Potential malware

View previous topic View next topic Go down

Potential malware

Post by daniellouwrens on Tue Aug 02, 2011 3:43 am

Hi

I am running Windows 7 x64.
a couple of weeks ago I noticed that I could not open Outlook 2007, I got a message that Outlook needed Windows Internet Explorer 4.0 or greater, and I have IE9, I did a lot of looking on the internet but did not find a fix.

One thing I noticed was that the Help/About dialogue did not show any version number, I think this may be the cause of the problem so I tried to uninstal IE9 in order to reinstal it but the uninstal went wrong, and I was left without a browser and Windows Update to download and install IE9 failed as did a stand alone IE9 install downloaded file, this has all happened several times now as I try to solve this problem, I run System Restore to recover but nothing seems to work.

I am thinking that I have some malware or a problem caused by Malware uninstal.

Here is my OTL.txt content

OTL logfile created on: 2/08/2011 11:56:21 AM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = F:\Downloads\Outlook fix\GeekPolice
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 73.73% Memory free
8.00 Gb Paging File | 6.92 Gb Available in Paging File | 86.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.13 Gb Total Space | 314.45 Gb Free Space | 54.11% Space Free | Partition Type: NTFS
Drive D: | 931.61 Gb Total Space | 756.41 Gb Free Space | 81.19% Space Free | Partition Type: NTFS
Drive E: | 15.02 Gb Total Space | 2.96 Gb Free Space | 19.72% Space Free | Partition Type: FAT32
Drive F: | 931.51 Gb Total Space | 586.30 Gb Free Space | 62.94% Space Free | Partition Type: NTFS
Drive H: | 465.57 Gb Total Space | 237.39 Gb Free Space | 50.99% Space Free | Partition Type: NTFS
Drive I: | 465.83 Gb Total Space | 121.36 Gb Free Space | 26.05% Space Free | Partition Type: NTFS
Drive J: | 3.77 Gb Total Space | 3.37 Gb Free Space | 89.40% Space Free | Partition Type: FAT32

Computer Name: GAMING | User Name: Gaming | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/02 07:31:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- F:\Downloads\Outlook fix\GeekPolice\OTL.com
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/22 22:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/10/17 05:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2007/07/25 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/12/20 04:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/08/02 07:31:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- F:\Downloads\Outlook fix\GeekPolice\OTL.com
MOD - [2010/11/20 02:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/05/25 16:45:38 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/22 22:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/11/16 22:36:42 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/17 05:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/25 16:44:30 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010/03/19 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/10 19:36:28 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files (x86)\SiSoftware\SiSoftware Sandra Lite 2011a\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/25 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/12/20 04:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/13 03:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsmdm.sys -- (zghsmdm)
DRV:64bit: - [2011/01/13 03:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsdiag.sys -- (zghsdiag)
DRV:64bit: - [2011/01/03 18:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/01/03 18:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/01/03 18:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011/01/03 18:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010/12/21 15:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/11/20 04:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 04:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 02:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 02:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 02:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/09/08 06:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/07/09 12:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/05/25 16:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/25 16:45:38 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 22:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/05/19 07:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/19 08:10:10 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsmdm.sys -- (zgwhsmdm)
DRV:64bit: - [2009/02/19 08:10:06 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsdiag.sys -- (zgwhsdiag)
DRV - [2010/05/25 16:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/05/25 16:44:30 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SiSoftware\SiSoftware Sandra Lite 2011a\WNt500x64\sandra.sys -- (SANDRA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 44 6F D0 45 3F CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.7.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.2

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\Gaming\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2011/04/27 07:25:25 | 000,000,000 | ---D | M]

[2011/07/30 03:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gaming\AppData\Roaming\Mozilla\Extensions
[2010/11/17 00:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gaming\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/08/02 04:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\4vxrdx0m.default\extensions
[2011/07/30 03:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\b51prgye.default\extensions
[2011/08/02 04:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/01 07:55:42 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\DAPIELoader64.dll (SpeedBit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\dapieloader.dll (SpeedBit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files (x86)\DAP\DAP.EXE (SpeedBit Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~4\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/29 05:55:59 | 000,000,000 | ---D | M] - C:\Autostitch -- [ NTFS ]
O32 - AutoRun File - [2010/09/29 05:55:59 | 000,000,000 | ---D | M] - D:\Autostitch -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\J:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start OpdiTracker.lnk - C:\Program Files (x86)\Opdicom\OpdiTracker\OptT3STA.exe - (Opdicom Pty. Ltd.)
MsConfig:64bit - StartUpFolder: C:^Users^Gaming^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Gaming\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig:64bit - StartUpReg: Corel File Shell Monitor - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Corel Photo Downloader - hkey= - key= - C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
MsConfig:64bit - StartUpReg: DownloadAccelerator - hkey= - key= - C:\Program Files (x86)\DAP\DAP.EXE (SpeedBit Ltd.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Gaming\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: Nikon Transfer Monitor - hkey= - key= - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Standby - hkey= - key= - c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices


daniellouwrens
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-26
OS OS : Vista Ultimate 64
Points Points : 29187
# Likes # Likes : 0

View user profile

Back to top Go down

Potential malware

Post by daniellouwrens on Tue Aug 02, 2011 3:44 am

Post continues

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0C652D45-377A-31F8-45F9-8D958D27409A} - Microsoft Windows Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A34B94CA-7F78-52E7-E5C4-8C1E23F67131} - Themes Setup
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - c:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - c:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - c:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/02 05:14:39 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{A95FEFA2-0C39-4405-AA44-4F134D6FE375}
[2011/08/01 17:23:16 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\FixItCenter
[2011/08/01 17:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2011/08/01 17:07:42 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{772F309A-12D8-4C1A-943A-60325DD70FB9}
[2011/08/01 09:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Registry Repair
[2011/08/01 04:27:04 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{BB04AD5E-9F53-4CAA-95FF-E66DC4B75E94}
[2011/08/01 04:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater
[2011/08/01 04:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/07/31 15:16:34 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{75AE27A2-AFAE-4C66-95EA-EDAC5FA26AF9}
[2011/07/31 03:52:41 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{1202934E-FE09-4495-AA9F-35C455D76C26}
[2011/07/30 10:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiseFixer
[2011/07/30 10:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WiseFixer
[2011/07/30 09:06:41 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{93C11CE2-9262-4D32-9ABB-90A1A1896D35}
[2011/07/30 03:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/07/30 03:45:48 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{10231C18-112C-444B-BA45-8CD7E9AB697C}
[2011/07/29 11:03:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/29 10:53:21 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Roaming\GlarySoft
[2011/07/29 10:53:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Registry Repair
[2011/07/29 07:49:47 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper
[2011/07/29 04:38:34 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{F2C14738-392D-4760-8184-E5780FF795AD}
[2011/07/28 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{7139E94B-20D3-4382-AA69-DECD6868EAB0}
[2011/07/28 04:28:35 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{7D64D03D-BD54-42AD-A670-48995AD390CB}
[2011/07/28 04:28:09 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{313D2F47-5AE8-4D94-877A-980B6CD3F9A1}
[2011/07/27 16:27:46 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{4DC80AB9-37AE-46F5-B9AB-E9FA8AC3D422}
[2011/07/27 15:42:28 | 000,000,000 | ---D | C] -- C:\Users\Gaming\Documents\Scanned Documents
[2011/07/27 15:42:28 | 000,000,000 | ---D | C] -- C:\Users\Gaming\Documents\Fax
[2011/07/27 04:49:11 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\trns45
[2011/07/27 04:26:52 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{EC9DCC3E-FED0-467F-8395-FA76673B3215}
[2011/07/26 16:00:02 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{49F2D2C7-1E3C-4D22-9593-CA89450D644F}
[2011/07/26 03:19:07 | 000,000,000 | ---D | C] -- C:\Users\Gaming\Desktop\Security Scan results
[2011/07/25 16:55:39 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{31072F4B-01D4-437C-99E7-2E2127649143}
[2011/07/25 16:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CheckPrixa Image To PDF Converter
[2011/07/25 16:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPrixaImageToPDF
[2011/07/25 03:52:10 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{FB20097B-BC76-4561-8678-3B9322571FDA}
[2011/07/24 11:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/24 07:19:06 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{BD585E5C-660B-4008-B3EE-B35F960DBB43}
[2011/07/23 16:30:14 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{1345453E-C09B-4F84-B14C-D2F254A5C533}
[2011/07/23 04:45:45 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
[2011/07/23 04:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2011/07/23 04:37:18 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com
[2011/07/23 04:37:17 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Roaming\KoshyJohn.com
[2011/07/23 04:29:37 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{FB206897-CE14-4082-8E4D-D3A52BC95FD6}
[2011/07/20 08:00:04 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{66307422-A7EE-4343-BAA7-EA4151D008E5}
[2011/07/19 19:59:30 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{F3C290F6-65A4-4EC1-B679-DC34E4D9F492}
[2011/07/19 06:51:16 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{EC43B990-81CB-4F9A-B4EC-652AAF76DE9B}
[2011/07/18 11:03:39 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{3C2CD550-CB05-4C1D-A8CC-9DA335B64CCA}
[2011/07/17 20:31:15 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/17 20:31:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/17 20:31:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/17 20:31:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/17 20:31:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/17 20:31:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/17 20:31:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/17 20:31:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/17 20:31:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/17 20:31:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/17 20:31:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/17 20:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/17 20:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/17 20:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/17 20:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/17 20:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/17 20:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/17 20:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/17 20:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/17 20:31:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/17 20:31:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/17 20:31:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/17 20:31:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/17 20:31:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/17 20:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/17 20:31:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/17 20:31:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/17 20:31:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/17 20:31:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/17 20:31:08 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/07/17 20:31:07 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/07/17 20:30:47 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/17 20:30:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/17 20:30:47 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/17 20:30:47 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/17 20:30:46 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/17 20:30:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/17 20:30:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/17 20:30:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/17 20:30:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/17 20:30:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/17 20:30:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/17 20:30:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/17 16:20:37 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{7D0BB4D7-4B02-4B80-8EBE-9C74571B914D}
[2011/07/17 04:19:58 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{6790DFA3-E205-499D-9FFA-EBE6695901D4}
[2011/07/16 09:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HAILLICOURT
[2011/07/16 09:15:06 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HAILLICOURT
[2011/07/16 08:24:54 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{11352152-9751-482F-A4F5-20AF8DB40F59}
[2011/07/15 17:57:49 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{1C5C9B01-4CA9-468D-B54D-70DBE3D99591}
[2011/07/15 05:57:22 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{EEC2979C-FF10-4973-92CC-A4E6AC72E1FB}
[2011/07/14 17:42:37 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{ABB35E52-C87C-4FA9-B6CB-D7631BA54D8A}
[2011/07/14 05:42:14 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{827AC8CE-72A5-4FB8-A09D-E4DC4646F6B1}
[2011/07/13 17:41:37 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{994B7A92-3CD9-4A40-8C8E-1E6BF2BCD2F4}
[2011/07/13 06:54:35 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Roaming\Help
[2011/07/13 06:54:35 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\Help
[2011/07/13 06:52:38 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2011/07/13 06:52:38 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2011/07/13 06:52:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2011/07/13 06:52:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2011/07/13 06:52:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2011/07/13 06:52:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2011/07/13 06:49:12 | 000,000,000 | -H-D | C] -- C:\Users\Gaming\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/07/13 05:41:01 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{35F26615-FBA5-46B9-AC31-9229E5B2A9E3}
[2011/07/12 17:07:38 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{A7F20810-2B04-4B4B-BB61-BE4E4A58CC26}
[2011/07/12 05:07:03 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{DA5A9EDA-48AE-40F4-9AB1-E0ABA8341CF5}
[2011/07/11 16:58:16 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{54C1FEFB-A9D6-4985-AE9F-FEA06E93FB00}
[2011/07/11 10:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011/07/11 10:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Toolbar
[2011/07/11 10:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011/07/11 07:10:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Plugins
[2011/07/11 04:57:40 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{41E9E5D2-04B1-4AED-A26F-07AA247F2178}
[2011/07/09 17:37:37 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{524FEB3E-CB36-4DD7-974A-058848594A2B}
[2011/07/09 05:37:00 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{58992FCC-6EDB-4143-8305-3F35BA473EB8}
[2011/07/08 16:56:26 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{9F2665A2-59F2-41D1-8011-62BD88A7873D}
[2011/07/08 04:55:59 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{7A05D6D1-16D1-482A-9CDB-0393E36BDF10}
[2011/07/07 16:49:56 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{4237E867-C5FD-4A2B-A898-75E6A13AED35}
[2011/07/07 04:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSTSBin Screens & Widgets
[2011/07/07 04:49:18 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{DD4D76EB-3EE3-4035-B149-A9F8556F50B7}
[2011/07/06 16:16:19 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{570CC622-7555-4A91-A877-C4FA39E29D8B}
[2011/07/06 04:15:44 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{3716FA96-D1D7-4BA2-A820-A36ACD0B9DB8}
[2011/07/05 11:48:45 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{1E4E968C-16FE-4D46-98BE-16EE9A5BB8A3}
[2011/07/04 20:58:46 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{4748CC24-E506-4414-91CC-6C6218CAAD0C}
[2011/07/04 15:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/07/04 15:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011/07/04 06:54:46 | 000,000,000 | ---D | C] -- C:\Users\Gaming\AppData\Local\{96FED7EC-6046-47D5-9325-55FA348D7F01}
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/02 12:00:26 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 12:00:26 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 11:55:33 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/02 11:53:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/02 11:53:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/02 11:53:00 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/02 07:31:53 | 000,001,485 | ---- | M] () -- C:\Users\Gaming\Desktop\My DAP Downloads.lnk
[2011/08/01 09:24:05 | 000,000,145 | ---- | M] () -- C:\Users\Gaming\Desktop\Glary Utilities Freeware.url
[2011/08/01 09:24:04 | 000,001,055 | ---- | M] () -- C:\Users\Gaming\Desktop\Glary Registry Repair.lnk
[2011/07/30 17:10:33 | 000,000,000 | ---- | M] () -- C:\Users\Gaming\AppData\Roaming\FileOut.cns
[2011/07/30 17:10:33 | 000,000,000 | ---- | M] () -- C:\Users\Gaming\AppData\Roaming\FileIn.cns
[2011/07/27 13:47:42 | 000,648,143 | ---- | M] () -- C:\Users\Gaming\Desktop\XCLN Error Message This Feature Requires Internet Explorer 4_01 or Greater When Internet Explorer 5 Is Installed.mht
[2011/07/24 14:29:08 | 000,733,756 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/24 14:29:08 | 000,630,536 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/24 14:29:08 | 000,108,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/24 14:06:26 | 000,010,016 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/24 11:43:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/24 11:43:30 | 000,749,348 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/24 07:36:57 | 000,001,709 | ---- | M] () -- C:\Users\Gaming\Desktop\WNetWatcher.exe - Shortcut.lnk
[2011/07/23 12:03:18 | 000,000,193 | ---- | M] () -- C:\Windows\wordpad.INI
[2011/07/23 04:37:28 | 000,001,990 | ---- | M] () -- C:\Users\Gaming\Desktop\DiskMax.lnk
[2011/07/18 07:28:29 | 000,442,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/11 06:01:58 | 000,001,479 | ---- | M] () -- C:\Users\Gaming\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/10 03:48:46 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/07/04 15:08:17 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/01 09:24:04 | 000,001,055 | ---- | C] () -- C:\Users\Gaming\Desktop\Glary Registry Repair.lnk
[2011/08/01 04:23:18 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011/07/29 10:53:24 | 000,000,145 | ---- | C] () -- C:\Users\Gaming\Desktop\Glary Utilities Freeware.url
[2011/07/27 13:47:41 | 000,648,143 | ---- | C] () -- C:\Users\Gaming\Desktop\XCLN Error Message This Feature Requires Internet Explorer 4_01 or Greater When Internet Explorer 5 Is Installed.mht
[2011/07/24 07:36:57 | 000,001,709 | ---- | C] () -- C:\Users\Gaming\Desktop\WNetWatcher.exe - Shortcut.lnk
[2011/07/23 04:37:28 | 000,001,990 | ---- | C] () -- C:\Users\Gaming\Desktop\DiskMax.lnk
[2011/07/11 06:01:58 | 000,001,479 | ---- | C] () -- C:\Users\Gaming\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/10 08:58:18 | 000,002,171 | ---- | C] () -- C:\Users\Gaming\Desktop\Train Simulator.lnk
[2011/07/04 15:08:17 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/06/01 08:50:34 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI
[2011/05/29 17:42:19 | 000,148,195 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2011/05/29 17:35:30 | 000,000,008 | RHS- | C] () -- C:\ProgramData\A9B7283A0F.sys
[2011/04/27 07:25:14 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011/04/19 05:48:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Contents
[2011/04/19 05:48:02 | 000,000,268 | RH-- | C] () -- C:\Users\Gaming\AppData\Roaming\Compressor
[2011/04/19 05:48:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Desktop Pictures
[2011/04/19 05:45:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2011/04/19 05:45:43 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dance
[2011/04/15 19:18:10 | 000,000,219 | ---- | C] () -- C:\Windows\iepreview.ini
[2011/03/08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/03/08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/03/08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/03/08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/02/18 08:50:08 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll
[2011/02/18 08:19:37 | 000,000,193 | ---- | C] () -- C:\Windows\wordpad.INI
[2011/01/11 04:41:18 | 000,000,255 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/21 04:35:07 | 000,749,348 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/21 04:15:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\Cocoa
[2010/12/20 15:56:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/12/20 15:55:01 | 000,000,268 | RH-- | C] () -- C:\Users\Gaming\AppData\Roaming\Common
[2010/12/20 15:55:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/08 09:37:43 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/11/24 05:56:24 | 010,932,224 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/11/22 00:15:36 | 000,000,272 | ---- | C] () -- C:\Windows\photoprn.ini
[2010/11/19 02:30:59 | 000,000,035 | ---- | C] () -- C:\Windows\iltwain.ini
[2010/11/17 21:36:28 | 000,010,016 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/11/17 21:36:28 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8998E3B24A.sys
[2010/11/17 11:54:53 | 000,000,000 | ---- | C] () -- C:\Users\Gaming\AppData\Roaming\FileOut.cns
[2010/11/17 11:54:53 | 000,000,000 | ---- | C] () -- C:\Users\Gaming\AppData\Roaming\FileIn.cns
[2010/09/26 18:51:44 | 004,054,056 | ---- | C] () -- C:\Windows\SysWow64\PhotoLooksRenderer.dll
[2009/10/06 17:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 12:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/11/07 09:01:19 | 000,121,562 | ---- | C] () -- C:\Windows\SysWow64\PicFormat32.dll
[2003/07/13 13:40:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\SAWZipNG.dll
[2002/03/13 15:46:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >
[2010/11/16 12:49:24 | 000,148,195 | ---- | M] () -- C:\Program Files (x86)\Common Files\BookViewer.xap

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/11/24 00:59:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acro Software
[2011/06/27 16:03:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/11/18 00:12:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/07/26 04:26:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Application Updater
[2010/12/21 04:04:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ArcSoft
[2011/05/21 05:18:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ask.com
[2010/11/20 01:45:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2010/11/27 09:08:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Awesome Duplicate Photo Finder
[2010/12/08 04:31:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Belarc
[2010/11/18 00:11:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/03/30 15:51:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CD Recovery Toolbox Free
[2011/07/25 16:51:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CheckPrixaImageToPDF
[2011/07/31 12:31:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/07/23 12:26:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ConBuilder
[2011/05/31 07:21:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Corel
[2011/04/28 05:14:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAP
[2010/12/21 04:34:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EngineDriver Xmas Card
[2010/12/04 04:15:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Feedback Tool
[2011/03/30 09:06:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FineRecovery
[2011/08/02 05:04:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Glary Registry Repair
[2011/08/02 05:04:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/11/24 00:59:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GPLGS
[2011/04/16 08:35:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HD Tune
[2011/05/31 07:16:09 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/08/02 05:04:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/04/15 19:16:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer Platform Preview
[2011/06/27 16:04:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IObit
[2011/07/11 10:49:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IObit Toolbar
[2010/11/18 00:13:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/11/27 07:27:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IZArc
[2010/12/20 06:29:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\J A Formoso
[2010/11/18 01:07:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/04/20 07:14:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Join ME
[2011/01/10 08:30:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\KC Softwares
[2011/04/17 09:29:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ken Salter
[2010/11/20 01:46:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lame For Audacity
[2011/04/16 10:03:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lavalys
[2011/05/31 07:16:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LooksBuilder
[2011/04/14 15:56:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/25 05:05:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MarkAny
[2010/11/20 11:17:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MGI
[2010/11/19 20:59:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Expression
[2011/04/15 10:17:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
[2011/07/31 12:28:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/07/24 11:43:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
[2011/06/30 07:03:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/07/31 12:31:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/07/31 12:31:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/11/21 00:56:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft XNA
[2011/07/31 12:31:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/08/02 05:04:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2010/12/18 07:13:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/11/24 00:54:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/04/19 15:12:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MyFree Codec
[2010/11/20 11:30:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCH Software
[2010/11/20 11:30:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCH Swift Sound
[2010/11/18 00:51:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2011/02/18 08:48:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NetObjects
[2011/04/19 05:48:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nikon
[2011/07/23 04:45:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NirSoft
[2010/11/17 23:22:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/11/16 23:07:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Opdicom
[2011/04/19 14:49:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PC Connectivity Solution
[2011/01/06 12:39:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDFTK Builder
[2010/11/27 04:51:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PeaZip
[2010/12/04 06:07:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pixmantec
[2011/06/09 07:07:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Qimage-U
[2011/04/13 19:11:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickMediaConverter
[2010/11/18 00:12:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2011/06/26 10:06:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Rail Simulator
[2009/07/14 15:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/12/04 05:00:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Remove Empty Directories
[2010/11/21 00:40:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Route_Riter
[2011/08/02 05:04:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RW_Tools
[2011/04/19 14:44:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2011/06/11 10:25:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sayz Me
[2010/11/21 01:46:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Shape Viewer
[2010/11/24 05:56:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SiSoftware
[2010/12/08 09:36:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/01/07 05:55:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/07/23 05:26:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2010/11/17 23:17:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/11/17 00:21:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TomTom HOME 2
[2010/11/17 00:21:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TomTom International B.V
[2011/04/26 09:09:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TweakNow PowerPack 2011
[2009/07/14 14:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/04/24 09:32:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Unknown Device Identifier
[2010/12/18 08:25:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VS Revo Group
[2009/07/14 15:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/04/15 07:06:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/02/23 12:57:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/05/31 07:01:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Components
[2011/02/23 12:57:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 15:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/02/23 12:57:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/02/23 12:57:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/08/02 05:04:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/11/18 23:23:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Virtual PC
[2011/07/04 15:08:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinZip
[2011/07/31 12:30:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WiseFixer
[2011/07/01 14:30:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ZipCentral


< MD5 for: AGP440.SYS >
[2009/07/14 11:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 11:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 11:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/14 11:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 11:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 11:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 16:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 16:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 16:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 16:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/03/16 03:53:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/03/16 03:53:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/03/16 03:53:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/03/16 03:53:10 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/03/16 03:53:10 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/03/16 03:53:10 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/03/16 03:53:10 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/03/16 03:53:10 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/03/16 03:53:10 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/03/16 03:53:10 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2B11E0DF

< End of report >

No Extras.txt was saved, I ran OTL three times with the same result, no Extras.Txt

Here is my aswMBR.txt content

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-02 12:18:56
-----------------------------
12:18:56.345 OS Version: Windows x64 6.1.7601 Service Pack 1
12:18:56.345 Number of processors: 4 586 0x170A
12:18:56.345 ComputerName: GAMING UserName: Gaming
12:18:58.467 Initialize success
12:19:15.837 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:19:15.837 Disk 0 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610480MB BusType: 11
12:19:15.837 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
12:19:15.837 Disk 1 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 11
12:19:15.853 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2
12:19:15.853 Disk 2 Vendor: Hitachi_HDT721010SLA360 ST6OA31B Size: 953869MB BusType: 11
12:19:17.865 Disk 0 MBR read successfully
12:19:17.865 Disk 0 MBR scan
12:19:17.865 Disk 0 Windows 7 default MBR code
12:19:17.865 Service scanning
12:19:18.473 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
12:19:19.082 Modules scanning
12:19:19.082 Disk 0 trace - called modules:
12:19:19.082 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:19:19.082 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d73060]
12:19:19.097 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004af1520]
12:19:19.097 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004ae31f0]
12:19:19.113 Scan finished successfully
12:19:32.435 Disk 0 MBR has been saved successfully to "C:\Users\Gaming\Desktop\MBR.dat"
12:19:32.498 The log file has been saved successfully to "C:\Users\Gaming\Desktop\aswMBR.txt"

Here is my Security Check log

Results of screen317's Security Check version 0.99.18
Windows 7 (UAC is disabled!)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

Hope you can help.

Thanks

Daniel

daniellouwrens
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-26
OS OS : Vista Ultimate 64
Points Points : 29187
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Potential malware

Post by Sneakyone on Tue Aug 02, 2011 3:50 am

Hi,

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Potential malware

Post by daniellouwrens on Tue Aug 02, 2011 6:06 am



Hi

here is the combofix log

ComboFix 11-08-01.05 - Gaming 02/08/2011 14:35:27.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2697 [GMT 10:00]
Running from: c:\users\Gaming\Desktop\commy.exe
Command switches used :: /stepdel
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\system32
c:\programdata\KGyGaAvL.sys
c:\programdata\xml5649.tmp
c:\programdata\xml5DD9.tmp
c:\programdata\xml60F5.tmp
c:\windows\system32\msconfig.exe . . . . Failed to delete
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MaJUtilLib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCaller.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\MetaStore2.dll
c:\windows\SysWow64\system32\Microsoft.Synchronization.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
c:\windows\SysWow64\system32\Synchronization2.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-02 to 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-02 04:53 . 2011-08-02 04:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-01 19:14 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7AF49A7-4015-4B26-91B0-7D36DE656F1D}\mpengine.dll
2011-08-01 07:23 . 2011-08-01 07:23 -------- d-----w- c:\users\Gaming\AppData\Local\FixItCenter
2011-08-01 07:14 . 2011-08-01 19:04 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-07-31 18:23 . 2011-07-31 18:23 -------- d-----w- c:\programdata\Google Updater
2011-07-30 00:25 . 2011-07-31 02:30 -------- d-----w- c:\program files (x86)\WiseFixer
2011-07-29 00:53 . 2011-08-01 19:04 -------- d-----w- c:\users\Gaming\AppData\Roaming\GlarySoft
2011-07-29 00:53 . 2011-08-01 19:04 -------- d-----w- c:\program files (x86)\Glary Registry Repair
2011-07-28 21:49 . 2011-08-01 19:02 -------- d-----w- c:\windows\Standalone System Sweeper
2011-07-25 06:51 . 2011-07-25 06:51 -------- d-----w- c:\program files (x86)\CheckPrixaImageToPDF
2011-07-24 01:43 . 2011-07-24 01:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-07-24 01:43 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-22 18:45 . 2011-07-22 18:45 -------- d-----w- c:\program files (x86)\NirSoft
2011-07-22 18:37 . 2011-07-22 18:37 -------- d-----w- c:\users\Gaming\AppData\Roaming\KoshyJohn.com
2011-07-17 10:30 . 2011-06-03 06:57 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-17 10:30 . 2011-06-03 06:57 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-17 10:30 . 2011-06-03 06:53 338944 ----a-w- c:\windows\system32\conhost.exe
2011-07-17 10:30 . 2011-06-03 06:57 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-17 10:30 . 2011-06-03 06:57 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-17 10:30 . 2011-06-03 06:00 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-17 10:30 . 2011-06-03 05:57 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-17 10:30 . 2011-06-03 06:57 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-17 10:30 . 2011-06-03 03:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-17 10:30 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-07-12 20:54 . 2011-07-12 20:54 -------- d-----w- c:\users\Gaming\AppData\Local\Help
2011-07-12 20:52 . 2009-08-04 17:56 296960 ----a-w- c:\windows\winhlp32.exe
2011-07-12 20:52 . 2009-08-04 17:55 195072 ----a-w- c:\windows\SysWow64\ftsrch.dll
2011-07-12 20:52 . 2009-08-04 17:55 195072 ----a-w- c:\windows\system32\ftsrch.dll
2011-07-12 20:52 . 2009-08-04 17:55 9216 ----a-w- c:\windows\SysWow64\ftlx0411.dll
2011-07-12 20:52 . 2009-08-04 17:55 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2011-07-12 20:52 . 2009-08-04 17:55 10240 ----a-w- c:\windows\SysWow64\ftlx041e.dll
2011-07-12 20:52 . 2009-08-04 17:55 10240 ----a-w- c:\windows\system32\ftlx041e.dll
2011-07-11 00:49 . 2011-07-25 18:26 -------- d-----w- c:\program files (x86)\Application Updater
2011-07-11 00:49 . 2011-07-11 00:49 -------- d-----w- c:\program files (x86)\IObit Toolbar
2011-07-11 00:49 . 2011-07-11 00:49 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-07-10 21:10 . 2011-07-11 18:53 -------- d-----w- c:\windows\SysWow64\Plugins
2011-07-06 18:55 . 2011-07-08 06:05 674138 ----a-w- c:\program files (x86)\Microsoft Games\Train Simulator\unins000.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 04:53 . 2010-11-17 00:46 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-09 17:48 . 2011-05-17 10:45 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 05:57 . 2011-07-17 10:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-03 05:56 . 2011-07-17 10:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-06-03 03:53 . 2011-07-17 10:30 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-05-29 07:35 . 2011-05-29 07:35 8 --sh--r- c:\programdata\A9B7283A0F.sys
2011-05-24 11:42 . 2011-06-29 20:30 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 20:30 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:40 . 2011-06-29 20:30 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:39 . 2011-06-29 20:30 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 20:30 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-04 05:25 . 2011-06-29 20:30 2315776 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 05:22 . 2011-06-29 20:30 2223616 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 05:22 . 2011-06-29 20:30 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 05:22 . 2011-06-29 20:30 491520 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 05:22 . 2011-06-29 20:30 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 05:22 . 2011-06-29 20:30 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 05:19 . 2011-06-29 20:30 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 05:19 . 2011-06-29 20:30 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 05:19 . 2011-06-29 20:30 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-04-29 02:12 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gaming\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gaming\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gaming\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gaming\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-16 39408]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2011-04-26 2918576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-02 30192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~4\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\J:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 136176]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-02 30192]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files (x86)\SiSoftware\SiSoftware Sandra Lite 2011a\RpcAgentSrv.exe [2009-08-10 93848]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-25 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [x]
R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-05-25 119632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-25 20568]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-16 18:23]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 12:25]
.
2011-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 12:25]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983010265-1709842228-3073592065-1001Core.job
- c:\users\Gaming\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-09 19:55]
.
2011-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983010265-1709842228-3073592065-1001UA.job
- c:\users\Gaming\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-09 19:55]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2010-07-28 04:05 397312 ----a-w- c:\program files (x86)\DAP\DAPIELoader64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Gaming\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Gaming\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Gaming\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Gaming\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-_{A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0}
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Completion time: 2011-08-02 15:04:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-02 05:04
.
Pre-Run: 337,698,201,600 bytes free
Post-Run: 337,712,234,496 bytes free
.
- - End Of File - - 631F569773A8215ABCB6F571F93323BB

daniellouwrens
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-26
OS OS : Vista Ultimate 64
Points Points : 29187
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Potential malware

Post by Sneakyone on Wed Aug 03, 2011 4:40 am

Hi,

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Potential malware

Post by daniellouwrens on Wed Aug 03, 2011 6:25 am

Hi

here is my MBAM scan

cheers

Daniel

Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7362

Windows 6.1.7601 Service Pack 1
Internet Explorer Unknown

3/08/2011 4:10:06 PM
mbam-log-2011-08-03 (16-10-06).txt

Scan type: Quick scan
Objects scanned: 180166
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

daniellouwrens
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-26
OS OS : Vista Ultimate 64
Points Points : 29187
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Potential malware

Post by daniellouwrens on Thu Aug 04, 2011 1:08 am

Hi

while trying to fix my problems I found many files had become corrupted so I have formatted and reinstalled the OS.

Thanks for your help.

Cheers

Daniel

daniellouwrens
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-26
OS OS : Vista Ultimate 64
Points Points : 29187
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Potential malware

Post by Sneakyone on Thu Aug 04, 2011 5:44 am

Hi,

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum