Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: I can't remove Win.AutoRun.tmp; Freezing Up Taskbar and Not Opening Startup Programs

  1. #1
    Junior Member
    Join Date
    Jan 2011
    Posts
    12

    Default I can't remove Win.AutoRun.tmp; Freezing Up Taskbar and Not Opening Startup Programs

    Hi, I've been having problems with Win.AutoRun.tmp. Spybot recognizes it, and deletes it, but it keeps popping up. I also strongly believe that this virus is also causing my computer to not load all my startup programs when I turn on my computer and it freezes my taskbar pretty much the moment I click something on my taskbar (I'm running Windows 7), which forces me to use Safe Mode. I've system restored my computer many times in order for my computer to function normally, but after 2 startups, it reverts back its original glitchy self which forces me to use Safe Mode until I need some function not available there in which I use System Restore again. This has been happening for approximately a week. Anyways, here's the DDS file:

    ---------

    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Owner at 17:06:12.27 on Thu 01/13/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1207 [GMT -8:00]

    AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Soluto\soluto.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Windows\SysWOW64\srvany.exe
    C:\Windows\KMService.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Soluto\SolutoService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Owner\Documents\Programs\bLend.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\VistaSwitcher\vswitch64.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Users\Owner\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
    C:\Program Files (x86)\Axonic\GumNotes\GumNotes.exe
    C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe
    C:\Program Files (x86)\VirtuaWin\modules\WinList.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Owner\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [$Volumouse$] "C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe" /nodlg
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [bLend] C:\Users\Owner\DOCUME~1\Programs\bLend.exe /b
    uRun: [VistaSwitcher] "C:\Program Files\VistaSwitcher\vswitch64.exe" /startup
    uRun: [WizMouse] "C:\Program Files (x86)\WizMouse\WizMouse.exe"
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    uRun: [AdobeBridge]
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [fsm]
    uRun: [F.lux] "C:\Users\Owner\Local Settings\Apps\F.lux\flux.exe" /noshow
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [<NO NAME>]
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AC'TIV~1.LNK - C:\Program Files (x86)\ac'tivAid\ac'tivAid.ahk
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GumNotes.lnk - C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{6C14E249-9989-44F7-8E14-3E7EB9553465}\_0A1130948F6803DA29D04C.exe
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VIRTUA~1.LNK - C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download with mediAvatar YouTube to MP3 Converter - C:\Program Files (x86)\mediAvatar\YouTube to MP3 Converter\upod_link.HTM
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
    BHO-X64: link filter bho - No File
    TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06r9e6dp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.sphstigers.org
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc - BRI/1

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-1 121936]
    R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/09/04 13:53:18];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-9-1 146928]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-1 20048]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-1 61008]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-7-1 352976]
    R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
    R2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-5 1153368]
    R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2010-9-22 330784]
    R3 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-9-3 90112]
    R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2009-2-13 411136]
    R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-7-14 1708800]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
    R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2009-5-20 716288]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S0 PCGenFAM;PCGenFAM;C:\Windows\System32\drivers\PCGenFAM.sys [2010-9-14 199112]
    S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-1 40384]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-1 40384]
    S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-1 40384]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-9-3 86120]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-3 1255736]

    =============== Created Last 30 ================

    2011-01-13 23:57:39 7752528 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{34E5D9AD-253E-4B4D-A978-88969E186F66}\mpengine.dll
    2011-01-10 02:29:13 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
    2011-01-10 02:07:59 -------- d-----w- C:\Program Files (x86)\Audacity
    2011-01-06 09:34:50 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
    2011-01-06 09:34:44 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-01-06 09:34:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-01-05 13:14:25 -------- d-----w- C:\PROGRA~3\p2vcopy
    2011-01-05 13:13:53 -------- d-----w- C:\PROGRA~3\explauncher
    2011-01-05 13:13:49 -------- d-----w- C:\PROGRA~3\launcher
    2011-01-05 12:06:16 -------- d-----w- C:\Program Files (x86)\Paragon Software
    2011-01-03 23:38:00 -------- d-----w- C:\Users\Owner\Zero G Registry
    2011-01-02 22:35:07 -------- d-----w- C:\Program Files (x86)\Power Tab Software
    2011-01-02 20:08:01 -------- d-----w- C:\Program Files (x86)\Write Brothers, Inc
    2011-01-02 05:15:03 -------- d-----w- C:\Users\Owner\AppData\Roaming\Newnovelist 2
    2011-01-02 00:25:59 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-01-02 00:25:31 38848 ----a-w- C:\Windows\avastSS.scr
    2011-01-02 00:16:56 -------- d-----w- C:\Program Files\QuickPlot
    2011-01-01 23:50:04 -------- d-----w- C:\Program Files\Character Pro 5
    2011-01-01 05:51:24 -------- d-----w- C:\Program Files (x86)\Creativity Software
    2011-01-01 05:51:16 304128 ----a-w- C:\Windows\IsUninst.exe
    2011-01-01 05:50:06 -------- d-----w- C:\Program Files (x86)\WriteItNow3
    2011-01-01 05:45:45 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
    2010-12-15 12:40:38 -------- d-----w- C:\Users\Owner\AppData\Roaming\mediAvatar
    2010-12-15 12:40:38 -------- d-----w- C:\Program Files (x86)\mediAvatar
    2010-12-15 12:38:20 -------- d-----w- C:\Users\Owner\AppData\Roaming\Software Informer

    ==================== Find3M ====================

    2010-12-13 19:13:26 73728 ----a-w- C:\Windows\SysWow64\TOverlay.ax
    2010-11-12 18:46:58 4280320 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2010-10-18 21:01:06 230352 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
    2003-10-22 02:54:10 336528 ----a-w- C:\Program Files (x86)\SWwin.exe
    2003-10-10 18:36:58 45056 ----a-w- C:\Program Files (x86)\SWlicense.exe
    2002-01-04 08:11:10 104801 ----a-w- C:\Program Files (x86)\CRP9516e.dll
    2001-10-10 04:57:04 221696 ----a-w- C:\Program Files (x86)\CKI32h.DLL
    2001-09-28 07:43:56 53770 ----a-w- C:\Program Files (x86)\CRYP95e.dll
    2001-08-21 20:28:02 266240 ----a-w- C:\Program Files (x86)\CKI16H.DLL
    2001-06-28 02:24:54 159744 ----a-w- C:\Program Files (x86)\SETUPEX.EXE
    2001-03-29 05:54:20 27 ----a-w- C:\Program Files (x86)\SWhlp32.bat
    2000-07-12 01:18:46 234138 ----a-w- C:\Program Files (x86)\CKS.EXE

    ============= FINISH: 17:07:28.23 ===============

    These are the Spybot Results:


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2010-12-05 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2010-06-29 Includes\Adware.sbi (*)
    2010-11-30 Includes\AdwareC.sbi (*)
    2010-08-12 Includes\Cookies.sbi (*)
    2010-09-22 Includes\Dialer.sbi (*)
    2010-11-30 Includes\DialerC.sbi (*)
    2010-01-25 Includes\HeavyDuty.sbi (*)
    2010-11-30 Includes\Hijackers.sbi (*)
    2010-11-30 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-08-02 Includes\Keyloggers.sbi (*)
    2010-11-30 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2010-09-13 Includes\Malware.sbi (*)
    2010-12-01 Includes\MalwareC.sbi (*)
    2010-05-18 Includes\PUPS.sbi (*)
    2010-10-12 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2010-11-30 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2010-06-29 Includes\Spyware.sbi (*)
    2010-11-30 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2010-11-01 Includes\Trojans.sbi (*)
    2010-11-30 Includes\TrojansC-02.sbi (*)
    2010-11-30 Includes\TrojansC-03.sbi (*)
    2010-11-30 Includes\TrojansC-04.sbi (*)
    2010-11-30 Includes\TrojansC-05.sbi (*)
    2010-11-30 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    ---

    That's weird, Spybot didn't show the virus this time. It could be because I've just System Restore. I'll scan again later to see if it still pops up.

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


    Please download ATF Cleaner by Atribune to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
    Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please






    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Jan 2011
    Posts
    12

    Default

    Hi,

    It's been a few days and the win.autorun.tmp is not showing up, so I"m assuming that's probably not the reason for my computer freezing every time I start it up. However, it is still freezing up. The Malwarebytes scan did unfreeze my computer for a while, although it was still being glitchy so it's back to Safe Mode for me.


    ---------

    Here's the Log for Malwarebytes (I 'Removed Selected' after saving the log):

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5550

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    1/18/2011 4:22:51 PM
    mbam-log-2011-01-18 (16-22-44).txt

    Scan type: Quick scan
    Objects scanned: 160668
    Time elapsed: 2 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> No action taken.
    c:\program files (x86)\CRP9516e.dll (Spyware.OnlineGames) -> No action taken.
    c:\Windows\System32\explorer.exe.bkpcpt (Heuristics.Reserved.Word.Exploit) -> No action taken.
    c:\Windows\SysWOW64\explorer.exe.bkpcpt (Heuristics.Reserved.Word.Exploit) -> No action taken.

    --------

    Here's the OTL Log:

    OTL logfile created on: 1/19/2011 3:07:53 AM - Run 1
    OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Owner\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 277.99 Gb Total Space | 136.13 Gb Free Space | 48.97% Space Free | Partition Type: NTFS
    Drive D: | 298.09 Gb Total Space | 37.09 Gb Free Space | 12.44% Space Free | Partition Type: NTFS
    Drive E: | 52.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive H: | 7.46 Gb Total Space | 4.37 Gb Free Space | 58.59% Space Free | Partition Type: FAT32

    Computer Name: HP_M9040N | User Name: Owner | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Owner\Downloads\OTL (1).exe (OldTimer Tools)
    PRC - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Owner\Downloads\OTL (1).exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
    SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
    SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
    SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (Crypkey License) -- C:\Windows\SysWow64\Crypserv.exe (Kenonic Controls Ltd.)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (PCGenFAM) -- C:\Windows\SysNative\drivers\PCGenFAM.sys (Soluto LTD.)
    DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
    DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
    DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
    DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
    DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
    DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
    DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
    DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
    DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
    DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV:64bit: - (VST64_DPV) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (VST64HWBS2) -- C:\Windows\SysNative\drivers\VSTBS26.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\drivers\e1e6232e.sys (Intel Corporation)
    DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
    DRV:64bit: - (CAXHWBS2) -- C:\Windows\SysNative\drivers\CAXHWBS2.sys (Conexant Systems, Inc.)
    DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
    DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\drivers\CAX_DP.sys (Conexant Systems, Inc.)
    DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
    DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
    DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 86 CF 42 70 4C CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.sphstigers.org"


    FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010/11/20 19:44:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\Firefox [2011/01/18 06:46:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/18 06:46:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/18 06:46:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\components [2010/11/10 22:36:53 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins [2010/11/20 19:47:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/10/02 20:32:06 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/09/11 18:30:40 | 000,000,000 | ---D | M]

    [2010/12/14 01:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
    [2010/10/02 20:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/12/31 12:43:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\06r9e6dp.default\extensions
    [2010/10/10 17:06:10 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\06r9e6dp.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
    [2010/09/11 21:52:10 | 000,000,000 | ---D | M] (Decreased Productivity) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\06r9e6dp.default\extensions\{6168C128-1C7B-468D-8DE1-5FF26CB13228}
    [2010/12/19 17:42:16 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\06r9e6dp.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
    [2010/10/08 03:31:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\06r9e6dp.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2011/01/13 02:47:36 | 000,000,000 | ---D | M] ("VWC Cocoon") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\06r9e6dp.default\extensions\firefox-support@vworldc.com
    [2010/10/28 03:07:10 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\06r9e6dp.default\extensions\foxmarks@kei.com
    [2010/09/18 08:27:33 | 000,000,000 | ---D | M] (Omnibar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\06r9e6dp.default\extensions\omnibar@ajitk.com
    [2011/01/13 03:49:07 | 000,000,384 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06r9e6dp.default\searchplugins\cocoon-search.xml
    File not found (No name found) --
    [2010/11/20 19:44:44 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
    [2010/09/11 15:00:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 5\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/20 05:02:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 5\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/09/25 07:33:57 | 000,000,000 | ---D | M] (Feedback) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 5\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06R9E6DP.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06R9E6DP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06R9E6DP.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06R9E6DP.DEFAULT\EXTENSIONS\{FC2B8F80-D9A5-4F51-8076-7C7CE3C67EE3}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06R9E6DP.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI

    O1 HOSTS File: ([2010/09/11 17:33:26 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
    O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
    O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKCU..\Run: [$Volumouse$] C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe (NirSoft)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [bLend] File not found
    O4 - HKCU..\Run: [F.lux] C:\Users\Owner\Local Settings\Apps\F.lux\flux.exe ()
    O4 - HKCU..\Run: [fsm] File not found
    O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [VistaSwitcher] C:\Program Files\VistaSwitcher\vswitch64.exe (NTWind Software)
    O4 - HKCU..\Run: [WizMouse] C:\Program Files (x86)\WizMouse\WizMouse.exe (Antibody Software)
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac'tivAid.lnk = C:\Program Files (x86)\ac'tivAid\ac'tivAid.ahk ()
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GumNotes.lnk = C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{6C14E249-9989-44F7-8E14-3E7EB9553465}\_0A1130948F6803DA29D04C.exe ()
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk = C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe (VirtuaWin)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
    O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{73ec1205-b791-11df-8f39-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{73ec1205-b791-11df-8f39-806e6f6e6963}\Shell\AutoRun\command - "" = D:\CheckID.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/19 02:34:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
    [2011/01/18 15:59:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/01/18 15:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/01/18 15:58:58 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/01/18 14:55:54 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/01/13 16:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/01/13 16:29:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2011/01/09 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
    [2011/01/09 18:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
    [2011/01/06 01:34:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2011/01/06 01:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/01/06 01:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/01/05 05:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\p2vcopy
    [2011/01/05 05:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
    [2011/01/05 05:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
    [2011/01/05 04:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software
    [2011/01/03 15:38:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Zero G Registry
    [2011/01/02 14:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Power Tab Software
    [2011/01/02 14:35:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software
    [2011/01/02 12:08:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Structure Templates
    [2011/01/02 12:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Write Brothers, Inc
    [2011/01/01 21:15:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Newnovelist 2
    [2011/01/01 16:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/01/01 16:26:10 | 000,273,488 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2011/01/01 16:26:10 | 000,020,560 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2011/01/01 16:26:07 | 000,029,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2011/01/01 16:26:05 | 000,051,792 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2011/01/01 16:25:59 | 000,062,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2011/01/01 16:25:31 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2011/01/01 16:25:31 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/01/01 16:17:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPlot
    [2011/01/01 16:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPlot
    [2011/01/01 16:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickPlot
    [2011/01/01 15:50:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Character Pro 5
    [2011/01/01 15:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Character Pro 5
    [2011/01/01 15:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Character Pro 5
    [2011/01/01 15:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StyleWriter
    [2011/01/01 15:11:44 | 000,052,224 | ---- | C] (Kenonic Controls Ltd.) -- C:\Windows\SysWow64\Crypserv.exe
    [2011/01/01 15:11:43 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe
    [2011/01/01 15:11:39 | 000,159,744 | ---- | C] (CrypKey) -- C:\Program Files (x86)\SETUPEX.EXE
    [2011/01/01 15:11:39 | 000,053,770 | ---- | C] (Kenonic Controls Ltd.) -- C:\Program Files (x86)\CRYP95e.dll
    [2010/12/31 21:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\newnovelist
    [2010/12/31 21:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creativity Software
    [2010/12/31 21:51:16 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
    [2010/12/31 21:50:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WriteItNow3
    [2010/12/31 21:45:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
    [2010/12/31 20:41:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\yWriter Projects
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/01/19 03:05:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/19 02:40:00 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/19 02:40:00 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/19 02:38:33 | 000,782,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/01/19 02:38:33 | 000,662,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/01/19 02:38:33 | 000,121,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/01/18 15:59:02 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/18 15:12:06 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2920555825-720420373-4135315581-1000UA.job
    [2011/01/18 14:56:01 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/01/18 14:55:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/01/18 14:51:33 | 000,002,366 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
    [2011/01/13 00:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/01/13 00:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2011/01/13 00:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/01/13 00:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2011/01/13 00:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2011/01/13 00:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2011/01/13 00:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2011/01/13 00:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2011/01/09 15:37:30 | 000,000,132 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/01/03 15:38:00 | 000,000,016 | ---- | M] () -- C:\Users\Owner\persistent_state
    [2011/01/01 16:17:04 | 000,001,647 | ---- | M] () -- C:\Users\Owner\Desktop\QuickPlot 1.1.lnk
    [2011/01/01 15:50:17 | 000,001,682 | ---- | M] () -- C:\Users\Owner\Desktop\Character Pro 5.lnk
    [2011/01/01 15:11:59 | 000,006,541 | ---- | M] () -- C:\Program Files (x86)\Uninst.isu
    [2011/01/01 15:11:49 | 000,000,028 | ---- | M] () -- C:\Windows\Crypkey.ini
    [2011/01/01 15:11:49 | 000,000,001 | ---- | M] () -- C:\Program Files (x86)\setupex.xco
    [2011/01/01 15:11:40 | 000,001,056 | ---- | M] () -- C:\Program Files (x86)\SWwin.ini
    [2011/01/01 13:34:33 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\newnovelist.lnk
    [2010/12/30 23:34:12 | 000,018,451 | ---- | M] () -- C:\Users\Owner\Documents\New Years Resolutions 2011.docx
    [2010/12/22 12:26:40 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
    [2010/12/22 11:22:59 | 005,268,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/01/18 15:59:02 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/03 15:38:00 | 000,000,016 | ---- | C] () -- C:\Users\Owner\persistent_state
    [2011/01/01 16:26:12 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/01/01 16:17:04 | 000,001,647 | ---- | C] () -- C:\Users\Owner\Desktop\QuickPlot 1.1.lnk
    [2011/01/01 15:50:17 | 000,001,682 | ---- | C] () -- C:\Users\Owner\Desktop\Character Pro 5.lnk
    [2011/01/01 15:11:49 | 000,000,028 | ---- | C] () -- C:\Windows\Crypkey.ini
    [2011/01/01 15:11:49 | 000,000,001 | ---- | C] () -- C:\Program Files (x86)\setupex.xco
    [2011/01/01 15:11:44 | 000,024,608 | ---- | C] () -- C:\Windows\SysWow64\Ckldrv.sys
    [2011/01/01 15:11:43 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
    [2011/01/01 15:11:43 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
    [2011/01/01 15:11:43 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
    [2011/01/01 15:11:39 | 000,336,528 | ---- | C] () -- C:\Program Files (x86)\SWwin.exe
    [2011/01/01 15:11:39 | 000,266,240 | ---- | C] () -- C:\Program Files (x86)\CKI16H.DLL
    [2011/01/01 15:11:39 | 000,234,138 | ---- | C] () -- C:\Program Files (x86)\CKS.EXE
    [2011/01/01 15:11:39 | 000,221,696 | ---- | C] () -- C:\Program Files (x86)\CKI32h.DLL
    [2011/01/01 15:11:39 | 000,045,056 | ---- | C] () -- C:\Program Files (x86)\SWlicense.exe
    [2011/01/01 15:11:39 | 000,001,056 | ---- | C] () -- C:\Program Files (x86)\SWwin.ini
    [2011/01/01 15:11:39 | 000,000,027 | ---- | C] () -- C:\Program Files (x86)\SWhlp32.bat
    [2011/01/01 15:11:31 | 000,006,541 | ---- | C] () -- C:\Program Files (x86)\Uninst.isu
    [2010/12/31 21:51:25 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\newnovelist.lnk
    [2010/12/30 23:34:00 | 000,018,451 | ---- | C] () -- C:\Users\Owner\Documents\New Years Resolutions 2011.docx
    [2010/11/17 16:31:40 | 000,776,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/11/04 21:17:35 | 000,001,595 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\SAS7_000.DAT
    [2010/10/18 17:01:07 | 000,000,086 | ---- | C] () -- C:\Windows\SSB2.ini
    [2010/10/16 13:11:27 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2010/09/14 02:59:57 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    [2010/09/03 11:37:13 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2010/09/03 11:37:13 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2010/09/03 11:35:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/09/03 11:35:28 | 000,024,193 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/04/02 04:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

    ========== LOP Check ==========

    [2010/11/20 14:18:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.anki
    [2011/01/19 03:09:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.purple
    [2010/11/07 10:51:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ac'tivAid
    [2010/10/19 05:19:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
    [2010/12/03 04:00:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\calibre
    [2010/12/06 05:00:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\cryptlib
    [2011/01/19 02:34:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
    [2010/09/12 13:55:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Elluminate
    [2010/10/02 11:18:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GottCode
    [2011/01/12 07:13:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GumNotes
    [2010/09/30 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
    [2011/01/18 06:46:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mediAvatar
    [2011/01/02 16:52:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Newnovelist 2
    [2010/12/06 05:20:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NexusFont
    [2010/11/03 01:47:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nuance
    [2010/09/12 11:09:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PMW
    [2010/11/11 20:28:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Red Kawa
    [2010/12/06 04:46:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SGPPLog
    [2010/12/17 00:53:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Software Informer
    [2010/09/14 03:18:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Soluto
    [2010/10/31 14:06:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spacejock Software
    [2010/10/02 20:32:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
    [2010/11/15 07:07:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Titanium
    [2011/01/18 06:46:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
    [2010/09/12 11:36:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VirtuaWin
    [2010/11/03 00:05:40 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:EEDA5B17
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8

    < End of report >

  4. #4
    Junior Member
    Join Date
    Jan 2011
    Posts
    12

    Default

    Here's the Extras Report:


    OTL Extras logfile created on: 1/19/2011 3:07:53 AM - Run 1
    OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Owner\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 277.99 Gb Total Space | 136.13 Gb Free Space | 48.97% Space Free | Partition Type: NTFS
    Drive D: | 298.09 Gb Total Space | 37.09 Gb Free Space | 12.44% Space Free | Partition Type: NTFS
    Drive E: | 52.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive H: | 7.46 Gb Total Space | 4.37 Gb Free Space | 58.59% Space Free | Partition Type: FAT32

    Computer Name: HP_M9040N | User Name: Owner | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{47381488-49C5-414A-B49F-FBCC633AF8E3}" = Soluto
    "{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
    "{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
    "{62F63009-A408-4E0A-BB7F-EFB6F82ED26B}" = Topaz DeNoise 4 (64-bit)
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8D93BD99-EECF-4812-B3BA-B8A2E7FEEA11}" = Topaz Simplify 3 (64-bit)
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A981E64B-0F10-45D9-BD5C-A4DF7B87E218}" = Topaz Detail 2 (64-bit)
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{D9EA591C-2ED0-4E91-BF5F-A6B4B1CCEFC7}" = Topaz ReMask 2 (64-bit)
    "{DC8F0C18-E6B0-4722-A4AB-D134473091C2}" = Topaz DeJpeg 4 (64-bit)
    "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA85C599-2569-4C48-9AA6-2B8D8F029FA7}" = Topaz Clean 3 (64-bit)
    "{FB237A35-F491-4AC1-95E0-85118D6751D9}" = Topaz Adjust 4 (64-bit)
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
    "CustoPackTools" = CustoPackTools
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0A6C24B8-F519-4A1B-B3A1-0D4FA1078824}" = Topaz DeNoise 4
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
    "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
    "{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
    "{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6C14E249-9989-44F7-8E14-3E7EB9553465}" = GumNotes
    "{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}" = Topaz Simplify 3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8EB278E8-7FDA-4ED9-A429-C87A76F95087}_is1" = 1AVCapture version 1.8.7.21
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9E146BA1-26DD-4C3B-9F0F-90F2E3CEC9D2}" = Topaz DeJpeg 4
    "{9FDC7042-CB9F-4336-A14C-DF10F53762E2}" = Topaz Adjust 4
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
    "{B1CAA6B0-9652-4D91-9C44-D542CB9078A1}" = SmartScore X Professional Edition
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BCFFAF65-50B7-4419-AFCA-A7BA797E2C3D}" = Topaz ReMask 2
    "{C0EC185F-33F7-4858-B947-672A5FCD7DBD}" = calibre
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}" = Topaz Detail 2
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{EEA080A7-4331-4593-A071-D0862A8178B9}" = ASUS nVidia Driver
    "{EFEDD205-43FE-4208-B682-0937E803E19E}_is1" = NexusFont 2.5 (ver 2.5.5.1420)
    "{EFF61AE0-E6A4-4374-B82B-ADA43A794761}" = wunderlist
    "{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "ac'tivAid" = ac'tivAid v1.3.1
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
    "Anki" = Anki
    "AutoHotkey" = AutoHotkey 1.0.47.06
    "avast5" = avast! Free Antivirus
    "AviSynth" = AviSynth 2.5
    "Character Pro 5" = Character Pro 5
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Digital Editions" = Adobe Digital Editions
    "Everything" = Everything 1.2.1.371
    "ImgBurn" = ImgBurn
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MapleStory" = MapleStory
    "Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US)
    "Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
    "newnovelist" = newnovelist
    "Picasa 3" = Picasa 3
    "Pidgin" = Pidgin
    "PMW" = PMW
    "PopTag" = PopTag!
    "QuickPlot" = QuickPlot
    "Revo Uninstaller" = Revo Uninstaller 1.89
    "RocketDock_is1" = RocketDock 1.3.5
    "Scrivener for Windows Beta 1" = Scrivener for Windows Beta
    "Software Informer_is1" = Software Informer 1.0 BETA
    "Sogou Input" = 搜狗拼音输入法 5.1正式版
    "StyleWriter" = StyleWriter
    "USB Lost and Found_is1" = USB Lost and Found Version 1.9
    "uTorrent" = µTorrent
    "Veoh Web Player Beta" = Veoh Web Player
    "Videora iPod touch Converter" = Videora iPod touch Converter 6
    "VirtuaWin_is1" = VirtuaWin v4.3
    "VistaSwitcher" = VistaSwitcher
    "VLC media player" = VLC media player 1.1.4
    "Volumouse" = NirSoft Volumouse
    "WizMouse_is1" = WizMouse v1.0.0.7
    "WriteItNow3" = WriteItNow3
    "yWriter5_is1" = yWriter5

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Flux" = F.lux
    "Google Chrome" = Google Chrome
    "mediAvatar YouTube to MP3 Converter" = mediAvatar YouTube to MP3 Converter

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >

  5. #5
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    When you ran Malwarebytes you had it set to TAKE NO ACTION, you need to run it again and select FIX CHECKED

    You need to enable windows to show all files and folders, instructions Here

    Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again


    C:\Users\Owner\Local Settings\Apps\F.lux\flux.exe <--This file


    If the site is busy you can try this one
    http://virusscan.jotti.org/en
    Last edited by ken545; 2011-01-19 at 14:20.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #6
    Junior Member
    Join Date
    Jan 2011
    Posts
    12

    Default

    When I try to access the folder, it says 'Access Denied'. It might be because I'm in Safe Mode though. I'll try to get on to the normal computer later on, but I do know what the program is (It dims my computer into a yellowish tint (http://lifehacker.com/5158832/flux-c...by-time-of-day)), and I've used it for a while, so it should be okay.

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    ok, but if you can upload that file it would be great.

    Don't forget to rerun Malwarebytes

    Please run this free online virus scanner from ESET
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Junior Member
    Join Date
    Jan 2011
    Posts
    12

    Default

    File name: flux.exe
    Submission date: 2011-01-19 15:21:07 (UTC)
    Current status: finished
    Result: 0/ 43 (0.0%)


    Antivirus Version Last Update Result
    AhnLab-V3 2011.01.18.00 2011.01.17 -
    AntiVir 7.11.1.179 2011.01.19 -
    Antiy-AVL 2.0.3.7 2011.01.18 -
    Avast 4.8.1351.0 2011.01.19 -
    Avast5 5.0.677.0 2011.01.19 -
    AVG 10.0.0.1190 2011.01.19 -
    BitDefender 7.2 2011.01.19 -
    CAT-QuickHeal 11.00 2011.01.19 -
    ClamAV 0.96.4.0 2011.01.19 -
    Commtouch 5.2.11.5 2011.01.19 -
    Comodo 7442 2011.01.19 -
    DrWeb 5.0.2.03300 2011.01.19 -
    Emsisoft 5.1.0.1 2011.01.19 -
    eSafe 7.0.17.0 2011.01.18 -
    eTrust-Vet 36.1.8108 2011.01.19 -
    F-Prot 4.6.2.117 2011.01.18 -
    F-Secure 9.0.16160.0 2011.01.19 -
    Fortinet 4.2.254.0 2011.01.16 -
    GData 21 2011.01.19 -
    Ikarus T3.1.1.97.0 2011.01.19 -
    Jiangmin 13.0.900 2011.01.19 -
    K7AntiVirus 9.77.3570 2011.01.18 -
    Kaspersky 7.0.0.125 2011.01.19 -
    McAfee 5.400.0.1158 2011.01.19 -
    McAfee-GW-Edition 2010.1C 2011.01.19 -
    Microsoft 1.6402 2011.01.19 -
    NOD32 5800 2011.01.19 -
    Norman 6.06.12 2011.01.19 -
    nProtect 2011-01-18.01 2011.01.18 -
    Panda 10.0.2.7 2011.01.19 -
    PCTools 7.0.3.5 2011.01.19 -
    Prevx 3.0 2011.01.19 -
    Rising 22.83.02.00 2011.01.19 -
    Sophos 4.61.0 2011.01.19 -
    SUPERAntiSpyware 4.40.0.1006 2011.01.19 -
    Symantec 20101.3.0.103 2011.01.19 -
    TheHacker 6.7.0.1.116 2011.01.18 -
    TrendMicro 9.120.0.1004 2011.01.19 -
    TrendMicro-HouseCall 9.120.0.1004 2011.01.19 -
    VBA32 3.12.14.2 2011.01.18 -
    VIPRE 8125 2011.01.19 -
    ViRobot 2011.1.19.4263 2011.01.19 -
    VirusBuster 13.6.153.0 2011.01.19 -

    MD5 : a1f86a5a0da1bec12b7dd19c6234bb15
    SHA1 : 0761f9e56677af208c1a1d9efe3694062d89a870
    SHA256: dbbacf4a78355261e652fc6612f007278d96907d8d2f9fc5c06fc58667c52202

  9. #9
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    That file is ok, not to worry

    Waiting on the new Malwarebytes scan and the report from ESET
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Junior Member
    Join Date
    Jan 2011
    Posts
    12

    Default

    Hello! This is the Malwarebytes Scan:


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5550

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    1/19/2011 3:30:51 PM
    mbam-log-2011-01-19 (15-30-51).txt

    Scan type: Quick scan
    Objects scanned: 160431
    Time elapsed: 2 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    -------

    This is the ESET Log:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=e2030422df075f4abe43209b3f12c250
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-01-20 12:50:16
    # local_time=2011-01-19 04:50:16 (-0800, Pacific Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=768 16777215 100 0 1469637 1469637 0 0
    # compatibility_mode=1024 16777215 100 0 7108258 7108258 0 0
    # compatibility_mode=1280 16777215 100 0 9943306 9943306 0 0
    # compatibility_mode=5893 16776573 100 94 0 47023812 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=267014
    # found=1
    # cleaned=1
    # scan_time=4255
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\fltlib.dll probably a variant of Win32/Agent.XCUNKF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •