translation toolbar installed dropper and trojans

View previous topic View next topic Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on 30th December 2010, 4:56 am

Ran combofix 4 times same thing it opens when progress bar get to the end it crashes then reboots then it keeps rebooting for 3 0r 4 times then is stable and may or may not reboot immediately .

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on 31st December 2010, 12:50 pm

Hello.

Download [You must be registered and logged in to see this link.] to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: [You must be registered and logged in to see this link.]
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL C
  • Open a Notepad and press CTRL V
  • Post the output back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on 1st January 2011, 8:12 am

computer will not stop booting .... as soon as it gets to desktop it reboots.

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on 2nd January 2011, 1:01 am

Hello.
Try this.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on 4th January 2011, 6:16 am

here is the otlpe log:
OTL logfile created on: 1/4/2011 1:01:02 AM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 72.57 Gb Total Space | 9.49 Gb Free Space | 13.08% Space Free | Partition Type: NTFS
Drive D: | 79.81 Gb Total Space | 45.62 Gb Free Space | 57.16% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 481.56 Gb Free Space | 51.70% Space Free | Partition Type: NTFS
Drive F: | 76.89 Gb Total Space | 73.98 Gb Free Space | 96.21% Space Free | Partition Type: NTFS
Drive G: | 76.17 Gb Total Space | 71.57 Gb Free Space | 93.95% Space Free | Partition Type: NTFS
Drive M: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/26 08:58:08 | 000,203,264 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/02/24 18:46:30 | 001,255,736 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/07/13 20:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 20:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 20:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 20:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 20:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 20:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 20:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 20:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 20:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 20:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\System32\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 20:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 20:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 20:39:56 | 001,525,248 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2009/07/13 20:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 20:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 20:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FXSSVC.exe -- (Fax)
SRV:64bit: - [2006/10/11 17:36:58 | 000,561,152 | ---- | M] ( ) [Auto] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2010/12/10 18:57:21 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/02 21:16:37 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 13:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/10 15:30:59 | 000,042,840 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 15:30:45 | 000,856,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/02/23 00:21:06 | 000,069,632 | ---- | M] () [Auto] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/01/12 07:15:52 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files (x86)\BurnAware Free\NMSAccess32.exe -- (NMSAccess)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto] -- C:\Windows\SysWow64\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/22 09:42:32 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/10/26 09:23:32 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/10/26 09:23:32 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/26 08:22:36 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/16 02:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/03/02 11:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/26 13:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 13:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 13:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 13:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/01/28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/11 05:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/10/28 11:40:58 | 002,018,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTKVHD64.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:64bit: - [2009/09/26 01:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/23 18:07:34 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV:64bit: - [2009/07/13 20:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009/07/13 20:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV:64bit: - [2009/07/13 20:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV:64bit: - [2009/07/13 20:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV:64bit: - [2009/07/13 20:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2009/07/13 20:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009/07/13 20:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009/07/13 20:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009/07/13 20:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV:64bit: - [2009/07/13 20:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV:64bit: - [2009/07/13 20:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 20:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 20:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 20:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 20:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 20:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009/07/13 20:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 20:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 20:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV:64bit: - [2009/07/13 20:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV:64bit: - [2009/07/13 20:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 20:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV:64bit: - [2009/07/13 20:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009/07/13 20:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 20:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV:64bit: - [2009/07/13 20:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2009/07/13 19:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 19:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 19:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 19:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 19:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 19:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 19:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 19:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 19:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 19:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/13 19:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 19:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 19:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 19:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 19:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 18:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 18:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 18:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 18:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 18:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 18:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 18:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 18:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 18:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 18:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 15:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009/06/10 15:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009/06/10 15:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009/06/10 15:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009/06/10 15:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/03/05 03:33:22 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System] -- C:\Windows\System32\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/05 03:33:22 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/23 00:21:54 | 000,014,904 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys -- (AODDriver)
DRV - [1999/09/10 18:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\Windows\SysWow64\drivers\aspi32.BAK -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274


IE - HKU\Makotochan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKU\Makotochan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Makotochan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 34 52 2C E3 9A CB 01 [binary data]
IE - HKU\Makotochan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Makotochan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local
IE - HKU\Makotochan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555




[2010/12/30 02:44:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/28 11:20:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 00:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 15:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/12/10 21:18:00 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2010/12/21 00:45:33 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKU\Makotochan_ON_C\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\x64\3\DLCXtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] E:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [JP595IR86O] C:\Windows\TEMP\Phv.exe File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Makotochan_ON_C..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\Makotochan_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Makotochan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/16 17:13:07 | 001,246,440 | R--- | M] (BioWare) - M:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/04/13 22:17:18 | 000,000,058 | R--- | M] () - M:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{44661786-132f-11df-b653-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{44661786-132f-11df-b653-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{e6479beb-161c-11df-a064-0030672b8eac}\Shell - "" = AutoRun
O33 - MountPoints2\{e6479beb-161c-11df-a064-0030672b8eac}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/31 01:25:05 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/12/24 03:41:04 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Makotochan\Desktop\OTL.com
[2010/12/22 00:19:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/12/22 00:19:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/12/22 00:19:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/12/19 00:39:56 | 000,000,000 | ---D | C] -- C:\Users\Makotochan\Desktop\GooredFix Backups
[2010/12/19 00:39:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Makotochan\Desktop\GooredFix.exe
[2010/12/15 03:36:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzres.dll
[2010/12/15 03:35:59 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/15 03:35:59 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/15 03:35:59 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2010/12/15 03:35:58 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/15 03:35:58 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/15 03:35:58 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/15 03:35:58 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010/12/15 03:35:58 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010/12/15 03:35:55 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/15 03:35:54 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/15 03:35:54 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/15 03:35:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/15 03:35:49 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010/12/15 03:35:49 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010/12/15 03:35:43 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/15 03:35:30 | 002,447,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2010/12/15 03:35:30 | 002,063,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2010/12/15 03:35:29 | 001,026,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/15 03:35:28 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/12/15 03:35:26 | 001,194,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2010/12/15 03:35:25 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/12/15 03:35:25 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/15 03:35:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/15 03:35:24 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/15 03:35:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/12/15 03:35:24 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/15 03:35:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/15 03:35:24 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/15 03:35:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/12/15 03:35:24 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2010/12/15 03:35:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/15 03:35:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2010/12/15 03:35:23 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/15 03:35:23 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/12/15 03:35:23 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/15 03:35:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/12/15 03:35:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/15 03:35:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/15 03:35:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/12/15 03:35:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/12/15 03:35:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/12/15 03:35:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/13 11:14:55 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/12/10 19:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/12/05 14:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/12/05 14:48:44 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/12/05 14:48:39 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2010/12/05 14:48:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/12/05 14:48:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/02/10 19:31:14 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxserv.dll
[2010/02/10 19:31:14 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxusb1.dll
[2010/02/10 19:31:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxhbn3.dll
[2010/02/10 19:31:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomc.dll
[2010/02/10 19:31:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpmui.dll
[2010/02/10 19:31:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxlmpm.dll
[2010/02/10 19:31:14 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomm.dll
[2010/02/10 19:31:14 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxinpa.dll
[2010/02/10 19:31:14 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxiesc.dll
[2010/02/10 19:31:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxprox.dll
[2010/02/10 19:31:14 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpplc.dll
[2010/02/09 17:13:46 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Makotochan\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/01/01 03:52:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/01 03:52:21 | 334,995,455 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/30 02:18:33 | 000,014,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/30 02:18:33 | 000,014,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/30 02:14:12 | 000,632,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/30 02:14:12 | 000,110,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/30 00:56:57 | 000,001,146 | ---- | M] () -- C:\Users\Makotochan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/21 00:45:33 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/19 00:38:58 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Makotochan\Desktop\GooredFix.exe
[2010/12/18 01:28:32 | 003,993,691 | ---- | M] () -- C:\Users\Makotochan\Desktop\commy.exe
[2010/12/16 22:35:46 | 000,000,804 | ---- | M] () -- C:\Users\Makotochan\Desktop\cpuz.exe - Shortcut.lnk
[2010/12/16 22:12:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Makotochan\Desktop\OTL.com
[2010/12/16 03:22:18 | 000,292,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/10 21:18:30 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/12/10 21:17:43 | 000,001,112 | ---- | M] () -- C:\Windows\SysWow64\Improve Your PC.lnk
[2010/12/07 19:10:59 | 000,001,032 | ---- | M] () -- C:\Users\Makotochan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/12/07 19:10:59 | 000,001,008 | ---- | M] () -- C:\Users\Makotochan\Desktop\DVDFab 8.lnk
[2010/12/07 18:56:50 | 000,000,507 | ---- | M] () -- C:\Users\Makotochan\Desktop\Major Hell (E) - Shortcut.lnk
[2010/12/05 14:48:44 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/12/05 14:48:39 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2010/12/05 14:48:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/12/05 14:48:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/12/05 14:48:35 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/12/05 14:48:35 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll

========== Files Created - No Company Name ==========

[2010/12/19 23:47:08 | 000,001,146 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/18 01:44:08 | 003,993,691 | ---- | C] () -- C:\Users\Makotochan\Desktop\commy.exe
[2010/12/16 22:35:46 | 000,000,804 | ---- | C] () -- C:\Users\Makotochan\Desktop\cpuz.exe - Shortcut.lnk
[2010/12/10 21:18:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/10 21:17:43 | 000,001,112 | ---- | C] () -- C:\Windows\SysWow64\Improve Your PC.lnk
[2010/12/07 18:56:50 | 000,000,507 | ---- | C] () -- C:\Users\Makotochan\Desktop\Major Hell (E) - Shortcut.lnk
[2010/11/12 21:26:16 | 000,000,098 | ---- | C] () -- C:\Users\Makotochan\AppData\Local\fusioncache.dat
[2010/11/12 02:21:37 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/11 22:40:35 | 000,001,041 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\vso_ts_preview.xml
[2010/11/08 22:40:11 | 000,004,608 | ---- | C] () -- C:\Users\Makotochan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/03 21:40:36 | 000,007,621 | ---- | C] () -- C:\Users\Makotochan\AppData\Local\resmon.resmoncfg
[2010/06/27 13:27:06 | 000,000,383 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\burnaware.ini
[2010/02/10 19:31:14 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\dlcxutil.dll
[2010/02/10 19:31:14 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\dlcxinst.dll
[2010/02/10 19:31:14 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsb.dll
[2010/02/10 19:31:14 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxins.dll
[2010/02/10 19:31:14 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\dlcxjswr.dll
[2010/02/10 19:31:14 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsr.dll
[2010/02/10 19:31:14 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlcxcub.dll
[2010/02/10 19:31:14 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlcxcu.dll
[2010/02/10 19:31:14 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\DLCXcfg.dll
[2010/02/10 19:31:14 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlcxcur.dll
[2010/02/09 17:14:12 | 000,000,034 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\pcouffin.log
[2010/02/09 17:13:46 | 000,099,384 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\inst.exe
[2010/02/09 17:13:46 | 000,007,859 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\pcouffin.cat
[2010/02/09 17:13:46 | 000,001,167 | ---- | C] () -- C:\Users\Makotochan\AppData\Roaming\pcouffin.inf
[2010/02/07 23:10:28 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/02/06 01:30:01 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2002/10/01 19:38:34 | 000,011,616 | R--- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS

========== LOP Check ==========

[2010/11/18 00:47:46 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/18 01:36:36 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Downloaded Installations
[2010/06/17 23:13:31 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\DVDFab
[2010/02/06 17:05:26 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\ImgBurn
[2010/05/02 22:22:27 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Mobipocket
[2010/11/18 01:38:10 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Nitro PDF
[2010/05/02 22:48:03 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Nokia
[2010/02/15 00:00:36 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\OpenOffice.org
[2010/05/20 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\PC Suite
[2010/12/30 02:45:54 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\QuickScan
[2010/11/17 22:16:36 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Scan2PDF
[2010/11/18 01:05:13 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\ScanToPDF_4
[2010/11/06 21:34:22 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Thunderbird
[2010/12/29 23:16:39 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\uTorrent
[2010/12/07 19:11:00 | 000,000,000 | ---D | M] -- C:\Users\Makotochan\AppData\Roaming\Vso
[2010/12/20 14:26:16 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences
< End of report >

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on 4th January 2011, 10:16 pm

Hello.

Please run OTLPE.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKU\.DEFAULT..\Run: [JP595IR86O] C:\Windows\TEMP\Phv.exe File not found

    :commands
    [emptytemp]
    [resethosts]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on 5th January 2011, 5:16 am

========== COMMANDS ==========

[EMPTYTEMP]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.43.0 log created on 01052011_001349

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on 6th January 2011, 12:46 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on 7th January 2011, 7:25 pm

tried to boot into win7pro and it only reboots when it gets to the desktop. I can't get into windows and I'm getting an error saying my S.M.A.R.T on my secondary slave is now bad backup and remove drive ... this is getting crazy is there any thing else I can DO ... or should I scrap this installation and do a clean install ?

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on 8th January 2011, 11:03 pm

That choice is upto you, if you feel it's easier and quicker than this, then go for it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on 9th January 2011, 10:13 pm

I would like to save this install. what is next ?

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on 9th January 2011, 11:50 pm

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on 9th January 2011, 11:50 pm

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on 10th January 2011, 12:27 am

OTL logfile created on: 1/9/2011 7:19:35 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 481.52 Gb Free Space | 51.69% Space Free | Partition Type: NTFS
Drive D: | 72.57 Gb Total Space | 9.38 Gb Free Space | 12.92% Space Free | Partition Type: NTFS
Drive J: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/26 08:58:08 | 000,203,264 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto] -- D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/02/24 18:46:30 | 001,255,736 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/07/13 20:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 20:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 20:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 20:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 20:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 20:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 20:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 20:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 20:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 20:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\System32\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 20:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 20:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 20:39:56 | 001,525,248 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2009/07/13 20:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 20:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 20:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\FXSSVC.exe -- (Fax)
SRV:64bit: - [2006/10/11 17:36:58 | 000,561,152 | ---- | M] ( ) [Auto] -- D:\Windows\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2010/12/10 18:57:21 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/02 21:16:37 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto] -- D:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- D:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 13:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/10 15:30:59 | 000,042,840 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 15:30:45 | 000,856,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/02/23 00:21:06 | 000,069,632 | ---- | M] () [Auto] -- D:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/01/12 07:15:52 | 000,071,096 | ---- | M] () [Auto] -- D:\Program Files (x86)\BurnAware Free\NMSAccess32.exe -- (NMSAccess)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto] -- D:\Windows\SysWow64\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/22 09:42:32 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/10/26 09:23:32 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/10/26 09:23:32 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/26 08:22:36 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/16 02:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/03/02 11:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/26 13:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 13:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 13:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 13:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/01/28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/11 05:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/10/28 11:40:58 | 002,018,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RTKVHD64.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:64bit: - [2009/09/26 01:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/23 18:07:34 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV:64bit: - [2009/07/13 20:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009/07/13 20:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV:64bit: - [2009/07/13 20:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV:64bit: - [2009/07/13 20:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- D:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV:64bit: - [2009/07/13 20:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2009/07/13 20:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009/07/13 20:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009/07/13 20:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009/07/13 20:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV:64bit: - [2009/07/13 20:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV:64bit: - [2009/07/13 20:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 20:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 20:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 20:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 20:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 20:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009/07/13 20:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 20:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 20:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV:64bit: - [2009/07/13 20:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV:64bit: - [2009/07/13 20:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 20:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV:64bit: - [2009/07/13 20:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009/07/13 20:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 20:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV:64bit: - [2009/07/13 20:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2009/07/13 19:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 19:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 19:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 19:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 19:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 19:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 19:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 19:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 19:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 19:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/13 19:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 19:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 19:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 19:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 19:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 18:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 18:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 18:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 18:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 18:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 18:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 18:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 18:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 18:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 18:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 15:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009/06/10 15:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009/06/10 15:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009/06/10 15:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009/06/10 15:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/03/05 03:33:22 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System] -- D:\Windows\System32\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/05 03:33:22 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System] -- D:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- D:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/23 00:21:54 | 000,014,904 | ---- | M] () [Kernel | On_Demand] -- D:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys -- (AODDriver)
DRV - [1999/09/10 18:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto] -- D:\Windows\SysWow64\drivers\aspi32.BAK -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274


IE - HKU\Makotochan_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKU\Makotochan_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Makotochan_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 34 52 2C E3 9A CB 01 [binary data]
IE - HKU\Makotochan_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Makotochan_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local
IE - HKU\Makotochan_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555




[2010/12/30 02:44:49 | 000,000,000 | ---D | M] -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/28 11:20:21 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 00:19:21 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 15:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/12/10 21:18:00 | 000,001,919 | ---- | M] () -- D:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/01/05 00:13:50 | 000,000,098 | ---- | M]) - D:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKU\Makotochan_ON_D\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [DLCXCATS] D:\Windows\System32\spool\DRIVERS\x64\3\DLCXtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcxmon.exe] D:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [MemoryCardManager] D:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] D:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] E:\Program Files (x86)\iTunesHelper.exe File not found
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files (x86)\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [JP595IR86O] D:\Windows\TEMP\Phv.exe File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Makotochan_ON_D..\Run: [PC Suite Tray] D:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\Makotochan_ON_D..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Makotochan_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - D:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - D:\Windows\System32\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (pku2u) - D:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - D:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/16 17:13:07 | 001,246,440 | R--- | M] (BioWare) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/04/13 22:17:18 | 000,000,058 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2011/01/04 23:55:40 | 000,553,984 | R--- | C] (OldTimer Tools) -- D:\OTLPE.exe
[2011/01/04 23:55:36 | 000,000,000 | ---D | C] -- D:\_OTL
[2010/12/31 01:25:05 | 000,000,000 | R--D | C] -- D:\32788R22FWJFW
[2010/12/22 00:19:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaws.exe
[2010/12/22 00:19:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaw.exe
[2010/12/22 00:19:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\java.exe
[2010/12/15 03:36:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tzres.dll
[2010/12/15 03:35:59 | 001,169,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\taskschd.dll
[2010/12/15 03:35:59 | 000,524,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wmicmiplugin.dll
[2010/12/15 03:35:59 | 000,464,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\taskeng.exe
[2010/12/15 03:35:58 | 000,496,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\taskschd.dll
[2010/12/15 03:35:58 | 000,473,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\taskcomp.dll
[2010/12/15 03:35:58 | 000,305,152 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\taskcomp.dll
[2010/12/15 03:35:58 | 000,285,696 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\schtasks.exe
[2010/12/15 03:35:58 | 000,179,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\schtasks.exe
[2010/12/15 03:35:55 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\System32\atmfd.dll
[2010/12/15 03:35:54 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\atmfd.dll
[2010/12/15 03:35:54 | 000,046,080 | ---- | C] (Adobe Systems) -- D:\Windows\System32\atmlib.dll
[2010/12/15 03:35:54 | 000,034,304 | ---- | C] (Adobe Systems) -- D:\Windows\SysWow64\atmlib.dll
[2010/12/15 03:35:49 | 000,395,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\webio.dll
[2010/12/15 03:35:49 | 000,314,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\webio.dll
[2010/12/15 03:35:43 | 000,112,000 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\consent.exe
[2010/12/15 03:35:30 | 002,447,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iertutil.dll
[2010/12/15 03:35:30 | 002,063,360 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iertutil.dll
[2010/12/15 03:35:29 | 001,026,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mstime.dll
[2010/12/15 03:35:28 | 000,606,208 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mstime.dll
[2010/12/15 03:35:26 | 001,194,496 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wininet.dll
[2010/12/15 03:35:25 | 000,978,944 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wininet.dll
[2010/12/15 03:35:25 | 000,703,488 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2010/12/15 03:35:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2010/12/15 03:35:24 | 000,445,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iedkcs32.dll
[2010/12/15 03:35:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iedkcs32.dll
[2010/12/15 03:35:24 | 000,256,000 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2010/12/15 03:35:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2010/12/15 03:35:24 | 000,185,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2010/12/15 03:35:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2010/12/15 03:35:24 | 000,097,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2010/12/15 03:35:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2010/12/15 03:35:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtml.tlb
[2010/12/15 03:35:23 | 000,482,816 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2010/12/15 03:35:23 | 000,386,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2010/12/15 03:35:23 | 000,082,944 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedsbs.dll
[2010/12/15 03:35:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedsbs.dll
[2010/12/15 03:35:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2010/12/15 03:35:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2010/12/15 03:35:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jsproxy.dll
[2010/12/15 03:35:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2010/12/15 03:35:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2010/12/15 03:35:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2010/12/13 11:14:55 | 001,974,616 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\D3DCompiler_42.dll
[2010/12/10 19:08:14 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\QuickTime
[2010/12/05 14:48:50 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\xing shared
[2010/12/05 14:48:44 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\rmoc3260.dll
[2010/12/05 14:48:39 | 000,272,896 | ---- | C] (Progressive Networks) -- D:\Windows\SysWow64\pncrt.dll
[2010/12/05 14:48:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\pndx5016.dll
[2010/12/05 14:48:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\pndx5032.dll
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- D:\Windows\SysWow64\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- D:\Windows\SysWow64\QuickTime.qts
[2010/11/26 12:40:16 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- D:\Windows\System32\GEARAspi64.dll
[2010/11/26 12:40:16 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- D:\Windows\SysWow64\GEARAspi.dll
[2010/11/26 12:40:01 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes
[2010/11/26 12:40:01 | 000,000,000 | ---D | C] -- D:\Program Files\iPod
[2010/11/26 12:38:08 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Apple Software Update
[2010/11/26 12:37:24 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Apple
[2010/11/26 12:37:09 | 000,000,000 | ---D | C] -- D:\Program Files\Bonjour
[2010/11/26 12:37:09 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Bonjour
[2010/11/18 01:37:47 | 000,028,992 | ---- | C] (Nitro PDF Software) -- D:\Windows\System32\nitrolocalmon.dll
[2010/11/18 01:37:47 | 000,017,216 | ---- | C] (Nitro PDF Software) -- D:\Windows\System32\nitrolocalui.dll
[2010/11/18 00:55:06 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\O Imaging Corporation
[2010/11/18 00:28:02 | 000,112,056 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\acaptuser32.dll
[2010/11/17 21:47:12 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\SimpleOCR
[2010/11/17 21:16:15 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Acro Software
[2010/11/13 21:13:51 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Google
[2010/11/12 02:21:05 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\URTTEMP
[2010/11/11 22:40:09 | 000,626,688 | ---- | C] (On2.com) -- D:\Windows\SysWow64\vp7vfw.dll
[2010/11/11 22:40:09 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\drv43260.dll
[2010/11/11 22:40:09 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\drv33260.dll
[2010/11/11 22:40:09 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\drv23260.dll
[2010/11/11 22:40:09 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\sipr3260.dll
[2010/11/11 22:40:09 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- D:\Windows\SysWow64\cook3260.dll
[2010/11/11 22:40:08 | 001,184,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wvc1dmod.dll
[2010/11/11 22:40:08 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\VSO
[2010/11/11 20:58:41 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Pando Networks
[2010/02/10 19:31:14 | 001,224,704 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxserv.dll
[2010/02/10 19:31:14 | 000,991,232 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxusb1.dll
[2010/02/10 19:31:14 | 000,696,320 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxhbn3.dll
[2010/02/10 19:31:14 | 000,684,032 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxcomc.dll
[2010/02/10 19:31:14 | 000,643,072 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxpmui.dll
[2010/02/10 19:31:14 | 000,585,728 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxlmpm.dll
[2010/02/10 19:31:14 | 000,421,888 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxcomm.dll
[2010/02/10 19:31:14 | 000,413,696 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxinpa.dll
[2010/02/10 19:31:14 | 000,397,312 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxiesc.dll
[2010/02/10 19:31:14 | 000,163,840 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxprox.dll
[2010/02/10 19:31:14 | 000,094,208 | ---- | C] ( ) -- D:\Windows\SysWow64\dlcxpplc.dll

========== Files - Modified Within 60 Days ==========

[2011/01/09 17:04:45 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2011/01/09 17:04:26 | 334,995,455 | -HS- | M] () -- D:\hiberfil.sys
[2011/01/05 00:13:50 | 000,000,098 | ---- | M] () -- D:\Windows\System32\drivers\etc\Hosts
[2010/12/30 02:18:33 | 000,014,864 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/30 02:18:33 | 000,014,864 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/30 02:14:12 | 000,632,708 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2010/12/30 02:14:12 | 000,110,342 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2010/12/16 03:22:18 | 000,292,912 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2010/12/10 21:18:30 | 000,000,000 | ---- | M] () -- D:\Windows\nsreg.dat
[2010/12/10 21:17:43 | 000,001,112 | ---- | M] () -- D:\Windows\SysWow64\Improve Your PC.lnk
[2010/12/05 14:48:44 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- D:\Windows\SysWow64\rmoc3260.dll
[2010/12/05 14:48:39 | 000,272,896 | ---- | M] (Progressive Networks) -- D:\Windows\SysWow64\pncrt.dll
[2010/12/05 14:48:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- D:\Windows\SysWow64\pndx5016.dll
[2010/12/05 14:48:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- D:\Windows\SysWow64\pndx5032.dll
[2010/12/05 14:48:35 | 000,499,712 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msvcp71.dll
[2010/12/05 14:48:35 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msvcr71.dll
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- D:\Windows\SysWow64\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- D:\Windows\SysWow64\QuickTime.qts
[2010/11/22 09:42:32 | 000,083,120 | ---- | M] (Avira GmbH) -- D:\Windows\System32\drivers\avgntflt.sys
[2010/11/18 09:37:27 | 000,002,560 | ---- | M] () -- D:\Windows\_MSRSTRT.EXE
[2010/11/12 18:53:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaws.exe
[2010/11/12 18:53:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaw.exe
[2010/11/12 18:53:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\java.exe
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\deployJava1.dll
[2010/11/12 02:22:38 | 000,755,554 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2010/12/10 21:18:30 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2010/12/10 21:17:43 | 000,001,112 | ---- | C] () -- D:\Windows\SysWow64\Improve Your PC.lnk
[2010/11/18 09:37:27 | 000,002,560 | ---- | C] () -- D:\Windows\_MSRSTRT.EXE
[2010/11/12 02:21:37 | 000,755,554 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/10 19:31:14 | 000,454,656 | ---- | C] () -- D:\Windows\SysWow64\dlcxutil.dll
[2010/02/10 19:31:14 | 000,274,432 | ---- | C] () -- D:\Windows\SysWow64\dlcxinst.dll
[2010/02/10 19:31:14 | 000,176,128 | ---- | C] () -- D:\Windows\SysWow64\dlcxinsb.dll
[2010/02/10 19:31:14 | 000,176,128 | ---- | C] () -- D:\Windows\SysWow64\dlcxins.dll
[2010/02/10 19:31:14 | 000,139,264 | ---- | C] () -- D:\Windows\SysWow64\dlcxjswr.dll
[2010/02/10 19:31:14 | 000,106,496 | ---- | C] () -- D:\Windows\SysWow64\dlcxinsr.dll
[2010/02/10 19:31:14 | 000,086,016 | ---- | C] () -- D:\Windows\SysWow64\dlcxcub.dll
[2010/02/10 19:31:14 | 000,073,728 | ---- | C] () -- D:\Windows\SysWow64\dlcxcu.dll
[2010/02/10 19:31:14 | 000,073,728 | ---- | C] () -- D:\Windows\SysWow64\DLCXcfg.dll
[2010/02/10 19:31:14 | 000,036,864 | ---- | C] () -- D:\Windows\SysWow64\dlcxcur.dll
[2010/02/07 23:10:28 | 000,000,025 | ---- | C] () -- D:\Windows\cdplayer.ini
[2010/02/06 01:30:01 | 000,085,504 | ---- | C] () -- D:\Windows\SysWow64\ff_vfw.dll
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- D:\Windows\SysWow64\ICCProfiles.dll
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- D:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelFrench.dll
[2002/10/01 19:38:34 | 000,011,616 | R--- | C] () -- D:\Windows\SysWow64\drivers\SECDRV.SYS

========== LOP Check ==========

[2010/12/20 14:26:16 | 000,032,534 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> D:\Windows:nlsPreferences
< End of report >

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by Belahzur on 11th January 2011, 12:25 am

Bear in mind we may not be able to fix this if the HDD is bad, and you may need to buy a new one, or format if system files are damaged.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on 11th January 2011, 6:14 am

tried to get into windows 7 pro then it crashed saying MBR corrupted.. figured I'm done with this.. inserted Win7 pro disk and said install .sorry but thank you for all the help.

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: translation toolbar installed dropper and trojans

Post by makotochan on 24th January 2011, 8:31 pm

thank you for all the help . I did a full clean install and immediately put avira on the system then ran MBAM to make sure nothing was picked up in the span of time it took me to get the latest version downloaded and everything is ok. thank you for your help .

makotochan
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-09-30
Gender Gender : Female
OS OS : Win7 pro 64bit, Win 7 Home on laptop
Protection Protection : Avira Security Suite
Points Points : 26856
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum