35:55 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/12/15 03:35:54 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/15 03:35:54 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/12/15 03:35:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/15 03:35:49 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010/12/15 03:35:49 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010/12/15 03:35:43 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010/12/15 03:35:25 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/12/15 03:35:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/15 03:35:24 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/12/15 03:35:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/12/15 03:35:24 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/15 03:35:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/12/15 03:35:24 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/12/15 03:35:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/15 03:35:23 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/12/15 03:35:23 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/12/15 03:35:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/12/15 03:35:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/12/15 03:35:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/12/15 03:35:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/12/13 19:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/12/13 11:14:55 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/12/11 21:53:27 | 000,000,000 | ---D | C] -- C:\Users\Makotochan\AppData\Local\{11964B21-8964-4404-BEA9-BC5F895206E5}
[2010/12/10 19:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/12/05 14:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/12/05 14:48:44 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/12/05 14:48:39 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2010/12/05 14:48:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/12/05 14:48:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/11/26 12:40:27 | 000,000,000 | ---D | C] -- C:\Users\Makotochan\AppData\Local\Apple Computer
[2010/11/26 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\Makotochan\AppData\Roaming\Apple Computer
[2010/11/26 12:40:16 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/11/26 12:40:16 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/11/26 12:40:16 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/11/26 12:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/26 12:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/26 12:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/11/26 12:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/11/26 12:38:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/11/26 12:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/11/26 12:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/26 12:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/11/18 01:38:10 | 000,000,000 | ---D | C] -- C:\Users\Makotochan\AppData\Roaming\Nitro PDF
[2010/11/18 01:37:47 | 000,028,992 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon.dll
[2010/11/18 01:37:47 | 000,017,216 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui.dll
[2010/11/18 01:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2010/11/18 01:34:24 | 000,000,000 | ---D | C] -- C:\Users\Makotochan\AppData\Roaming\Downloaded Installations
[2010/11/18 01:20:58 | 000,000,000 | ---D | C] -- C:\Users\Makotochan\Documents\Scanned Documents
[2010/11/18 01:19:53 | 000,000,000 | ---D | C] -- C:\Users\Makotochan\AppData\Local\metier2000Apps
[2010/11/18 01:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\metier2000Apps
[2010/11/18 01:05:13 | 000,000,000 | ---D | C] -- C:\Users\Makotochan\AppData\Roaming\ScanToPDF_4
[2010/11/18 00:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\O Imaging Corporation
[2010/11/18 00:47:46 | 000,000,000 | ---D | C] --

makotochan

Rookie Surfer
Rookie Surfer

Posts : 64
Joined : 2009-10-01
Operating System : Win7 pro 64bit, Win 7 Home on laptop

View user profile

Back to top Go down


Re: translation toolbar installed dropper and trojans

Post by makotochan on Thu 30 Dec 2010, 3:56 pm

Ran combofix 4 times same thing it opens when progress bar get to the end it crashes then reboots then it keeps rebooting for 3 0r 4 times then is stable and may or may not reboot immediately .

makotochan

Rookie Surfer
Rookie Surfer

Posts : 64
Joined : 2009-10-01
Operating System : Win7 pro 64bit, Win 7 Home on laptop

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on Fri 31 Dec 2010, 11:50 pm

Hello.

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: [You must be registered and logged in to see this link.]
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL C
  • Open a Notepad and press CTRL V
  • Post the output back here.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on Sat 01 Jan 2011, 7:12 pm

computer will not stop booting .... as soon as it gets to desktop it reboots.

makotochan

Rookie Surfer
Rookie Surfer

Posts : 64
Joined : 2009-10-01
Operating System : Win7 pro 64bit, Win 7 Home on laptop

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on Sun 02 Jan 2011, 12:01 pm

Hello.
Try this.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on Tue 04 Jan 2011, 5:16 pm

here is the otlpe log:
OTL logfile created on: 1/4/2011 1:01:02 AM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 72.57 Gb Total Space | 9.49 Gb Free Space | 13.08% Space Free | Partition Type: NTFS
Drive D: | 79.81 Gb Total Space | 45.62 Gb Free Space | 57.16% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 481.56 Gb Free Space | 51.70% Space Free | Partition Type: NTFS
Drive F: | 76.89 Gb Total Space | 73.98 Gb Free Space | 96.21% Space Free | Partition Type: NTFS
Drive G: | 76.17 Gb Total Space | 71.57 Gb Free Space | 93.95% Space Free | Partition Type: NTFS
Drive M: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/26 08:58:08 | 000,203,264 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/02/24 18:46:30 | 001,255,736 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/07/13 20:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 20:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 20:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 20:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 20:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 20:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 20:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 20:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 20:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 20:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\System32\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 20:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 20:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 20:39:56 | 001,525,248 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2009/07/13 20:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 20:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 20:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FXSSVC.exe -- (Fax)
SRV:64bit: - [2006/10/11 17:36:58 | 000,561,152 | ---- | M] ( ) [Auto] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2010/12/10 18:57:21 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/02 21:16:37 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 13:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/10 15:30:59 | 000,042,840 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 15:30:45 | 000,856,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/02/23 00:21:06 | 000,069,632 | ---- | M] () [Auto] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/01/12 07:15:52 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files (x86)\BurnAware Free\NMSAccess32.exe -- (NMSAccess)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto] -- C:\Windows\SysWow64\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/22 09:42:32 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/10/26 09:23:32 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/10/26 09:23:32 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/26 08:22:36 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/16 02:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/03/02 11:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/26 13:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 13:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 13:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 13:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/01/28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/11 05:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/10/28 11:40:58 | 002,018,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTKVHD64.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:64bit: - [2009/09/26 01:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/23 18:07:34 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV:64bit: - [2009/07/13 20:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009/07/13 20:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV:64bit: - [2009/07/13 20:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV:64bit: - [2009/07/13 20:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV:64bit: - [2009/07/13 20:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2009/07/13 20:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009/07/13 20:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009/07/13 20:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009/07/13 20:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV:64bit: - [2009/07/13 20:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV:64bit: - [2009/07/13 20:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 20:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 20:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 20:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 20:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 20:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009/07/13 20:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 20:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 20:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV:64bit: - [2009/07/13 20:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV:64bit: - [2009/07/13 20:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 20:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV:64bit: - [2009/07/13 20:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009/07/13 20:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 20:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV:64bit: - [2009/07/13 20:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2009/07/13 19:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 19:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 19:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 19:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 19:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 19:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 19:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 19:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 19:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 19:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/13 19:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 19:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 19:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 19:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 19:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 18:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 18:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 18:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 18:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 18:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 18:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 18:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 18:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 18:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 18:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 15:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009/06/10 15:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009/06/10 15:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009/06/10 15:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009/06/10 15:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/03/05 03:33:22 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System] -- C:\Windows\System32\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/05 03:33:22 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/23 00:21:54 | 000,014,904 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys -- (AODDriver)
DRV - [1999/09/10 18:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\Windows\SysWow64\drivers\aspi32.BAK -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274


IE - HKU\Makotochan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKU\Makotochan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Makotochan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 34 52 2C E3 9A CB 01 [binary data]
IE - HKU\Makotochan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Makotochan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local
IE - HKU\Makotochan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555




[2010/12/30 02:44:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/28 11:20:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 00:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 15:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/12/10 21:18:00 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2010/12/21 00:45:33 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKU\Makotochan_ON_C\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\x64\3\DLCXtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] E:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [JP595IR86O] C:\Windows\TEMP\Phv.exe File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Makotochan_ON_C..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\Makotochan_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Makotochan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/16 17:13:07 | 001,246,440 | R--- | M] (BioWare) - M:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/04/13 22:17:18 | 000,000,058 | R--- | M] () - M:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{44661786-132f-11df-b653-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{44661786-132f-11df-b653-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{e6479beb-161c-11df-a064-0030672b8eac}\Shell - "" = AutoRun
O33 - MountPoints2\{e6479beb-161c-11df-a064-0030672b8eac}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/31 01:25:05 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/12/24 03:41:04 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Makotochan\Desktop\OTL.com
[2010/12/22 00:19:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/12/22 00:19:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/12/22 00:19:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/12/19 00:39:56 | 000,000,000 | ---D | C] -- C:\Users\Makotochan\Desktop\GooredFix Backups
[2010/12/19 00:39:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Makotochan\Desktop\GooredFix.exe
[2010/12/15 03:36:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzres.dll
[2010/12/15 03:35:59 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/15 03:35:59 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/15 03:35:59 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2010/12/15 03:35:58 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/15 03:35:58 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/15 03:35:58 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/15 03:35:58 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010/12/15 03:35:58 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010/12/15 03:35:55 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/15 03:35:54 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/15 03:35:54 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/15 03:35:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/15 03:35:49 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010/12/15 03:35:49 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010/12/15 03:35:43 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/15 03:35:30 | 002,447,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2010/12/15 03:35:30 | 002,063,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2010/12/15 03:35:29 | 001,026,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/15 03:35:28 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/12/15 03:35:26 | 001,194,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2010/12/15 03:35:25 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/12/15 03:35:25 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/15 03:35:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/15 03:35:24 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/15 03:35:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/12/15 03:35:24 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/15 03:35:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/15 03:35:24 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/15 03:35:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/12/15 03:35:24 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2010/12/15 03:35:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/15 03:35:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2010/12/15 03:35:23 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/15 03:35:23 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/12/15 03:35:23 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/15 03:35:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/12/15 03:35:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/15 03:35:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/15 03:35:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/12/15 03:35:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/12/15 03:35:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/12/15 03:35:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/13 11:14:55 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/12/10 19:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/12/05 14:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/12/05 14:48:44 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/12/05 14:48:39 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2010/12/05 14:48:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/12/05 14:48:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/02/10 19:31:14 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxserv.dll
[2010/02/10 19:31:14 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxusb1.dll
[2010/02/10 19:31:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxhbn3.dll
[2010/02/10 19:31:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomc.dll
[2010/02/10 19:31:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpmui.dll
[2010/02/10 19:31:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxlmpm.dll
[2010/02/10 19:31:14 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomm.dll
[2010/02/10 19:31:14 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxinpa.dll
[2010/02/10 19:31:14 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxiesc.dll
[2010/02/10 19:31:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxprox.dll
[2010/02/10 19:31:14 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpplc.dll
[2010/02/09 17:13:46 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Makotochan\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/01/01 03:52:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/01 03:52:21 | 334,995,455 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/30 02:18:33 | 000,014,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/30 02:18:33 | 000,014,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/30 02:14:12 | 000,632,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/30 02:14:12 | 000,110,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/30 00:56:57 | 000,001,146 | ---- | M] () -- C:\Users\Makotochan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/21 00:45:33 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/19 00:38:58 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Makotochan\Desktop\GooredFix.exe
[2010/12/18 01:28:32 | 003,993,691 | ---- | M] () -- C:\Users\Makotochan\Desktop\commy.exe
[2010/12/16 22:35:46 | 000,000,804 | ---- | M] () -- C:\Users\Makotochan\Desktop\cpuz.exe - Shortcut.lnk
[2010/12/16 22:12:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Makotochan\Desktop\OTL.com
[2010/12/16 03:22:18 | 000,292,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/10 21:18:30 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/12/10 21:17:43 | 000,001,112 | ---- | M] () -- C:\Windows\SysWow64\Improve Your PC.lnk
[2010/12/07 19:10:59 | 000,001,032 | ---- | M] () -- C:\Users\Makotochan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/12/07 19:10:59 | 000,001,008 | ---- | M] () -- C:\Users\Makotochan\Desktop\DVDFab 8.lnk
[2010/12/07 18:56:50 | 000,000,507 | ---- | M] () -- C:\Users\Makotochan\Desktop\Major Hell (E) - Shortcut.lnk
[2010/12/05 14:48:44 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/12/05 14:48:39 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2010/12/05 14:48:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/12/05 14:48:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/12/05 14:48:35 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/12/05 14:48:35 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll

========== Files Created - No Company Name ==========

[2010/12/19 23:47:08 | 000,001,146 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/18 01:44:08 | 003,993,691 | ---- | C] () -- C:\Users\Makotochan\Desktop\commy.exe
[2010/12/16 22:35:46 | 000,000,804 | ---- | C] () -- C:\Users\Makotochan\Desktop\cpuz.exe - Shortcut.lnk
[2010/12/10 21:18:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/10 21:17:43 | 000,001,112 | ---- | C] () -- C:\Windows\SysWow64\Improve Your PC.lnk
[2010/12/07 18:56:50 | 000,000,507 | ---- | C] () -- C:\Users\Makotochan\Desktop\Major Hell (E) - Shortcut.lnk
[2010/11/12 21:26:16 | 000,000,098 | ---- | C] () -- C:\Users\Makotochan\AppData\Local\fusioncache.dat
[2010/11/12 02:21:37 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/11 22:40:35 | 000,001,041 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\vso_ts_preview.xml
[2010/11/08 22:40:11 | 000,004,608 | ---- | C] () -- C:\Users\Makotochan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/03 21:40:36 | 000,007,621 | ---- | C] () -- C:\Users\Makotochan\AppData\Local\resmon.resmoncfg
[2010/06/27 13:27:06 | 000,000,383 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\burnaware.ini
[2010/02/10 19:31:14 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\dlcxutil.dll
[2010/02/10 19:31:14 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\dlcxinst.dll
[2010/02/10 19:31:14 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsb.dll
[2010/02/10 19:31:14 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxins.dll
[2010/02/10 19:31:14 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\dlcxjswr.dll
[2010/02/10 19:31:14 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsr.dll
[2010/02/10 19:31:14 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlcxcub.dll
[2010/02/10 19:31:14 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlcxcu.dll
[2010/02/10 19:31:14 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\DLCXcfg.dll
[2010/02/10 19:31:14 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlcxcur.dll
[2010/02/09 17:14:12 | 000,000,034 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\pcouffin.log
[2010/02/09 17:13:46 | 000,099,384 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\inst.exe
[2010/02/09 17:13:46 | 000,007,859 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\pcouffin.cat
[2010/02/09 17:13:46 | 000,001,167 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\pcouffin.inf
[2010/02/07 23:10:28 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/02/06 01:30:01 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2002/10/01 19:38:34 | 000,011,616 | R--- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS

========== LOP Check ==========

[2010/11/18 00:47:46 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/18 01:36:36 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Downloaded Installations
[2010/06/17 23:13:31 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\DVDFab
[2010/02/06 17:05:26 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\ImgBurn
[2010/05/02 22:22:27 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Mobipocket
[2010/11/18 01:38:10 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Nitro PDF
[2010/05/02 22:48:03 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Nokia
[2010/02/15 00:00:36 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\OpenOffice.org
[2010/05/20 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\PC Suite
[2010/12/30 02:45:54 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\QuickScan
[2010/11/17 22:16:36 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Scan2PDF
[2010/11/18 01:05:13 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\ScanToPDF_4
[2010/11/06 21:34:22 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Thunderbird
[2010/12/29 23:16:39 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\uTorrent
[2010/12/07 19:11:00 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Vso
[2010/12/20 14:26:16 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences
< End of report >

makotochan

Rookie Surfer
Rookie Surfer

Posts : 64
Joined : 2009-10-01
Operating System : Win7 pro 64bit, Win 7 Home on laptop

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on Wed 05 Jan 2011, 9:16 am

Hello.

Please run OTLPE.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKU\.DEFAULT..\Run: [JP595IR86O] C:\Windows\TEMP\Phv.exe File not found

    :commands
    [emptytemp]
    [resethosts]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on Wed 05 Jan 2011, 4:16 pm

========== COMMANDS ==========

[EMPTYTEMP]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.43.0 log created on 01052011_001349

makotochan

Rookie Surfer
Rookie Surfer

Posts : 64
Joined : 2009-10-01
Operating System : Win7 pro 64bit, Win 7 Home on laptop

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on Thu 06 Jan 2011, 11:46 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on Sat 08 Jan 2011, 6:25 am

tried to boot into win7pro and it only reboots when it gets to the desktop. I can't get into windows and I'm getting an error saying my S.M.A.R.T on my secondary slave is now bad backup and remove drive ... this is getting crazy is there any thing else I can DO ... or should I scrap this installation and do a clean install ?

makotochan

Rookie Surfer
Rookie Surfer

Posts : 64
Joined : 2009-10-01
Operating System : Win7 pro 64bit, Win 7 Home on laptop

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on Sun 09 Jan 2011, 10:03 am

That choice is upto you, if you feel it's easier and quicker than this, then go for it.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on Mon 10 Jan 2011, 9:13 am

I would like to save this install. what is next ?

makotochan

Rookie Surfer
Rookie Surfer

Posts : 64
Joined : 2009-10-01
Operating System : Win7 pro 64bit, Win 7 Home on laptop

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on Mon 10 Jan 2011, 10:50 am

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on Mon 10 Jan 2011, 10:50 am

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on Mon 10 Jan 2011, 11:27 am

OTL logfile created on: 1/9/2011 7:19:35 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 481.52 Gb Free Space | 51.69% Space Free | Partition Type: NTFS
Drive D: | 72.57 Gb Total Space | 9.38 Gb Free Space | 12.92% Space Free | Partition Type: NTFS
Drive J: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/26 08:58:08 | 000,203,264 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto] -- D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/02/24 18:46:30 | 001,255,736 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/07/13 20:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 20:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 20:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 20:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 20:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 20:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 20:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 20:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 20:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 20:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\System32\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 20:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 20:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 20:39:56 | 001,525,248 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2009/07/13 20:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 20:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 20:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\FXSSVC.exe -- (Fax)
SRV:64bit: - [2006/10/11 17:36:58 | 000,561,152 | ---- | M] ( ) [Auto] -- D:\Windows\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2010/12/10 18:57:21 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/02 21:16:37 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto] -- D:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- D:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 13:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/10 15:30:59 | 000,042,840 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 15:30:45 | 000,856,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/02/23 00:21:06 | 000,069,632 | ---- | M] () [Auto] -- D:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/01/12 07:15:52 | 000,071,096 | ---- | M] () [Auto] -- D:\Program Files (x86)\BurnAware Free\NMSAccess32.exe -- (NMSAccess)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto] -- D:\Windows\SysWow64\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/22 09:42:32 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/10/26 09:23:32 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/10/26 09:23:32 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/26 08:22:36 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/16 02:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/03/02 11:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/26 13:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 13:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 13:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 13:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/01/28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/11 05:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/10/28 11:40:58 | 002,018,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RTKVHD64.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:64bit: - [2009/09/26 01:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/23 18:07:34 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV:64bit: - [2009/07/13 20:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009/07/13 20:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV:64bit: - [2009/07/13 20:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV:64bit: - [2009/07/13 20:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- D:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV:64bit: - [2009/07/13 20:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2009/07/13 20:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009/07/13 20:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009/07/13 20:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009/07/13 20:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV:64bit: - [2009/07/13 20:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV:64bit: - [2009/07/13 20:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 20:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 20:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 20:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 20:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 20:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009/07/13 20:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 20:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 20:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV:64bit: - [2009/07/13 20:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV:64bit: - [2009/07/13 20:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 20:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV:64bit: - [2009/07/13 20:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009/07/13 20:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 20:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV:64bit: - [2009/07/13 20:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2009/07/13 19:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 19:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 19:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 19:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 19:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 19:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 19:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 19:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 19:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 19:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/13 19:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 19:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 19:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 19:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 19:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 18:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 18:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 18:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 18:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 18:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 18:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 18:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 18:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 18:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 18:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 15:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009/06/10 15:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009/06/10 15:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009/06/10 15:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009/06/10 15:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/03/05 03:33:22 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System] -- D:\Windows\System32\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/05 03:33:22 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System] -- D:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- D:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/23 00:21:54 | 000,014,904 | ---- | M] () [Kernel | On_Demand] -- D:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys -- (AODDriver)
DRV - [1999/09/10 18:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto] -- D:\Windows\SysWow64\drivers\aspi32.BAK -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274


IE - HKU\Makotochan_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKU\Makotochan_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Makotochan_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 34 52 2C E3 9A CB 01 [binary data]
IE - HKU\Makotochan_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Makotochan_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local
IE - HKU\Makotochan_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555




[2010/12/30 02:44:49 | 000,000,000 | ---D | M] -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/28 11:20:21 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 00:19:21 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 15:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/12/10 21:18:00 | 000,001,919 | ---- | M] () -- D:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/01/05 00:13:50 | 000,000,098 | ---- | M]) - D:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKU\Makotochan_ON_D\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [DLCXCATS] D:\Windows\System32\spool\DRIVERS\x64\3\DLCXtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcxmon.exe] D:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [MemoryCardManager] D:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] D:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] E:\Program Files (x86)\iTunesHelper.exe File not found
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files (x86)\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [JP595IR86O] D:\Windows\TEMP\Phv.exe File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Makotochan_ON_D..\Run: [PC Suite Tray] D:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\Makotochan_ON_D..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Makotochan_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - D:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - D:\Windows\System32\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (pku2u) - D:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - D:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/16 17:13:07 | 001,246,440 | R--- | M] (BioWare) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/04/13 22:17:18 | 000,000,058 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2011/01/04 23:55:40 | 000,553,984 | R--- | C] (OldTimer Tools) -- D:\OTLPE.exe
[2011/01/04 23:55:36 | 000,000,000 | ---D | C] -- D:\_OTL
[2010/12/31 01:25:05 | 000,000,000 | R--D | C] -- D:\32788R22FWJFW
[2010/12/22 00:19:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaws.exe
[2010/12/22 00:19:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaw.exe
[2010/12/22 00:19:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\java.exe
[2010/12/15 03:36:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tzres.dll
[2010/12/15 03:35:59 | 001,169,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\taskschd.dll
[2010/12/15 03:35:59 | 000,524,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wmicmiplugin.dll
[2010/12/15 03:35:59 | 000,464,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\taskeng.exe
[2010/12/15 03:35:58 | 000,496,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\taskschd.dll
[2010/12/15 03:35:58 | 000,473,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\taskcomp.dll
[2010/12/15 03:35:58 | 000,305,152 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\taskcomp.dll
[2010/12/15 03:35:58 | 000,285,696 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\schtasks.exe
[2010/12/15 03:35:58 | 000,179,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\schtasks.exe
[2010/12/15 03:35:55 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\System32\atmfd.dll
[2010/12/15 03:35:54 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\atmfd.dll
[2010/12/15 03:35:54 | 000,046,080 | ---- | C] (Adobe Systems) -- D:\Windows\System32\atmlib.dll
[2010/12/15 03:35:54 | 000,034,304 | ---- | C] (Adobe Systems) -- D:\Windows\SysWow64\atmlib.dll
[2010/12/15 03:35:49 | 000,395,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\webio.dll
[2010/12/15 03:35:49 | 000,314,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\webio.dll
[2010/12/15 03:35:43 | 000,112,000 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\consent.exe
[2010/12/15 03:35:30 | 002,447,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iertutil.dll
[2010/12/15 03:35:30 | 002,063,360 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iertutil.dll
[2010/12/15 03:35:29 | 001,026,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mstime.dll
[2010/12/15 03:35:28 | 000,606,208 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mstime.dll
[2010/12/15 03:35:26 | 001,194,496 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wininet.dll
[2010/12/15 03:35:25 | 000,978,944 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wininet.dll
[2010/12/15 03:35:25 | 000,703,488 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2010/12/15 03:35:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2010/12/15 03:35:24 | 000,445,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iedkcs32.dll
[2010/12/15 03:35:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iedkcs32.dll
[2010/12/15 03:35:24 | 000,256,000 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2010/12/15 03:35:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2010/12/15 03:35:24 | 000,185,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2010/12/15 03:35:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2010/12/15 03:35:24 | 000,097,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2010/12/15 03:35:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2010/12/15 03:35:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtml.tlb
[2010/12/15 03:35:23 | 000,482,816 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2010/12/15 03:35:23 | 000,386,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2010/12/15 03:35:23 | 000,082,944 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedsbs.dll
[2010/12/15 03:35:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedsbs.dll
[2010/12/15 03:35:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2010/12/15 03:35:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2010/12/15 03:35:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jsproxy.dll
[2010/12/15 03:35:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2010/12/15 03:35:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2010/12/15 03:35:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2010/12/13 11:14:55 | 001,974,616 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\D3DCompiler_42.dll
[2010/12/10 19:08:14 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\QuickTime
[2010/12/05 14:48:50 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\xing shared
[2010/12/05 14:48:44 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\rmoc3260.dll
[2010/12/05 14:48:39 | 000,272,896 | ---- | C] (Progressive Networks) -- D:\Windows\SysWow64\pncrt.dll
[2010/12/05 14:48:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\pndx5016.dll
[2010/12/05 14:48:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\pndx5032.dll
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- D:\Windows\SysWow64\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- D:\Windows\SysWow64\QuickTime.qts
[2010/11/26 12:40:16 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- D:\Windows\System32\GEARAspi64.dll
[2010/11/26 12:40:16 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- D:\Windows\SysWow64\GEARAspi.dll
[2010/11/26 12:40:01 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes
[2010/11/26 12:40:01 | 000,000,000 | ---D | C] -- D:\Program Files\iPod
[2010/11/26 12:38:08 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Apple Software Update
[2010/11/26 12:37:24 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Apple
[2010/11/26 12:37:09 | 000,000,000 | ---D | C] -- D:\Program Files\Bonjour
[2010/11/26 12:37:09 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Bonjour
[2010/11/18 01:37:47 | 000,028,992 | ---- | C] (Nitro PDF Software) -- D:\Windows\System32\nitrolocalmon.dll
[2010/11/18 01:37:47 | 000,017,216 | ---- | C] (Nitro PDF Software) -- D:\Windows\System32\nitrolocalui.dll
[2010/11/18 00:55:06 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\O Imaging Corporation
[2010/11/18 00:28:02 | 000,112,056 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\acaptuser32.dll
[2010/11/17 21:47:12 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\SimpleOCR
[2010/11/17 21:16:15 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Acro Software
[2010/11/13 21:13:51 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Google
[2010/11/12 02:21:05 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\URTTEMP
[2010/11/11 22:40:09 | 000,626,688 | ---- | C] (On2.com) -- D:\Windows\SysWow64\vp7vfw.dll
[2010/11/11 22:40:09 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\drv43260.dll
[2010/11/11 22:40:09 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\drv33260.dll
[2010/11/11 22:40:09 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\drv23260.dll
[2010/11/11 22:40:09 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\sipr3260.dll
[2010/11/11 22:40:09 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\cook3260.dll
[2010/11/11 22:40:08 | 001,184,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wvc1dmod.dll
[2010/11/11 22:40:08 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\VSO
[2010/11/11 20:58:41 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Pando Networks
[2010/02/10 19:31:14 | 001,224,704 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxserv.dll
[2010/02/10 19:31:14 | 000,991,232 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxusb1.dll
[2010/02/10 19:31:14 | 000,696,320 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxhbn3.dll
[2010/02/10 19:31:14 | 000,684,032 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxcomc.dll
[2010/02/10 19:31:14 | 000,643,072 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxpmui.dll
[2010/02/10 19:31:14 | 000,585,728 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxlmpm.dll
[2010/02/10 19:31:14 | 000,421,888 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxcomm.dll
[2010/02/10 19:31:14 | 000,413,696 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxinpa.dll
[2010/02/10 19:31:14 | 000,397,312 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxiesc.dll
[2010/02/10 19:31:14 | 000,163,840 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxprox.dll
[2010/02/10 19:31:14 | 000,094,208 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxpplc.dll

========== Files - Modified Within 60 Days ==========

[2011/01/09 17:04:45 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2011/01/09 17:04:26 | 334,995,455 | -HS- | M] () -- D:\hiberfil.sys
[2011/01/05 00:13:50 | 000,000,098 | ---- | M] () -- D:\Windows\System32\drivers\etc\Hosts
[2010/12/30 02:18:33 | 000,014,864 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/30 02:18:33 | 000,014,864 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/30 02:14:12 | 000,632,708 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2010/12/30 02:14:12 | 000,110,342 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2010/12/16 03:22:18 | 000,292,912 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2010/12/10 21:18:30 | 000,000,000 | ---- | M] () -- D:\Windows\nsreg.dat
[2010/12/10 21:17:43 | 000,001,112 | ---- | M] () -- D:\Windows\SysWow64\Improve Your PC.lnk
[2010/12/05 14:48:44 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- D:\Windows\SysWow64\rmoc3260.dll
[2010/12/05 14:48:39 | 000,272,896 | ---- | M] (Progressive Networks) -- D:\Windows\SysWow64\pncrt.dll
[2010/12/05 14:48:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- D:\Windows\SysWow64\pndx5016.dll
[2010/12/05 14:48:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- D:\Windows\SysWow64\pndx5032.dll
[2010/12/05 14:48:35 | 000,499,712 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msvcp71.dll
[2010/12/05 14:48:35 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msvcr71.dll
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- D:\Windows\SysWow64\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- D:\Windows\SysWow64\QuickTime.qts
[2010/11/22 09:42:32 | 000,083,120 | ---- | M] (Avira GmbH) -- D:\Windows\System32\drivers\avgntflt.sys
[2010/11/18 09:37:27 | 000,002,560 | ---- | M] () -- D:\Windows\_MSRSTRT.EXE
[2010/11/12 18:53:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaws.exe
[2010/11/12 18:53:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaw.exe
[2010/11/12 18:53:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\java.exe
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\deployJava1.dll
[2010/11/12 02:22:38 | 000,755,554 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2010/12/10 21:18:30 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2010/12/10 21:17:43 | 000,001,112 | ---- | C] () -- D:\Windows\SysWow64\Improve Your PC.lnk
[2010/11/18 09:37:27 | 000,002,560 | ---- | C] () -- D:\Windows\_MSRSTRT.EXE
[2010/11/12 02:21:37 | 000,755,554 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/10 19:31:14 | 000,454,656 | ---- | C] () -- D:\Windows\SysWow64\dlcxutil.dll
[2010/02/10 19:31:14 | 000,274,432 | ---- | C] () -- D:\Windows\SysWow64\dlcxinst.dll
[2010/02/10 19:31:14 | 000,176,128 | ---- | C] () -- D:\Windows\SysWow64\dlcxinsb.dll
[2010/02/10 19:31:14 | 000,176,128 | ---- | C] () -- D:\Windows\SysWow64\dlcxins.dll
[2010/02/10 19:31:14 | 000,139,264 | ---- | C] () -- D:\Windows\SysWow64\dlcxjswr.dll
[2010/02/10 19:31:14 | 000,106,496 | ---- | C] () -- D:\Windows\SysWow64\dlcxinsr.dll
[2010/02/10 19:31:14 | 000,086,016 | ---- | C] () -- D:\Windows\SysWow64\dlcxcub.dll
[2010/02/10 19:31:14 | 000,073,728 | ---- | C] () -- D:\Windows\SysWow64\dlcxcu.dll
[2010/02/10 19:31:14 | 000,073,728 | ---- | C] () -- D:\Windows\SysWow64\DLCXcfg.dll
[2010/02/10 19:31:14 | 000,036,864 | ---- | C] () -- D:\Windows\SysWow64\dlcxcur.dll
[2010/02/07 23:10:28 | 000,000,025 | ---- | C] () -- D:\Windows\cdplayer.ini
[2010/02/06 01:30:01 | 000,085,504 | ---- | C] () -- D:\Windows\SysWow64\ff_vfw.dll
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- D:\Windows\SysWow64\ICCProfiles.dll
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- D:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelFrench.dll
[2002/10/01 19:38:34 | 000,011,616 | R--- | C] () -- D:\Windows\SysWow64\drivers\SECDRV.SYS

========== LOP Check ==========

[2010/12/20 14:26:16 | 000,032,534 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> D:\Windows:nlsPreferences
< End of report >

makotochan

Rookie Surfer
Rookie Surfer

Posts : 64
Joined : 2009-10-01
Operating System : Win7 pro 64bit, Win 7 Home on laptop

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on Tue 11 Jan 2011, 11:25 am

Bear in mind we may not be able to fix this if the HDD is bad, and you may need to buy a new one, or format if system files are damaged.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on Tue 11 Jan 2011, 5:14 pm

tried to get into windows 7 pro then it crashed saying MBR corrupted.. figured I'm done with this.. inserted Win7 pro disk and said install .sorry but thank you for all the help.

makotochan

Rookie Surfer
Rookie Surfer

Posts : 64
Joined : 2009-10-01
Operating System : Win7 pro 64bit, Win 7 Home on laptop

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on Tue 25 Jan 2011, 7:31 am

thank you for all the help . I did a full clean install and immediately put avira on the system then ran MBAM to make sure nothing was picked up in the span of time it took me to get the latest version downloaded and everything is ok. thank you for your help .

makotochan

Rookie Surfer
Rookie Surfer

Posts : 64
Joined : 2009-10-01
Operating System : Win7 pro 64bit, Win 7 Home on laptop

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Sponsored content Today at 7:41 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum