Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Has Malware got me again?!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Has Malware got me again?!

Unread postby MadatMalware » July 8th, 2012, 11:37 am

A few days ago I started to get event/error codes which led me to believe one of my hard drives was failing. Got this event several times:
event_code=50 message={Delayed Write Failed}
Windows was unable to save all the data for the file . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere. record_number=51810 resource_name=System risk=High source_name=Ntfs time=1341332969 type=0

Today, when I attempted to update my Malwarebytes Anti-Malware database I got this message-
The Malwarebytes Anti-Malware database is missing or corrupt. Would you like to download a new copy?
---------------------------
Yes No
---------------------------

That's when a red flag went up. I recall this happened the last time I was attacked by Malware, of which your forums helped save me from (very thankful for it). I am hoping I can be saved again if this is a Malware attack or told its not and i truly do have some hardware issues.

One last thing, my eset smart security license ended so there was probably a about 10days i had no virus protection. I just recently installed Bitdefender which i paid for online so i am praying it is legit!

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Administrator at 10:21:46 on 2012-07-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1555 [GMT -5:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\vm_sti.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files\Bitdefender\Bitdefender 2013\BdParentalSysTray.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [<NO NAME>]
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [bigdogpath] c:\windows\vm_sti.EXE DMC Driver
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [adm_tray.exe] c:\program files\acronis\drivemonitor\adm_tray.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [Bdagent] c:\program files\bitdefender\bitdefender 2013\bdagent.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\wallpa~1.lnk - c:\program files\wallpapertoy\Wallpapertoy.Exe
LSP: c:\program files\bitdefender\bitdefender 2013\BdProvider.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\2shzedxx.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\administrator\application

data\mozilla\firefox\profiles\2shzedxx.default\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-7-1 611520]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2012-7-1 154464]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2012-7-1 72704]
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [2011-6-27 28184]
R2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2013\bdparentalservice.exe [2012-7-1 56544]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-3-8 12672]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-8-25 68136]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-7-31 10448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-9-22 654408]
R2 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2012-7-1 82824]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2013\updatesrv.exe [2012-7-1 55544]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2012-7-1 240184]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-7-1 447208]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2012-7-1 113616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-9-22 22344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-8 40776]
R3 RT80x86;Linksys WPC600N/WMP600N Wireless-N Card Driver;c:\windows\system32\drivers\rt2860.sys [2009-12-21 712704]
R3 WJ430A;WJ430A Audio Capture Device Ver3.0;c:\windows\system32\drivers\WJ430A.sys [2009-9-23 9344]
R3 WJ430V;WJ430V Video Capture Device Ver3.0;c:\windows\system32\drivers\WJ430V.sys [2009-9-23 24576]
S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\drivers\csn5pdts82x64.sys --> c:\windows\system32\drivers\CSN5PDTS82x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\admini~1\locals~1\temp\alsysio.sys --> c:\docume~1\admini~1\locals~1\temp\ALSysIO.sys [?]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-7-1 63056]
S3 esihdrv;esihdrv;\??\c:\docume~1\admini~1\locals~1\temp\esihdrv.sys --> c:\docume~1\admini~1\locals~1\temp\esihdrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\31b8.tmp --> c:\windows\system32\31B8.tmp [?]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZSMC302;DMC Driver;c:\windows\system32\drivers\usbVM302.sys [2010-7-31 90513]
S4 0044151329353453mcinstcleanup;McAfee Application Installer Cleanup (0044151329353453);c:\windows\temp\004415~1.exe -cleanup -nolog -->

c:\windows\temp\004415~1.EXE -cleanup -nolog [?]
S4 pkHppA;pkHppA;c:\program files\cpuid\pc wizard 2009\data\pcwizntl.exe -s --> c:\program files\cpuid\pc wizard 2009\data\pcwizntl.exe -s [?]
S4 XWtpZC;XWtpZC;c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s --> c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s [?]
.
=============== Created Last 30 ================
.
2012-07-08 14:56:34 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-01 21:48:45 -------- d-----w- c:\documents and settings\administrator\local settings\application data\kray_zee_kat
2012-07-01 21:44:07 459760 ----a-w- c:\documents and settings\all users\application data\1341178555.bdinstall.bin
2012-07-01 21:40:40 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
2012-07-01 21:40:31 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2012-07-01 21:40:29 63056 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-07-01 21:40:29 511328 ----a-w- c:\windows\capicom.dll
2012-07-01 21:40:29 113616 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2012-07-01 21:40:29 -------- d-----w- c:\windows\system32\ui
2012-07-01 21:40:15 611520 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-07-01 21:40:15 447208 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-07-01 21:40:15 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-07-01 21:39:02 -------- d-----w- c:\documents and settings\administrator\application data\Bitdefender
2012-07-01 21:39:00 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender
2012-07-01 21:37:34 -------- d-----w- c:\documents and settings\administrator\application data\QuickScan
2012-07-01 21:36:31 154464 ----a-w- c:\windows\system32\drivers\gzflt.sys
2012-07-01 21:36:28 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-07-01 21:36:28 -------- d-----w- c:\program files\Bitdefender
2012-07-01 21:35:47 -------- d-----w- c:\program files\common files\Bitdefender
2012-06-13 01:01:38 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 22:37:11 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sun
2012-06-12 22:36:35 -------- d-----w- c:\program files\Oracle
2012-06-12 22:36:18 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
.
==================== Find3M ====================
.
2012-07-08 13:12:20 16608 ----a-w- c:\windows\gdrv.sys
2012-07-06 06:30:50 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-17 12:10:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 12:10:00 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 00:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-05 00:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 10:23:42.90 ===========



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-08-24 16:34:52
System Uptime: 2012-07-08 08:10:33 (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA78GM-US2H
Processor: AMD Athlon(tm) 7750 Dual-Core Processor | Socket M2 | 2705/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 204.594 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 19 GiB total, 15.744 GiB free.
F: is FIXED (NTFS) - 18 GiB total, 1.258 GiB free.
G: is FIXED (NTFS) - 18 GiB total, 13.366 GiB free.
H: is FIXED (NTFS) - 18 GiB total, 17.612 GiB free.
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&36A73F9A&0&0050
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&36A73F9A&0&0050
Service: RTLE8023xp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP355: 2012-04-09 21:00:24 - System Checkpoint
RP356: 2012-04-10 21:52:13 - System Checkpoint
RP357: 2012-04-11 03:00:25 - Software Distribution Service 3.0
RP358: 2012-04-16 14:40:13 - System Checkpoint
RP359: 2012-04-17 15:40:01 - System Checkpoint
RP360: 2012-04-18 15:55:09 - System Checkpoint
RP361: 2012-04-19 16:43:15 - System Checkpoint
RP362: 2012-04-20 16:45:43 - System Checkpoint
RP363: 2012-04-21 16:47:22 - System Checkpoint
RP364: 2012-04-22 16:49:27 - System Checkpoint
RP365: 2012-04-23 17:05:10 - System Checkpoint
RP366: 2012-04-24 17:55:14 - System Checkpoint
RP367: 2012-04-25 17:57:17 - System Checkpoint
RP368: 2012-04-26 17:59:20 - System Checkpoint
RP369: 2012-04-27 18:14:56 - System Checkpoint
RP370: 2012-04-28 19:03:32 - System Checkpoint
RP371: 2012-04-29 19:05:35 - System Checkpoint
RP372: 2012-04-30 19:07:39 - System Checkpoint
RP373: 2012-05-01 19:08:23 - System Checkpoint
RP374: 2012-05-02 19:24:55 - System Checkpoint
RP375: 2012-05-03 20:24:58 - System Checkpoint
RP376: 2012-05-04 21:14:33 - System Checkpoint
RP377: 2012-05-05 22:16:43 - System Checkpoint
RP378: 2012-05-09 02:03:23 - System Checkpoint
RP379: 2012-05-10 02:07:35 - System Checkpoint
RP380: 2012-05-10 03:00:33 - Software Distribution Service 3.0
RP381: 2012-05-11 01:04:37 - Software Distribution Service 3.0
RP382: 2012-05-12 01:54:49 - System Checkpoint
RP383: 2012-05-13 02:43:51 - System Checkpoint
RP384: 2012-05-14 02:46:03 - System Checkpoint
RP385: 2012-05-15 02:48:00 - System Checkpoint
RP386: 2012-05-16 03:12:02 - System Checkpoint
RP387: 2012-05-17 07:00:40 - Removed ESET Smart Security
RP388: 2012-05-18 07:08:13 - System Checkpoint
RP389: 2012-05-19 07:24:49 - System Checkpoint
RP390: 2012-05-20 07:24:54 - System Checkpoint
RP391: 2012-05-21 08:14:32 - System Checkpoint
RP392: 2012-05-22 03:01:19 - Software Distribution Service 3.0
RP393: 2012-05-23 02:33:29 - Software Distribution Service 3.0
RP394: 2012-05-23 03:00:17 - Software Distribution Service 3.0
RP395: 2012-05-24 03:48:11 - System Checkpoint
RP396: 2012-05-25 04:25:39 - System Checkpoint
RP397: 2012-05-26 04:25:49 - System Checkpoint
RP398: 2012-05-27 04:36:21 - System Checkpoint
RP399: 2012-05-28 04:44:28 - System Checkpoint
RP400: 2012-05-29 05:33:17 - System Checkpoint
RP401: 2012-05-30 05:55:53 - System Checkpoint
RP402: 2012-05-31 06:36:53 - System Checkpoint
RP403: 2012-06-01 06:38:54 - System Checkpoint
RP404: 2012-06-02 06:55:01 - System Checkpoint
RP405: 2012-06-03 07:43:10 - System Checkpoint
RP406: 2012-06-04 07:45:20 - System Checkpoint
RP407: 2012-06-05 03:02:20 - Software Distribution Service 3.0
RP408: 2012-06-06 03:23:37 - System Checkpoint
RP409: 2012-06-07 03:24:11 - System Checkpoint
RP410: 2012-06-08 03:25:42 - System Checkpoint
RP411: 2012-06-09 03:28:11 - System Checkpoint
RP412: 2012-06-10 03:29:56 - System Checkpoint
RP413: 2012-06-11 03:44:59 - System Checkpoint
RP414: 2012-06-12 04:34:06 - System Checkpoint
RP415: 2012-06-12 17:35:42 - Installed Java(TM) 7 Update 5
RP416: 2012-06-12 17:36:32 - Installed JavaFX 2.1.1
RP417: 2012-06-13 03:00:20 - Software Distribution Service 3.0
RP418: 2012-06-14 03:46:00 - System Checkpoint
RP419: 2012-06-15 04:05:39 - System Checkpoint
RP420: 2012-06-16 05:09:41 - System Checkpoint
RP421: 2012-06-17 05:59:56 - System Checkpoint
RP422: 2012-06-18 06:15:04 - System Checkpoint
RP423: 2012-06-19 07:04:14 - System Checkpoint
RP424: 2012-06-20 07:07:13 - System Checkpoint
RP425: 2012-06-21 07:08:42 - System Checkpoint
RP426: 2012-06-22 08:24:52 - System Checkpoint
RP427: 2012-06-23 09:12:56 - System Checkpoint
RP428: 2012-06-24 09:15:02 - System Checkpoint
RP429: 2012-06-25 09:25:41 - System Checkpoint
RP430: 2012-06-26 09:34:46 - System Checkpoint
RP431: 2012-06-27 10:23:10 - System Checkpoint
RP432: 2012-06-28 10:25:39 - System Checkpoint
RP433: 2012-06-29 10:26:34 - System Checkpoint
RP434: 2012-06-30 10:28:43 - System Checkpoint
RP435: 2012-07-01 10:44:55 - System Checkpoint
RP436: 2012-07-01 16:23:45 - Removed ESET Smart Security
RP437: 2012-07-01 16:57:59 - Software Distribution Service 3.0
RP438: 2012-07-02 21:06:10 - System Checkpoint
RP439: 2012-07-06 00:51:51 - System Checkpoint
RP440: 2012-07-07 09:41:32 - System Checkpoint
RP441: 2012-07-08 08:59:50 - System Checkpoint
.
==== Installed Programs ======================
.
@BIOS Ver.2.04
Acrobat.com
Acronis Drive Monitor
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Adobe SVG Viewer 3.0
AiO_Scan_CDA
AiOSoftwareNPI
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI Catalyst Install Manager
Backup Magic
Bing Maps 3D
Bitdefender Total Security 2013
Bonjour
Browser Configuration Utility
BufferChm
C4100
c4100_Help
Canon CanoScan LiDE 200 User Registration
Canon MP Navigator EX 2.0
Canon Utilities Solution Menu
CanoScan LiDE 200 Scanner Driver
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help Japanese
CCC Help Korean
CCC Help Thai
CCleaner
CDBurnerXP
Cisco Systems VPN Client 5.0.04.0300
Colasoft Capsa 7 Free
ColorPic
Core Temp version 0.99.8
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CPUID CPU-Z 1.53.1
CueTour
CursorFX
Destinations
DeviceManagementQFolder
Disk Space Fan 1.4.2.796
DiskCheckup V2.1
DMIView B8.0717.01
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
doPDF 6.3 printer
Download Updater (AOL LLC)
Easy Tune 6 B08.1212.1
EasySaver B8.1208.1
eReg
ERUNT 1.1j
eSupportQFolder
Extra Photo SlideShow Free 7.07
Face_Wizard B08.0908.01
Fax_CDA
Firefox Preloader
foobar2000 v1.0.3
Free Nokia Ringtone Converter 1.1
FullDPAppQFolder
GhostBuster
Google Chrome
Google Earth Plug-in
Google Update Helper
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
IconViewer
ImTOO DVD Ripper Platinum 6
InstantShareDevices
InstantShareDevicesMFC
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 5
JavaFX 2.1.1
Kensington SlimBlade Driver
LEGO Digital Designer
Lorex mCam
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Color Control Panel Applet for Windows XP
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft USB Flash Drive Manager
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC100_CRT_SP1_x86
Minilyrics(remove only)
MobileMe Control Panel
Mozilla Firefox 7.0.1 (x86 en-US)
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
NewCopy_CDA
Nikon Message Center
Nikon RAW Codec
Nikon Transfer
Nokia Connectivity Cable Driver
Nokia Ovi Player
Nokia PC Suite
Nokia Software Updater
Nokia Suite
Nokia_Multimedia_Common_Components_2_5
OCR Software by I.R.I.S 7.0
PanoStandAlone
PC Connectivity Solution
PC Wizard 2009.1.90
PC Wizard 2010.1.93
Photo Story 3 for Windows
PhotoGallery
Picture Control Utility
ProductContextNPI
QuickTime
RandMap
Readme
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RSA SecurID Software Token
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
SkinsHP1
SlideShow
SnagIt 7
SolutionCenter
Sonic_PrimoSDK
Sophos Anti-Rootkit 1.5.4
SpeedFan (remove only)
SpywareBlaster 4.6
Status
swMSM
System Requirements Lab
TaxACT 2008
The Lord of the Rings FREE Trial
ThreatExpert Memory Scanner 1.0
Toolbox
TrayApp
Tweak UI
Unity Web Player
Unity Web Player (All users)
Unknown Device Identifier 6.01
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
VC 9.0 Runtime
ViewNX
VLC media player 2.0.1
VoiceOver Kit
Wallpaper Changer for Windows XP
WD Diagnostics
WebFldrs XP
WebReg
Winamp
Winamp Detector Plug-in
Winamp Essentials Pack
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
2012-07-06 02:24:51, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
2012-07-03 01:22:03, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
2012-07-02 19:12:21, error: Dhcp [1002] - The IP address lease 192.168.2.8 for the Network Card with network address 00259CB37ECD has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
2012-07-01 12:26:03, error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\D.
.
==== End Of File ===========================
MadatMalware
Regular Member
 
Posts: 16
Joined: April 7th, 2011, 3:02 pm
Advertisement
Register to Remove

Re: Has Malware got me again?!

Unread postby maxi » July 10th, 2012, 7:57 am

Hello MadatMalware,

Welcome to the forum!

My name is maxi and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Has Malware got me again?!

Unread postby maxi » July 10th, 2012, 4:47 pm

Hi MadatMalware :)

I notice that you have Microsoft Office Enterprise 2007 installed. Could you tell me how this came to be on your machine ?

Step 1

Please download MGA Diagnostic Tool and save it to your Desktop.

  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.


Step 2
Please download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

In your next reply please include::
The log from MGADiag.exe.
Both logs from OTL.
The answer to my question.
Any problems you had with my instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Has Malware got me again?!

Unread postby MadatMalware » July 12th, 2012, 12:43 pm

I reached a limit i guess so i must post two replies to this
Your message contains 115448 characters. The maximum number of allowed characters is 100000.



Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-KCHJG-7XT7F-QFDD3
Windows Product Key Hash: 3SeVfS84/zsOtEP5x+TPSVdM3/Q=
Windows Product ID: 76487-338-2895056-22528
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {38A42C7E-BB87-46AB-8D89-42AEDA0B7173}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{38A42C7E-BB87-46AB-8D89-42AEDA0B7173}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-QFDD3</PKey><PID>76487-338-2895056-22528</PID><PIDType>5</PIDType><SID>S-1-5-21-725345543-1284227242-2147250837</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>GA-MA78GM-US2H</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F2</Version><SMBIOSVersion major="2" minor="4"/><Date>20090102000000.000000+000</Date></BIOS><HWID>7DA438AF01844072</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>B3BD5D02F570ED2</Val><Hash>3fso3eAV4/ATI6RW8aUmRFAAf3A=</Hash><Pid>81599-873-9982743-65335</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 864A:HITACHI, Ltd|864A:HITACHI, Ltd|864A:HITACHI, Ltd|14840:SYNNEX TECHNOLOGY INTERNATIONAL CORP|14840:SYNNEX TECHNOLOGY INTERNATIONAL CORP|14840:SYNNEX TECHNOLOGY INTERNATIONAL CORP
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
MadatMalware
Regular Member
 
Posts: 16
Joined: April 7th, 2011, 3:02 pm

Re: Has Malware got me again?!

Unread postby MadatMalware » July 12th, 2012, 12:48 pm

OTL logfile created on: 2012-07-12 08:23:53 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.75 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 69.95% Memory free
5.34 Gb Paging File | 4.55 Gb Available in Paging File | 85.10% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 204.55 Gb Free Space | 87.84% Space Free | Partition Type: NTFS
Drive E: | 19.24 Gb Total Space | 15.74 Gb Free Space | 81.82% Space Free | Partition Type: NTFS
Drive F: | 18.43 Gb Total Space | 1.26 Gb Free Space | 6.81% Space Free | Partition Type: NTFS
Drive G: | 18.43 Gb Total Space | 13.37 Gb Free Space | 72.52% Space Free | Partition Type: NTFS
Drive H: | 18.42 Gb Total Space | 17.61 Gb Free Space | 95.60% Space Free | Partition Type: NTFS

Computer Name: KRAZYKAT-3D4C51 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-07-12 08:12:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012-06-25 18:45:14 | 000,082,824 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
PRC - [2012-06-25 18:12:18 | 001,277,624 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
PRC - [2012-06-25 16:22:33 | 001,506,784 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
PRC - [2012-06-25 16:17:44 | 000,056,544 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
PRC - [2012-06-21 09:11:47 | 000,074,096 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalsystray.exe
PRC - [2012-06-07 21:37:20 | 000,055,544 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
PRC - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-03-16 17:32:59 | 000,325,000 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011-02-24 18:49:50 | 000,466,768 | ---- | M] (Acronis) -- C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
PRC - [2011-02-12 07:43:02 | 000,660,576 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010-03-23 09:17:43 | 000,417,280 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\CursorFX\CursorFX.exe
PRC - [2008-12-09 16:09:30 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008-08-29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008-04-13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-19 11:26:20 | 000,172,032 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
PRC - [2007-09-17 11:24:26 | 000,077,824 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2007-08-09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003-11-06 15:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
PRC - [2003-01-21 02:19:24 | 000,040,960 | R--- | M] (VM.) -- C:\WINDOWS\vm_sti.EXE
PRC - [2002-12-18 13:12:26 | 000,110,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files\WallpaperToy\Wallpapertoy.Exe


========== Modules (No Company Name) ==========

MOD - [2012-07-01 16:46:31 | 002,065,920 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00002_002\ashttpf.mdl
MOD - [2012-07-01 16:46:30 | 000,521,216 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00002_002\ashttpdsp.mdl
MOD - [2012-07-01 16:46:29 | 001,934,336 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00002_002\ashttpph.mdl
MOD - [2012-07-01 16:46:28 | 000,960,512 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00002_002\ashttprbl.mdl
MOD - [2012-07-01 16:46:28 | 000,637,952 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00002_002\ashttpbr.mdl
MOD - [2012-06-26 02:14:40 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\ui\imsecurityal.ui
MOD - [2012-06-26 02:14:39 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\ui\accessl.ui
MOD - [2012-06-25 16:21:22 | 000,099,304 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\imsecurityal.dll
MOD - [2012-06-21 14:01:49 | 000,918,696 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender Safebox\system.data.sqlite.dll
MOD - [2012-06-13 03:22:52 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012-06-13 03:22:41 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012-06-13 03:20:55 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012-06-13 03:20:45 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012-06-06 11:25:39 | 000,139,480 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2013\bdnc.dll
MOD - [2012-05-18 20:39:18 | 001,228,720 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2013\wslib.dll
MOD - [2012-05-10 03:21:46 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012-05-10 03:21:45 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012-05-10 03:21:38 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012-05-10 03:21:14 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012-05-10 03:19:24 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012-05-10 03:18:46 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012-05-10 03:17:44 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012-05-10 03:17:35 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012-05-09 16:21:13 | 000,565,616 | ---- | M] () -- C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\bdsmartdb.dll
MOD - [2012-04-27 16:08:08 | 000,092,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll
MOD - [2012-04-25 12:24:09 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
MOD - [2012-04-24 15:28:36 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011-11-14 20:17:06 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll
MOD - [2011-06-24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-06-24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011-05-19 19:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\Antivirus_09626_039\avxdisk.dll
MOD - [2011-02-24 18:39:44 | 000,012,128 | ---- | M] () -- C:\Program Files\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
MOD - [2010-03-29 15:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010-03-23 09:17:43 | 000,059,904 | ---- | M] () -- C:\Program Files\Stardock\CursorFX\zlib1.dll
MOD - [2008-12-09 16:09:30 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
MOD - [2008-12-05 17:03:52 | 000,098,304 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ycc.dll
MOD - [2008-08-29 13:58:26 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2008-04-13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003-11-06 15:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- M:\remote.zip\REMOTE~1\INSTAL~1.EXE -- (CiscoVpnInstallService)
SRV - [2012-06-25 18:45:14 | 000,082,824 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV - [2012-06-25 18:12:18 | 001,277,624 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV - [2012-06-25 16:17:44 | 000,056,544 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2012-06-07 21:37:20 | 000,055,544 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV - [2012-05-23 20:25:04 | 000,827,496 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\WINDOWS\Temp\0044151329353453mcinst.exe -- (0044151329353453mcinstcleanup) McAfee Application Installer Cleanup (0044151329353453)
SRV - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-10-27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011-02-12 07:43:02 | 000,660,576 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009-09-06 13:38:06 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009-09-05 12:25:26 | 000,053,248 | ---- | M] (CPUID) [Disabled | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -- (XWtpZC)
SRV - [2009-06-23 15:46:14 | 000,022,016 | ---- | M] (CPUID) [Disabled | Stopped] -- C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -- (pkHppA)
SRV - [2008-12-09 16:09:30 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2008-08-29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007-08-09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\31B8.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\KMW_USB.sys -- (KMW_USB)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\KMW_KBD.sys -- (KMW_KBD)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys -- (esihdrv)
DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\CSN5PDTS82x64.sys -- (CSN5PDTS82x64)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - File not found [Adapter | Auto | Unknown] -- C:\WINDOWS\system32\6to4ex.dll -- (6to4)
DRV - [2012-07-12 08:05:27 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012-07-08 10:37:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012-04-24 15:28:36 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012-04-17 14:40:22 | 000,072,704 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2012-04-11 17:03:33 | 000,154,464 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt)
DRV - [2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-03-20 20:22:08 | 000,611,520 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012-03-01 16:30:37 | 000,130,664 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr)
DRV - [2012-02-17 16:45:12 | 000,447,208 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2011-11-25 14:59:40 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2011-11-17 17:38:32 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (BDSandBox)
DRV - [2011-11-14 20:16:29 | 000,113,616 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2011-11-14 20:16:26 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011-08-17 13:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011-08-17 13:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011-08-17 13:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011-08-17 13:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-08-24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010-08-24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010-08-24 12:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010-08-04 02:20:14 | 005,243,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-05-20 15:14:52 | 000,028,184 | ---- | M] (Colasoft Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSN5PDTS82.sys -- (CSN5PDTS82)
DRV - [2009-11-12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-03-27 02:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009-01-13 18:32:02 | 000,712,704 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008-08-29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008-08-26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-08-25 22:28:10 | 003,684,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008-03-29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007-11-22 15:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-08-10 14:28:06 | 000,009,728 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2007-06-07 16:38:32 | 000,017,408 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2007-04-16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007-01-18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006-09-24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006-08-15 14:41:16 | 004,368,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004-04-23 06:01:40 | 000,090,513 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM302.sys -- (ZSMC302)
DRV - [2003-08-11 23:49:58 | 000,009,344 | R--- | M] (Wooju Communications Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WJ430A.sys -- (WJ430A)
DRV - [2003-08-11 23:49:46 | 000,024,576 | R--- | M] (Wooju Communications Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WJ430V.sys -- (WJ430V)
DRV - [2001-09-20 10:50:10 | 000,017,920 | ---- | M] (Intel Corporation & Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbdiag.sys -- (usbdiag)
DRV - [1996-04-03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/red ... 685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110416054758968&tb_oid=16-04-2011&tb_mrud=16-04-2011


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {645701DB-0A59-AE3F-8D62-BAA040AFB663}
IE - HKU\.DEFAULT\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {645701DB-0A59-AE3F-8D62-BAA040AFB663}
IE - HKU\S-1-5-18\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-725345543-1284227242-2147250837-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-725345543-1284227242-2147250837-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-725345543-1284227242-2147250837-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-725345543-1284227242-2147250837-500\..\SearchScopes,DefaultScope = {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}
IE - HKU\S-1-5-21-725345543-1284227242-2147250837-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-725345543-1284227242-2147250837-500\..\SearchScopes\{AB0FBD54-D4B9-4273-BFE5-D21E2798DACB}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-725345543-1284227242-2147250837-500\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/red ... 685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110416054758968&tb_oid=16-04-2011&tb_mrud=16-04-2011
IE - HKU\S-1-5-21-725345543-1284227242-2147250837-500\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-725345543-1284227242-2147250837-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-1284227242-2147250837-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: mybookmarks@ma2ten.catsyawn.net:0.5.9.1
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12
FF - prefs.js..extensions.enabledItems: fastbid@bxwa.com:2.21.9.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {473f9a20-ce5a-11da-a94d-0800200c9a66}:0.7
FF - prefs.js..extensions.enabledItems: faviconizetab@espion.just-size.jp:1.0.1
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:1.99.20110227
FF - prefs.js..extensions.enabledItems: {68111119-9278-4198-B1AC-F5B13A2077FF}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: flaminglow-ff3-30@glowplug.bitasylum.net:4.0.3.05
FF - prefs.js..extensions.enabledItems: {e7348bc0-16f6-11de-8c30-0800200c9a66}:3.6.19.02.10
FF - prefs.js..extensions.enabledItems: {3ffb7be0-8bde-11de-8a39-0800200c9a66}:3.6.05.02.10
FF - prefs.js..extensions.enabledItems: glaze_black@www.theme-oasis.org:3.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010-08-31 22:19:49 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-09-26 12:16:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{68111119-9278-4198-B1AC-F5B13A2077FF}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{68111119-9278-4198-B1AC-F5B13A2077FF} [2011-04-05 20:13:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fe_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011-11-15 02:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-10-28 18:15:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-06-12 17:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-11-15 02:01:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012-06-26 02:19:05 | 000,000,000 | ---D | M]

[2009-09-14 13:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011-11-16 19:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\extensions
[2011-06-22 19:58:37 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2009-09-14 14:55:04 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011-02-04 07:52:54 | 000,000,000 | ---D | M] (Google Bookmarks for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
[2011-11-15 15:41:45 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2011-10-22 16:37:39 | 000,000,000 | ---D | M] (ViewMarks) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\extensions\{7443739c-bff6-4af0-aea5-7ed29006966c}
[2011-11-11 19:40:45 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011-08-10 06:53:51 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\extensions\coralietab@mozdev.org
[2011-03-13 22:25:37 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\extensions\personas@christopher.beard
[2011-06-06 22:11:02 | 000,000,000 | ---D | M] (samfind Bookmarks Bar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\extensions\sam@samfind.com
[2011-02-18 19:23:22 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\extensions\tineye@ideeinc.com
[2010-12-25 14:57:59 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\searchplugins\bing-zugo.xml
[2010-06-29 14:21:45 | 000,002,014 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\searchplugins\dogpile.xml
[2011-11-15 19:45:34 | 000,011,187 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2shzedxx.default\searchplugins\timeanddatecom.xml
[2011-12-07 23:19:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-06-05 16:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011-04-14 22:04:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-05-17 06:38:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011-06-22 00:02:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-12-07 23:19:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011-10-22 16:37:29 | 000,084,346 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2SHZEDXX.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2011-09-11 08:05:07 | 000,450,199 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2SHZEDXX.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
[2011-09-11 08:05:07 | 000,058,343 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2SHZEDXX.DEFAULT\EXTENSIONS\{446C03E0-2C35-11DB-A98B-0800200C9A66}.XPI
[2011-10-05 20:00:06 | 000,027,678 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2SHZEDXX.DEFAULT\EXTENSIONS\BACKUPFOX_959A5970_ADA3_11E0_9F1C_0800200C9A66@MOZILLAFIREFOXEXTENSION.XPI
[2011-09-11 08:05:07 | 000,010,951 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2SHZEDXX.DEFAULT\EXTENSIONS\BOOKMARKS-MENU@DIO.GR.XPI
[2011-09-21 19:33:47 | 000,129,253 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2SHZEDXX.DEFAULT\EXTENSIONS\CHECKPLACES@ANDYHALFORD.COM.XPI
[2011-10-05 20:00:06 | 000,008,475 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2SHZEDXX.DEFAULT\EXTENSIONS\DBLCLICKER@BYO.CO.IL.XPI
[2011-09-04 22:21:03 | 000,010,259 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2SHZEDXX.DEFAULT\EXTENSIONS\FAVICONIZETAB@ESPION.JUST-SIZE.JP.XPI
[2011-04-26 06:26:35 | 000,167,762 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2SHZEDXX.DEFAULT\EXTENSIONS\GMAIL_SIGS@BLANKCANVASWEB.COM.XPI
[2011-09-11 08:05:07 | 000,053,870 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2SHZEDXX.DEFAULT\EXTENSIONS\MYBOOKMARKS@MA2TEN.CATSYAWN.NET.XPI
[2011-09-11 08:05:07 | 000,005,502 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2SHZEDXX.DEFAULT\EXTENSIONS\OPENBOOKMARKINTAB@PIRO.SAKURA.NE.JP.XPI
[2011-04-05 20:13:27 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{68111119-9278-4198-B1AC-F5B13A2077FF}
[2011-04-14 22:04:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012-06-12 18:51:45 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011-11-15 02:01:24 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION_7.0
[2009-11-02 08:43:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-10-26 06:53:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-03-22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011-04-07 06:41:32 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011-10-26 06:53:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011-10-05 18:50:03 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: The Joke Stop = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjgpgljmffafjmilkhenbnfmbpndgepn\2.3_0\
CHR - Extension: Hello Kitty Room = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djmgoglbbnhnnfjamebccnloikailimf\1.0.3_0\
CHR - Extension: Sea = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\doeeedccebcmkagipdkpnhleljdejpjd\1_0\
CHR - Extension: MondoZoo - Zoo game = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejafdpedefplpgoacblaboikebhhjlib\1.1.0.0_0\
CHR - Extension: FlyOrDie Four in a Row = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ekmnknlahnpppljnjacdbpnlpbkckcki\1.0.2_0\
CHR - Extension: Top Games = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\emcpcjoaklifiibimmjnkgcjecaocpnm\1.2.1_0\
CHR - Extension: Angry Birds Rio = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\epolojalmdlnnbcfocapnkafchgakejn\13.2212.7325_0\
CHR - Extension: Android Freeware = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\faijocccbppcdmakdenmbbiflcagbapp\1.0_0\
CHR - Extension: Herotopia = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fddlpkmfbboheamcehopimgjpnapmbff\1.1.1_0\
CHR - Extension: Corpse bride = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdjkfdgkecipeobaiblplhmcficghfle\1.0_0\
CHR - Extension: Angry Birds Rio = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdlekfaiefblildbbeanghnhjgdanjjh\2.3_0\
CHR - Extension: Creatures & Castles = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hfpeacgpdnhofhebmincihdelcemhagd\2.0_0\
CHR - Extension: TiltShiftMaker = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo\1.3.3_0\
CHR - Extension: Ozee = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmggblpgblcoomebaelghgmdgdeknmhg\1.0.7_0\
CHR - Extension: Hello Kitty Roller Rescue = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdbdhnpojaigenbhgkjfahbkeoolgpcj\1.0.3_0\
CHR - Extension: Fishing Game = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jedmdpopicadoealpdmojolokkjmjmja\1.1_0\
CHR - Extension: colorPicker 0.9 = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jegimleidpfmpepbfajjlielaheedkdo\0.9.90_0\
CHR - Extension: MOG Music = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jgljcanfdcmdnncaneopdlcgjlkgpenj\0.9.10_0\
CHR - Extension: FlyOrDie Backgammon = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jjajfipfoldnngmddjicblncidmijama\1.0.7_0\
CHR - Extension: MondoZooPark = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmpkmeghlkkggopeiplfmbigjhnodnij\1.2.0.0_0\
CHR - Extension: The Axe Ninja = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbbjpadgfciplggknhfheciphdccmgii\1.0.5_0\
CHR - Extension: Shixe - New games for ninjas = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nknfeoeacbjanmlbbgojfpginflcfplk\1.1_0\
CHR - Extension: Reversi = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\odhjkapjdlmmadkepnmlkpadnnnnoebm\0.0.0.3_0\
CHR - Extension: Pong = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omimkinlomnncbmnceacpkmlbfaapojj\1.2_0\
CHR - Extension: Fishdom = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plkccdpiifjkmjpinpcmndkifhnjhooj\1.0.2.6_0\
CHR - Extension: Connected Mind = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmkffmgahaepmhkhkblhopnpleeikokc\1.1.5_0\
CHR - Extension: Hello Kitty Roller Rescue = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pogldpcjklhnehkljhhdnkfflhnlaago\13.2612.1428_0\

O1 HOSTS File: ([2011-04-07 17:56:46 | 000,444,716 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14881 more lines...
O3 - HKU\S-1-5-21-725345543-1284227242-2147250837-500\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [adm_tray.exe] C:\Program Files\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [bigdogpath] C:\WINDOWS\vm_sti.EXE (VM.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-725345543-1284227242-2147250837-500..\Run: [] File not found
O4 - HKU\S-1-5-21-725345543-1284227242-2147250837-500..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe (Microsoft Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-1284227242-2147250837-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-1284227242-2147250837-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61ADE969-73B3-4C05-81D5-C18EADAFD1D5}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-08-24 16:32:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-03-26 11:42:40 | 000,000,000 | ---D | M] - F:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2008-08-25 08:31:00 | 008,221,774 | ---- | M] () - H:\AutoPanoPro_Booker.zma -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-07-12 08:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2012-07-12 08:12:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012-07-12 08:12:11 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\MGADiag.exe
[2012-07-12 08:10:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012-07-08 10:20:48 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012-07-08 09:56:34 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012-07-06 00:31:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012-07-01 16:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\kray_zee_kat
[2012-07-01 16:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2013
[2012-07-01 16:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012-07-01 16:40:31 | 000,072,704 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdvedisk.sys
[2012-07-01 16:40:29 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\capicom.dll
[2012-07-01 16:40:29 | 000,113,616 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2012-07-01 16:40:29 | 000,063,056 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys
[2012-07-01 16:40:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ui
[2012-07-01 16:40:15 | 000,611,520 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2012-07-01 16:40:15 | 000,447,208 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2012-07-01 16:40:15 | 000,240,184 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys
[2012-07-01 16:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Bitdefender
[2012-07-01 16:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2012-07-01 16:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2012-07-01 16:36:31 | 000,154,464 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys
[2012-07-01 16:36:28 | 000,340,624 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2012-07-01 16:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012-07-01 16:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012-06-12 20:01:38 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012-06-12 17:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012-06-12 17:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-06-12 17:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012-06-12 17:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2012-06-12 17:36:18 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012-06-12 17:36:18 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-06-12 17:36:06 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-06-12 17:36:05 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-07-12 08:36:01 | 005,242,934 | -H-- | M] () -- C:\WINDOWS\System32\toyhide.bmp
[2012-07-12 08:26:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1284227242-2147250837-500UA.job
[2012-07-12 08:21:05 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-07-12 08:13:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-12 08:12:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012-07-12 08:11:45 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\MGADiag.exe
[2012-07-12 08:05:27 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2012-07-12 08:04:54 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-07-12 08:03:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-07-08 19:38:15 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2012-07-08 19:38:15 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2012-07-08 19:38:15 | 000,000,402 | -H-- | M] () -- C:\bdr-cf01
[2012-07-08 18:27:42 | 000,000,983 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SafeBox Folder.lnk
[2012-07-08 10:37:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012-07-08 10:20:59 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012-07-07 21:26:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1284227242-2147250837-500Core.job
[2012-07-06 22:16:58 | 000,317,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lonestar order 120706.pdf
[2012-07-06 22:01:43 | 000,113,924 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\SOCCER.pdf
[2012-07-06 20:42:26 | 000,015,752 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\120706_Hitachi_DriveInfo
[2012-07-06 20:41:46 | 000,013,499 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\120706_WD_DriveInfo
[2012-07-06 01:30:50 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2012-07-06 01:26:53 | 000,118,067 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\How to Distinguish a Physical Disk Device from an Event Message.pdf
[2012-07-06 01:26:37 | 000,107,116 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Description of the Event ID 50 Error Message.pdf
[2012-07-02 20:28:50 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012-07-02 19:12:15 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job
[2012-07-01 17:02:04 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2012-07-01 16:59:47 | 000,599,250 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-07-01 16:59:47 | 000,127,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-07-01 16:44:07 | 000,459,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1341178555.bdinstall.bin
[2012-07-01 16:41:54 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TaxACT 2008.lnk
[2012-07-01 16:41:40 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Bitdefender Total Security 2013.lnk
[2012-07-01 16:41:37 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Bitdefender Safepay.lnk
[2012-07-01 16:41:31 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2012-07-01 16:40:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012-07-01 16:29:03 | 000,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-06-29 18:27:59 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-06-25 09:32:58 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-06-21 16:11:34 | 035,079,300 | -H-- | M] () -- C:\bdr-im01.gz
[2012-06-12 18:52:02 | 000,000,740 | ---- | M] () -- C:\WINDOWS\tasks\McAfee Cleanup.job
[2012-06-12 17:35:51 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-06-12 17:35:51 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012-06-12 17:01:12 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Administrator\untrusted certificate mcafee.p7b
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-07-08 19:38:15 | 000,000,402 | -H-- | C] () -- C:\bdr-cf01
[2012-07-08 19:38:15 | 000,000,223 | RHS- | C] () -- C:\boot.ini
[2012-07-06 22:16:57 | 000,317,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lonestar order 120706.pdf
[2012-07-06 22:01:43 | 000,113,924 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\SOCCER.pdf
[2012-07-06 20:42:26 | 000,015,752 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\120706_Hitachi_DriveInfo
[2012-07-06 20:41:46 | 000,013,499 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\120706_WD_DriveInfo
[2012-07-06 01:26:52 | 000,118,067 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\How to Distinguish a Physical Disk Device from an Event Message.pdf
[2012-07-06 01:26:37 | 000,107,116 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Description of the Event ID 50 Error Message.pdf
[2012-07-01 17:02:04 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2012-07-01 16:48:45 | 000,000,983 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SafeBox Folder.lnk
[2012-07-01 16:44:07 | 000,459,760 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341178555.bdinstall.bin
[2012-07-01 16:41:54 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TaxACT 2008.lnk
[2012-07-01 16:41:40 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Bitdefender Total Security 2013.lnk
[2012-07-01 16:41:37 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Bitdefender Safepay.lnk
[2012-07-01 16:41:31 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2012-07-01 16:40:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012-07-01 16:39:00 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01
[2012-07-01 16:39:00 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2012-07-01 16:38:56 | 035,079,300 | -H-- | C] () -- C:\bdr-im01.gz
[2012-07-01 16:38:56 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2012-07-01 16:29:03 | 000,278,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-06-12 18:45:59 | 000,000,740 | ---- | C] () -- C:\WINDOWS\tasks\McAfee Cleanup.job
[2012-06-12 17:01:01 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Administrator\untrusted certificate mcafee.p7b
[2012-02-14 23:37:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-06-18 22:49:29 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PELCPEXT.DLL
[2011-06-18 22:49:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2011-06-18 22:49:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2011-04-28 19:38:59 | 001,572,392 | ---- | C] () -- C:\Documents and Settings\Administrator\Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware.pdf
[2011-04-28 19:37:21 | 003,150,519 | ---- | C] () -- C:\Documents and Settings\Administrator\HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware.pdf
[2011-04-28 18:16:38 | 000,209,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Autoruns for Windows.pdf
[2011-04-28 18:11:22 | 000,020,829 | ---- | C] () -- C:\Documents and Settings\Administrator\Autoruns.pdf
[2011-04-15 03:07:03 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011-04-10 10:56:42 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8bSySY.dat
[2011-04-08 07:53:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-04-08 07:53:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-04-08 07:53:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-04-08 07:53:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-04-08 07:53:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-04-05 20:13:28 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Uzufitamew.dat
[2011-04-05 20:13:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qnomuc.bin
[2011-03-03 08:09:34 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010-12-25 16:21:40 | 000,060,504 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-09-02 21:45:14 | 000,134,138 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2010-07-31 15:58:15 | 000,049,152 | R--- | C] () -- C:\WINDOWS\amcap.exe
[2010-07-24 14:17:21 | 000,000,478 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2010-03-25 21:47:07 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pedal Hard
[2010-03-25 21:47:07 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Overdrive
[2010-03-25 21:47:07 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010-03-25 21:47:07 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pianos and Keyboards
[2010-03-25 21:45:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PPD Plugins
[2010-03-25 21:45:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Organic
[2010-03-25 21:45:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010-03-25 21:45:44 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Phaser
[2010-01-28 14:10:47 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009-10-18 10:12:03 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
MadatMalware
Regular Member
 
Posts: 16
Joined: April 7th, 2011, 3:02 pm

Re: Has Malware got me again?!

Unread postby MadatMalware » July 12th, 2012, 12:49 pm

OTL Extras logfile created on: 2012-07-12 08:23:53 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.75 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 69.95% Memory free
5.34 Gb Paging File | 4.55 Gb Available in Paging File | 85.10% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 204.55 Gb Free Space | 87.84% Space Free | Partition Type: NTFS
Drive E: | 19.24 Gb Total Space | 15.74 Gb Free Space | 81.82% Space Free | Partition Type: NTFS
Drive F: | 18.43 Gb Total Space | 1.26 Gb Free Space | 6.81% Space Free | Partition Type: NTFS
Drive G: | 18.43 Gb Total Space | 13.37 Gb Free Space | 72.52% Space Free | Partition Type: NTFS
Drive H: | 18.42 Gb Total Space | 17.61 Gb Free Space | 95.60% Space Free | Partition Type: NTFS

Computer Name: KRAZYKAT-3D4C51 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-725345543-1284227242-2147250837-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gigabyte\GBTUpd\RunUpd.exe" = C:\Program Files\Gigabyte\GBTUpd\RunUpd.exe:*:Enabled:RunUpd
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{00E15D21-B68B-D7C4-574B-636E2D1ECEBE}" = Catalyst Control Center HydraVision Full
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.1208.1
"{0746324A-74A1-DD6E-3DC7-89FF5432D29D}" = CCC Help Thai
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0DA693CA-9AE8-0780-E49C-3D49E099077B}" = Catalyst Control Center Localization All
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11548D18-0757-313C-B43D-DEADC41EA394}" = Catalyst Control Center Core Implementation
"{1170F665-2359-E439-5BC5-932B87423EF1}" = ccc-utility
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1A48AB8A-DA88-545F-9D3D-C481DC6C31A3}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4814EB-4453-B4ED-29C9-C7F1AE76152F}" = Catalyst Control Center Core Implementation
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24F40897-D71D-0B2B-76E4-1DBE66C1360D}" = CCC Help Chinese Traditional
"{257DEF70-A302-CF80-79FE-D8C72EB5E4D0}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2815F3CE-E77B-079F-77C3-3F2D455A877D}" = ccc-core-static
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2CF6349E-8A3F-B726-F59A-8703FC8885E8}" = Catalyst Control Center Graphics Light
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D322FB-0F56-79B5-13A5-B72C901AB4AB}" = Catalyst Control Center Graphics Light
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3748900D-099A-36AF-93B2-6F4E7764C858}" = Catalyst Control Center Graphics Light
"{39D74E81-5DED-C7EE-8807-91A8800212FA}" = ccc-core-preinstall
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F8EB641-6AD2-45DE-A8DD-91D7BDD39CDE}" = Microsoft USB Flash Drive Manager
"{41C01225-45FD-7BCE-1EDA-F7E50945ADD7}" = Catalyst Control Center Core Implementation
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1212.1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{46DCE6DC-6C9B-0E3F-F9F0-662B8BAFDCA5}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B15563C-9A4D-11A5-B3A2-80F325E023A1}" = CCC Help Thai
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{50EE4C77-15A1-11D6-8C3F-0050DA81FFD8}" = RSA SecurID Software Token
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{5B9EFDF8-AC4F-CA21-9A8C-7534D49E7EE9}" = Catalyst Control Center HydraVision Full
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62A7970B-2586-D420-AC6D-F8CA0E7B5B81}" = Catalyst Control Center Graphics Full Existing
"{63A47DBF-2C74-40E5-B250-99F7DDF94D0E}" = GhostBuster
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68D208D6-B070-C353-E8D6-C8872F35CB4C}" = CCC Help Japanese
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6C037D4D-0330-93DB-5E0B-62E42962078C}" = ccc-core-preinstall
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{706AE61D-40A4-4F50-8359-FE8F6F7FA461}" = Acronis Drive Monitor
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{75C659EA-EA00-AC02-9F97-5EFDC53AB699}" = ccc-utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7BECB8AC-C406-0434-509F-351A17000E8F}" = CCC Help Japanese
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EAF71B2-67A1-4F8E-5B23-50697107A71A}" = CCC Help Chinese Standard
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{855AA20A-CA81-7EF1-1936-AE4AA3DC4BEA}" = ccc-core-preinstall
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F0F2D9-57B8-FBF0-E01C-66BA9EC067D5}" = Catalyst Control Center Graphics Full Existing
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87B20692-9E9D-FAE0-76C7-E75E3CC7B0D1}" = Catalyst Control Center Graphics Full Existing
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A211E60-DD55-FF66-1C10-FFA05BB32CDA}" = CCC Help Chinese Traditional
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB86C70-E1EF-7457-46DC-0093B5269458}" = ATI Catalyst Install Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A1EA00D9-2284-C80E-30BC-0F1C25C5C73A}" = ccc-utility
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A57C8520-5970-3FE0-9BC2-520FB6D447D1}" = Catalyst Control Center HydraVision Full
"{A59118F6-FE3E-AFF5-1993-75668D5DD4C4}" = Catalyst Control Center HydraVision Full
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9867BC9-0EAD-BAC6-C320-4FBC2E127643}" = Catalyst Control Center Core Implementation
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.04
"{B59F8979-4525-673E-A4F5-4CE8725A2631}" = CCC Help English
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B6B00BFD-A00F-B499-4A9B-80A4809ACD85}" = Catalyst Control Center Graphics Previews Common
"{B6E14B01-0C5F-6509-0F27-C92F44DBF34C}" = CCC Help Chinese Standard
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C07B4B1F-0BD1-7C1A-5765-FAC354EB9AD7}" = CCC Help Korean
"{C09186B7-9CC1-34A2-E7E5-F8520DF76A61}" = CCC Help Korean
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C29769BE-BEDF-DC9E-67A9-5E7AEFF039CF}" = CCC Help English
"{C6F34AE0-0576-11d4-82FE-4491FCC00000}" = IconViewer
"{C740289B-FC90-D938-8317-1FFEBF7C04DB}" = Catalyst Control Center Graphics Previews Common
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C96AA90C-9DE0-4C37-92F2-49CC3FE8C330}" = Nokia Software Updater
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{D0E6B5D9-6737-AF3E-7BE5-7327DD6B6002}" = Catalyst Control Center Graphics Previews Common
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D8318C33-701B-2E7B-AAE7-9DB37D367D65}" = ccc-core-preinstall
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E01E23BE-E993-03C8-E87A-93C0301E5498}" = Catalyst Control Center Localization All
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4C82E4B-CD9E-27ED-BC6A-E099DE3EC3ED}" = CCC Help English
"{E7231089-60AD-CD67-8CC0-B0F415E2A32A}" = Catalyst Control Center Graphics Full New
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B08.0908.01
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA7CFDF5-3C98-7906-E7F6-9758C1415622}" = Catalyst Control Center Graphics Previews Common
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{ED948F2C-1D41-41C1-A33F-0EF7D1EA2FCF}" = Lorex mCam
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F30A8BF7-288C-57C0-357E-6D67BB694682}" = Catalyst Control Center Graphics Full New
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F54543CF-EC73-D847-1780-84A6420EA229}" = Catalyst Control Center Graphics Light
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F66BA2F2-5FD8-EA3C-0C13-753A5958A375}" = Catalyst Control Center Graphics Full New
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCD92A32-25B2-D2C1-7B7B-DFA2E78AD3AC}" = Catalyst Control Center Graphics Full New
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Backup Magic" = Backup Magic
"Bitdefender" = Bitdefender Total Security 2013
"Canon CanoScan LiDE 200 User Registration" = Canon CanoScan LiDE 200 User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Colasoft Capsa 7 Free_is1" = Colasoft Capsa 7 Free
"ColorPic" = ColorPic
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"Disk Space Fan_is1" = Disk Space Fan 1.4.2.796
"DiskCheckup_is1" = DiskCheckup V2.1
"doPDF 6 printer_is1" = doPDF 6.3 printer
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Extra Photo SlideShow Free_is1" = Extra Photo SlideShow Free 7.07
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"Firefox Preloader_is1" = Firefox Preloader
"foobar2000" = foobar2000 v1.0.3
"Free Nokia Ringtone Converter_is1" = Free Nokia Ringtone Converter 1.1
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1212.1
"InstallShield_{50EE4C77-15A1-11D6-8C3F-0050DA81FFD8}" = RSA SecurID Software Token
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MiniLyrics" = Minilyrics(remove only)
"MouseSuite98" = Kensington SlimBlade Driver
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"PC Wizard 2009_is1" = PC Wizard 2009.1.90
"PC Wizard 2010_is1" = PC Wizard 2010.1.93
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.6
"TaxACT 2008" = TaxACT 2008
"ThreatExpert Memory Scanner_is1" = ThreatExpert Memory Scanner 1.0
"Tweak UI 2.10" = Tweak UI
"UnityWebPlayer" = Unity Web Player (All users)
"Unknown Device Identifier_is1" = Unknown Device Identifier 6.01
"VLC media player" = VLC media player 2.0.1
"WallpaperToy" = Wallpaper Changer for Windows XP
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Essentials Pack" = Winamp Essentials Pack
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-725345543-1284227242-2147250837-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CursorFX" = CursorFX
"Google Chrome" = Google Chrome
"ImTOO DVD Ripper Platinum 6" = ImTOO DVD Ripper Platinum 6
"New LEGO Digital Designer" = LEGO Digital Designer
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012-02-15 01:05:43 | Computer Name = KRAZYKAT-3D4C51 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 2012-02-15 01:05:43 | Computer Name = KRAZYKAT-3D4C51 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service SMSvcHost 4.0.0.0
(SMSvcHost 4.0.0.0) failed. The Error code is the first DWORD in Data section.

Error - 2012-02-15 01:05:43 | Computer Name = KRAZYKAT-3D4C51 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 2012-02-15 01:05:43 | Computer Name = KRAZYKAT-3D4C51 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service MSDTC Bridge
4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The Error code is the first DWORD in Data
section.

Error - 2012-02-15 01:09:01 | Computer Name = KRAZYKAT-3D4C51 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 2012-02-15 01:09:01 | Computer Name = KRAZYKAT-3D4C51 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service Windows Workflow
Foundation 4.0.0.0 (Windows Workflow Foundation 4.0.0.0) failed. The Error code
is the first DWORD in Data section.

Error - 2012-02-15 01:09:37 | Computer Name = KRAZYKAT-3D4C51 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 2012-02-15 01:09:37 | Computer Name = KRAZYKAT-3D4C51 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 2012-02-15 01:09:37 | Computer Name = KRAZYKAT-3D4C51 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 2012-02-15 01:09:37 | Computer Name = KRAZYKAT-3D4C51 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.

[ OSession Events ]
Error - 2010-11-10 05:21:09 | Computer Name = KRAZYKAT-3D4C51 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 118084
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 2011-11-10 00:09:23 | Computer Name = KRAZYKAT-3D4C51 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1318
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2012-07-03 12:10:03 | Computer Name = KRAZYKAT-3D4C51 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\D.

Error - 2012-07-03 12:12:03 | Computer Name = KRAZYKAT-3D4C51 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\D.

Error - 2012-07-03 12:14:05 | Computer Name = KRAZYKAT-3D4C51 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\D.

Error - 2012-07-03 12:16:03 | Computer Name = KRAZYKAT-3D4C51 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\D.

Error - 2012-07-03 12:18:02 | Computer Name = KRAZYKAT-3D4C51 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\D.

Error - 2012-07-03 12:20:05 | Computer Name = KRAZYKAT-3D4C51 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\D.

Error - 2012-07-03 12:22:03 | Computer Name = KRAZYKAT-3D4C51 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\D.

Error - 2012-07-03 12:24:03 | Computer Name = KRAZYKAT-3D4C51 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\D.

Error - 2012-07-03 12:26:04 | Computer Name = KRAZYKAT-3D4C51 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\D.

Error - 2012-07-06 03:24:51 | Computer Name = KRAZYKAT-3D4C51 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


< End of report >
MadatMalware
Regular Member
 
Posts: 16
Joined: April 7th, 2011, 3:02 pm

Re: Has Malware got me again?!

Unread postby MadatMalware » July 12th, 2012, 12:51 pm

I notice that you have Microsoft Office Enterprise 2007 installed. Could you tell me how this came to be on your machine ?

I honestly cannot recall how this got on my machine. I will look through my software discs to see if i actually have the disc. I save all my discs and this would be the only way i would have installed it. I will look and let you know for sure.

Only problem so far was after running the OTL program, when i came back my system had rebooted itself, but the two files were saved on my desktop after i logged back in (otl, extras).

Thank You
MadatMalware
Regular Member
 
Posts: 16
Joined: April 7th, 2011, 3:02 pm

Re: Has Malware got me again?!

Unread postby maxi » July 13th, 2012, 12:53 pm

Hi MadatMalware :)

Microsoft Office Enterprise 2007 is not usually available for home use. If you wish to continue then please uninstall the program and post a fresh DDS log.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Has Malware got me again?!

Unread postby MadatMalware » July 15th, 2012, 11:04 am

You say not usually available, how would I have come across this software then? I am perplexed. I am just an average Joe so you now have me really concerned about this. If you cannot help is it because this software is illegal? Is this part of my problem you think?
MadatMalware
Regular Member
 
Posts: 16
Joined: April 7th, 2011, 3:02 pm

Re: Has Malware got me again?!

Unread postby maxi » July 16th, 2012, 7:32 am

Hi MadatMalware :)

There is no reason to be concerned, Its just that a home user in normal circumstances would not have this on there machine. It would only be on company computers and we only help with home computers. There are a few ways this could have come to be on your computer, A friend could have installed it, A computer repair man might have installed it.

Regardless of how it came to be on your machine, if you dont have a legitimate reason for having it installed you must uninstall it to receive any further help.

Regards maxi
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Has Malware got me again?!

Unread postby maxi » July 18th, 2012, 12:14 pm

Are you still with us ?
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Has Malware got me again?!

Unread postby deltalima » July 19th, 2012, 4:45 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware