PDA

View Full Version : Browser Redirect



Riverback
2010-11-23, 02:01
Hi,

I keep getting Google Redirects for a while (around 2 weeks from now?) and I can't seem to get rid of it. Running Malwarebytes and Avira scans don't detect anything. It seems to be completely random as it doesn't always affect my searches and just redirects google links on random occasions.
I know I'm not a Spybot user, but this place has helped me before and I trust it completely.


DDS (Ver_10-11-10.01) - NTFSx86
Run by Ninoy at 10:51:39.42 on Tue 23/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.1014.161 [GMT 11:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Users\Ninoy\Desktop\Utilities\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\ninoy\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\ninoy\appdata\roaming\micros~1\windows\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ninoy\appdata\roaming\mozilla\firefox\profiles\1gjj0xsn.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\ninoy\appdata\roaming\mozilla\firefox\profiles\1gjj0xsn.default\extensions\{1aeaf837-aa42-46ba-9c44-7afc7678bb55}\components\FFExternalAlert.dll
FF - component: c:\users\ninoy\appdata\roaming\mozilla\firefox\profiles\1gjj0xsn.default\extensions\{1aeaf837-aa42-46ba-9c44-7afc7678bb55}\components\RadioWMPCore.dll
FF - component: c:\users\ninoy\appdata\roaming\mozilla\firefox\profiles\1gjj0xsn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\ninoy\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-2 61960]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

=============== Created Last 30 ================

2010-11-22 05:16:15 -------- d-----w- c:\users\ninoy\appdata\local\Microsoft Games
2010-11-20 22:38:23 -------- d-----w- c:\users\ninoy\appdata\roaming\Avira
2010-11-20 22:32:32 -------- d-----w- c:\program files\Avira
2010-11-20 22:32:32 -------- d-----w- c:\progra~2\Avira
2010-11-17 20:19:38 105984 --sha-r- c:\windows\system32\consentd.dll
2010-11-11 12:26:44 -------- d-----w- c:\program files\MSECache
2010-11-09 12:03:41 -------- d-----w- c:\windows\pss
2010-11-07 11:24:40 -------- d-----w- c:\users\ninoy\appdata\roaming\.minecraft
2010-11-07 03:05:30 -------- d-----w- c:\users\ninoy\appdata\roaming\Malwarebytes
2010-11-07 03:05:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-07 03:04:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-07 03:04:59 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-07 03:04:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-03 04:08:34 -------- d-----w- c:\users\ninoy\appdata\roaming\SharePod
2010-10-29 15:37:05 6146896 begin_of_the_skype_highlighting**************05 6146896******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************05 6146896******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************05 6146896******end_of_the_skype_highlighting ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d28b7ba2-0e87-48b8-b4df-1ee91b67cad6}\mpengine.dll
2010-10-29 10:27:49 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-29 10:27:49 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-29 10:26:57 -------- d-----w- c:\program files\iPod
2010-10-29 10:26:52 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-29 10:26:51 -------- d-----w- c:\program files\iTunes
2010-10-29 10:22:06 -------- d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-10-19 00:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-13 13:09:40 1409 ----a-w- c:\windows\system32\tmpFEC68.FOT
2010-10-13 13:09:40 1409 ----a-w- c:\windows\system32\tmpC4D68.FOT
2010-10-07 07:57:04 59 ----a-w- c:\windows\wpd99.drv
2010-10-07 07:49:54 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-10-07 07:49:54 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-09-13 07:03:52 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-09-13 07:03:52 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-13 06:10:11 138056 ----a-w- c:\users\ninoy\appdata\roaming\PnkBstrK.sys
2010-09-08 00:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 00:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 10:52:59.01 ===============

ken545
2010-11-28, 14:10
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.



You have Malwarebytes installed, open the program, check for updates and run the Quick Scan, remove what it finds and post the log please.




OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Riverback
2010-12-02, 02:40
Sorry for the late reply.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/12/2010 11:39:53 AM
mbam-log-2010-12-02 (11-39-53).txt

Scan type: Quick scan
Objects scanned: 135220
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Riverback
2010-12-02, 02:53
OTL logfile created on: 2/12/2010 11:41:15 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ninoy\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,014.00 Mb Total Physical Memory | 236.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 38.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.14 Gb Total Space | 23.77 Gb Free Space | 46.48% Space Free | Partition Type: NTFS
Drive D: | 50.89 Gb Total Space | 24.17 Gb Free Space | 47.50% Space Free | Partition Type: NTFS
Drive F: | 968.00 Mb Total Space | 5.98 Mb Free Space | 0.62% Space Free | Partition Type: FAT32

Computer Name: NINOY-LAPTOP | User Name: Ninoy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ninoy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\niSvcLoc.exe (National Instruments)


========== Modules (SafeList) ==========

MOD - C:\Users\Ninoy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (niSvcLoc) -- C:\Windows\System32\niSvcLoc.exe (National Instruments)
SRV - (NILM License manager) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (GGSAFERDriver) -- C:\Program Files\Garena\plugins\UI\safedrv.sys File not found
DRV - (GarenaPEngine) -- C:\Users\Ninoy\AppData\Local\Temp\QTV9C21.tmp File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA E2 FC 5D F5 1B CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {1aeaf837-aa42-46ba-9c44-7afc7678bb55}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 21:25:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 21:25:24 | 000,000,000 | ---D | M]

[2010/03/02 11:04:19 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Extensions
[2010/12/02 10:25:10 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions
[2010/06/28 19:51:39 | 000,000,000 | ---D | M] (LockerzAlerts Toolbar) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{1aeaf837-aa42-46ba-9c44-7afc7678bb55}
[2010/11/04 18:31:51 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/08/19 09:19:32 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/07/11 02:54:23 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/11/04 18:31:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/04 18:31:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/01 22:18:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/25 10:25:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/14 05:22:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/25 10:25:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/23 10:36:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/23 10:36:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/23 10:36:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/23 10:36:24 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/25 09:36:24 | 000,426,015 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14673 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Alcmtr] C:\Windows\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\Windows\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Ninoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7b948fd8-3bc2-11df-8e19-001b3854f775}\Shell - "" = AutoRun
O33 - MountPoints2\{7b948fd8-3bc2-11df-8e19-001b3854f775}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bcac7d41-99c5-11df-83cd-001b3854f775}\Shell - "" = AutoRun
O33 - MountPoints2\{bcac7d41-99c5-11df-83cd-001b3854f775}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/02 11:07:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Ninoy\Desktop\OTL.exe
[2010/11/28 18:21:46 | 000,000,000 | ---D | C] -- C:\ST2TEMP
[2010/11/25 09:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/25 09:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/23 10:46:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/22 16:16:15 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\AppData\Local\Microsoft Games
[2010/11/21 09:38:23 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\AppData\Roaming\Avira
[2010/11/21 09:32:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/11/21 09:32:33 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/21 09:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/21 09:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/20 00:32:25 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\Desktop\backups
[2010/11/19 11:30:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ninoy\Desktop\HijackThis.exe
[2010/11/13 13:19:42 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\Documents\agl receipt 13.11.10_files
[2010/11/11 23:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/11/09 23:03:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/07 22:24:40 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\AppData\Roaming\.minecraft
[2010/11/07 14:05:30 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\AppData\Roaming\Malwarebytes
[2010/11/07 14:05:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/07 14:04:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/07 14:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/07 14:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/03 15:08:34 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\AppData\Roaming\SharePod
[2010/03/02 11:50:56 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2010/03/02 11:50:55 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2010/03/02 11:50:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/12/02 11:07:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ninoy\Desktop\OTL.exe
[2010/12/02 11:06:44 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/02 11:06:44 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/02 11:02:12 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2221091872-1666174094-3519672525-1001UA.job
[2010/12/02 10:21:36 | 000,628,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/02 10:21:36 | 000,111,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/02 10:14:12 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\pyjvjmpw.job
[2010/12/02 10:14:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/02 10:14:03 | 797,446,144 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/01 08:02:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2221091872-1666174094-3519672525-1001Core.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/25 09:36:24 | 000,426,015 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/25 09:22:39 | 000,001,220 | ---- | M] () -- C:\Users\Ninoy\Desktop\Spybot - Search & Destroy.lnk
[2010/11/23 11:04:17 | 277,192,505 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/23 10:06:32 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/21 09:32:42 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/11/19 23:56:03 | 000,000,000 | ---- | M] () -- C:\Users\Ninoy\defogger_reenable
[2010/11/19 23:15:33 | 000,001,226 | ---- | M] () -- C:\Users\Ninoy\Desktop\Revo Uninstaller.lnk
[2010/11/19 11:31:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ninoy\Desktop\HijackThis.exe
[2010/11/18 07:19:38 | 000,105,984 | RHS- | M] () -- C:\Windows\System32\consentd.dll
[2010/11/13 13:19:44 | 000,014,110 | ---- | M] () -- C:\Users\Ninoy\Documents\agl receipt 13.11.10.htm
[2010/11/10 20:41:12 | 000,000,854 | ---- | M] () -- C:\Users\Ninoy\Documents\cc_20101110_204110.reg
[2010/11/10 20:41:00 | 000,002,856 | ---- | M] () -- C:\Users\Ninoy\Documents\cc_20101110_204058.reg
[2010/11/10 20:40:49 | 000,016,270 | ---- | M] () -- C:\Users\Ninoy\Documents\cc_20101110_204046.reg
[2010/11/10 20:40:26 | 000,170,624 | ---- | M] () -- C:\Users\Ninoy\Documents\cc_20101110_204012.reg
[2010/11/10 20:39:29 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/07 14:05:09 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/06 20:03:57 | 000,002,405 | ---- | M] () -- C:\Users\Ninoy\Desktop\Google Chrome.lnk
[2010/11/03 15:31:20 | 000,000,000 | -H-- | M] () -- C:\Users\Ninoy\Desktop\SharePodSettings.xml

========== Files Created - No Company Name ==========

[2010/11/25 09:22:39 | 000,001,220 | ---- | C] () -- C:\Users\Ninoy\Desktop\Spybot - Search & Destroy.lnk
[2010/11/21 09:32:42 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/11/20 00:26:19 | 277,192,505 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/19 23:56:03 | 000,000,000 | ---- | C] () -- C:\Users\Ninoy\defogger_reenable
[2010/11/18 07:19:38 | 000,105,984 | RHS- | C] () -- C:\Windows\System32\consentd.dll
[2010/11/18 07:19:38 | 000,000,304 | -HS- | C] () -- C:\Windows\tasks\pyjvjmpw.job
[2010/11/13 13:19:42 | 000,014,110 | ---- | C] () -- C:\Users\Ninoy\Documents\agl receipt 13.11.10.htm
[2010/11/10 20:41:11 | 000,000,854 | ---- | C] () -- C:\Users\Ninoy\Documents\cc_20101110_204110.reg
[2010/11/10 20:40:59 | 000,002,856 | ---- | C] () -- C:\Users\Ninoy\Documents\cc_20101110_204058.reg
[2010/11/10 20:40:48 | 000,016,270 | ---- | C] () -- C:\Users\Ninoy\Documents\cc_20101110_204046.reg
[2010/11/10 20:40:18 | 000,170,624 | ---- | C] () -- C:\Users\Ninoy\Documents\cc_20101110_204012.reg
[2010/11/10 20:39:29 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/07 14:05:09 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/03 15:31:20 | 000,000,000 | -H-- | C] () -- C:\Users\Ninoy\Desktop\SharePodSettings.xml
[2010/10/07 18:49:55 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2010/10/07 18:49:54 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2010/09/13 17:10:11 | 000,138,056 | ---- | C] () -- C:\Users\Ninoy\AppData\Roaming\PnkBstrK.sys
[2010/07/18 14:36:19 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/06/16 00:34:56 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/06/14 05:31:04 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/28 11:04:46 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/05/05 22:20:35 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/02 20:38:46 | 000,000,918 | ---- | C] () -- C:\Users\Ninoy\AppData\Roaming\coreavc.ini
[2010/04/28 12:03:32 | 000,103,936 | ---- | C] () -- C:\Users\Ninoy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/09 22:01:40 | 000,430,080 | ---- | C] () -- C:\Windows\System32\wmpheadphones.dll
[2010/03/25 23:16:03 | 000,000,017 | ---- | C] () -- C:\Users\Ninoy\AppData\Local\resmon.resmoncfg
[2010/03/02 11:51:35 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2010/03/02 11:51:35 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2010/03/02 11:51:34 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2010/03/02 11:51:34 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2010/03/02 11:50:55 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010/03/02 11:50:55 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/07/14 10:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2002/10/07 11:00:00 | 000,007,140 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys

========== LOP Check ==========

[2010/11/07 22:44:31 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\.minecraft
[2010/08/13 22:27:04 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\albumart
[2010/09/04 23:41:48 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\Canon
[2010/04/29 15:00:24 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\COWON
[2010/06/08 22:19:09 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\dBpoweramp
[2010/11/25 20:54:11 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\foobar2000
[2010/11/19 07:38:01 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\FrostWire
[2010/05/04 19:34:48 | 000,000,000 | -H-D | M] -- C:\Users\Ninoy\AppData\Roaming\ijjigame
[2010/06/09 11:44:36 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\iLove User Data
[2010/04/29 19:00:06 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\Mp3tag
[2010/10/07 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\pdf995
[2010/05/21 18:49:59 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\Publish Providers
[2010/04/08 16:01:12 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\Red Kawa
[2010/11/03 15:08:34 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\SharePod
[2010/05/21 18:49:50 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\Sony
[2010/09/25 21:10:44 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\SystemRequirementsLab
[2010/12/01 22:32:17 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\TeraCopy
[2010/12/02 10:59:05 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\uTorrent
[2010/07/16 20:58:12 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\W
[2010/07/16 20:24:29 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\wargaming.net
[2010/12/02 10:14:12 | 000,000,304 | -HS- | M] () -- C:\Windows\Tasks\pyjvjmpw.job
[2010/11/23 11:04:21 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

----------------------------------------

OTL Extras logfile created on: 2/12/2010 11:41:15 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ninoy\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,014.00 Mb Total Physical Memory | 236.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 38.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.14 Gb Total Space | 23.77 Gb Free Space | 46.48% Space Free | Partition Type: NTFS
Drive D: | 50.89 Gb Total Space | 24.17 Gb Free Space | 47.50% Space Free | Partition Type: NTFS
Drive F: | 968.00 Mb Total Space | 5.98 Mb Free Space | 0.62% Space Free | Partition Type: FAT32

Computer Name: NINOY-LAPTOP | User Name: Ninoy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.3.1.42_Foxconn Installation Program
"{2C585265-527B-4D76-B9B4-2F037C33C40C}" = NI LabVIEW 7.0 Student Edition
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3B3A53AC-E2E0-4516-B974-1F0DF20CD12E}" = NI LabVIEW Advanced Analysis 7.0
"{3F9FB449-93DB-4C47-BB5B-7334C4D1736E}" = SD Formatter
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BEC2867-0BF7-4A87-B459-003E3F20AFB1}" = NI Uninstaller 1.1.1f1
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{676B241C-AED4-400B-98FF-267773B94B11}_is1" = QuickFreedom 1.2.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735AF21E-5436-4780-88F7-B5508F043A40}" = NI LVBrokerAux70
"{73D3BADE-EC2F-4A5C-8F80-CB68AB704FF3}" = NI LabVIEW Run-Time Engine 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ABE69F4-DC12-48E5-973E-02D4A2F36AA6}" = NI LabVIEW CIN Tools 7.0
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.150.22.0_Foxconn Installation Program
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8FB91814-FE42-4B62-9B54-4B677A420715}_is1" = CLEO v3.0.950
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91FCD191-93A1-40C9-8852-F50B63BF6C67}" = COWON D2+ User's Guide
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.02.10
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE77B453-7253-47D6-AD21-9FC10DD44D67}" = NI LabVIEW Picture Control Toolkit 7.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C6F38FDB-4BEB-4062-BE2F-2179F1A9B38F}" = NI LabVIEW Full 7.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7BAFF4D-D4B0-4508-A370-743D49EFC28F}" = NI LVBroker
"{EC60B018-251A-47E7-A838-CECB70AE46EF}" = NI LabVIEW Service Locator 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FD950A83-5FA5-47F2-B0B1-296023420CB1}" = NI Instrument IO Assistant for LabVIEW 7.0
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"4Front Headphones Plugin 1.0c_is1" = 4Front Headphones Plugin 1.0c
"7-Zip" = 7-Zip 4.65
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Album Cover Art Downloader" = Album Cover Art Downloader 1.6.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BCM70010" = Broadcom High Definition Video Decoder 2.6.0.5
"BlueJ_is1" = BlueJ 2.5.3
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Counter Strike Xtreme V4" = Counter Strike Xtreme V4
"Counter-Strike Xtreme V4 Patch" = Counter-Strike Xtreme V4 Patch
"dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec
"dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpoweramp Mp2 and BwfMp2 codec" = dBpoweramp Mp2 and BwfMp2 codec
"dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Real Audio (Helix) Encoder" = dBpoweramp Real Audio (Helix) Encoder
"dBPoweramp tooLame MP2 codec" = dBPoweramp tooLame MP2 codec
"dBpoweramp Wave64 Codec" = dBpoweramp Wave64 Codec
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"DMX5_is1" = DriverMax 5
"foobar2000" = foobar2000 v1.0
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Standard)
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.1
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mp3tag" = Mp3tag v2.46a
"NI Uninstaller" = National Instruments Software
"NVIDIA Drivers" = NVIDIA Drivers
"Orcad Family Release 9.2 Lite Edition" = Orcad Family Release 9.2 Lite Edition
"Pdf995" = Pdf995
"ProInst" = Intel(R) PROSet/Wireless Software
"PSP Video 9" = PSP Video 9 5.04
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Revo Uninstaller" = Revo Uninstaller 1.90
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TeraCopy_is1" = TeraCopy 2.12
"TVWiz" = Intel(R) TV Wizard
"Videora iPod nano Converter" = Videora iPod nano Converter 5.04
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PLATE submission launcher" = PLATE submission launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/11/2010 9:32:32 AM | Computer Name = Ninoy-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\innovative
solutions\drivermax\DPInst\amd64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/11/2010 9:32:32 AM | Computer Name = Ninoy-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/11/2010 9:33:44 AM | Computer Name = Ninoy-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\pdf995\res\drivedir\copy64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/11/2010 9:34:25 AM | Computer Name = Ninoy-Laptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 26/11/2010 5:39:03 PM | Computer Name = Ninoy-Laptop | Source = Application Hang | ID = 1002
Description = The program javaw.exe version 6.0.210.7 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: dac Start Time:
01cb8da6c03aa1df Termination Time: 0 Application Path: C:\Program Files\Java\jre6\bin\javaw.exe

Report
Id:

Error - 27/11/2010 6:39:46 AM | Computer Name = Ninoy-Laptop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3951 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b68 Start
Time: 01cb8e0e20e59ca6 Termination Time: 251 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id:

Error - 28/11/2010 7:50:04 PM | Computer Name = Ninoy-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\innovative
solutions\drivermax\DPInst\amd64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/11/2010 7:50:04 PM | Computer Name = Ninoy-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/11/2010 7:51:13 PM | Computer Name = Ninoy-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\pdf995\res\drivedir\copy64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/11/2010 7:51:53 PM | Computer Name = Ninoy-Laptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 28/11/2010 9:55:33 PM | Computer Name = Ninoy-Laptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 28/11/2010 11:17:05 PM | Computer Name = Ninoy-Laptop | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 29/11/2010 4:30:18 PM | Computer Name = Ninoy-Laptop | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 29/11/2010 6:07:22 PM | Computer Name = Ninoy-Laptop | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 29/11/2010 8:13:55 PM | Computer Name = Ninoy-Laptop | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 29/11/2010 11:03:29 PM | Computer Name = Ninoy-Laptop | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 30/11/2010 3:44:10 PM | Computer Name = Ninoy-Laptop | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 1/12/2010 1:17:29 AM | Computer Name = Ninoy-Laptop | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 1/12/2010 1:49:50 AM | Computer Name = Ninoy-Laptop | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 1/12/2010 7:14:47 PM | Computer Name = Ninoy-Laptop | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058


< End of report >

ken545
2010-12-02, 11:35
Hi,

I am looking at a few questionable files on your system. Lets run this scan and check for a Rootkit, be sure to enlarge the picture and tick and untick the modules as shown.

Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

Riverback
2010-12-02, 13:15
Honestly, the last few times I did a rootkit scan I ended up getting BSOD'd
I got a successful one this time around though :D

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-02 22:11:11
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD12 rev.01.0
Running: gmer.exe; Driver: C:\Users\Ninoy\AppData\Local\Temp\fgldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8306C8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8308C3B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.'\OpenWithProgids@\37'_auto_file

---- EOF - GMER 1.0.15 ----

ken545
2010-12-02, 13:56
No Rootkit. This program should run on Win 7, just not the 64bit version .

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Riverback
2010-12-02, 22:52
Here we go:

ComboFix 10-12-02.01 - Ninoy 03/12/2010 7:28.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.1014.257 [GMT 11:00]
Running from: c:\users\Ninoy\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk

.
((((((((((((((((((((((((( Files Created from 2010-11-02 to 2010-12-02 )))))))))))))))))))))))))))))))
.

2010-12-02 20:35 . 2010-12-02 20:36 -------- d-----w- c:\users\Ninoy\AppData\Local\temp
2010-12-02 20:35 . 2010-12-02 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-22 05:16 . 2010-11-22 05:16 -------- d-----w- c:\users\Ninoy\AppData\Local\Microsoft Games
2010-11-20 22:38 . 2010-11-20 22:38 -------- d-----w- c:\users\Ninoy\AppData\Roaming\Avira
2010-11-20 22:32 . 2010-08-02 05:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-20 22:32 . 2010-11-20 22:32 -------- d-----w- c:\programdata\Avira
2010-11-20 22:32 . 2010-11-20 22:32 -------- d-----w- c:\program files\Avira
2010-11-17 20:19 . 2010-11-17 20:19 105984 --sha-r- c:\windows\system32\consentd.dll
2010-11-11 12:26 . 2010-11-11 12:26 -------- d-----w- c:\program files\MSECache
2010-11-07 11:24 . 2010-11-07 11:44 -------- d-----w- c:\users\Ninoy\AppData\Roaming\.minecraft
2010-11-07 03:05 . 2010-11-07 03:05 -------- d-----w- c:\users\Ninoy\AppData\Roaming\Malwarebytes
2010-11-07 03:05 . 2010-11-29 06:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-07 03:04 . 2010-11-29 06:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-07 03:04 . 2010-11-07 03:04 -------- d-----w- c:\programdata\Malwarebytes
2010-11-07 03:04 . 2010-12-02 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-03 04:08 . 2010-11-03 04:08 -------- d-----w- c:\users\Ninoy\AppData\Roaming\SharePod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 23:06 . 2010-03-02 00:20 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-19 00:41 . 2010-03-02 00:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-13 13:09 . 2010-10-13 13:09 1409 ----a-w- c:\windows\system32\tmpFEC68.FOT
2010-10-13 13:09 . 2010-10-13 13:09 1409 ----a-w- c:\windows\system32\tmpC4D68.FOT
2010-10-07 23:21 . 2010-10-29 15:37 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D28B7BA2-0E87-48B8-B4DF-1EE91B67CAD6}\mpengine.dll
2010-10-07 07:49 . 2010-10-07 07:49 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-10-07 07:49 . 2010-10-07 07:49 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-09-13 07:03 . 2010-09-13 06:49 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-09-13 07:03 . 2010-09-13 06:09 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-13 06:10 . 2010-09-13 06:10 138056 ----a-w- c:\users\Ninoy\AppData\Roaming\PnkBstrK.sys
2010-09-08 00:17 . 2010-09-08 00:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 00:17 . 2010-09-08 00:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2003-04-30 23:36 . 2003-04-30 23:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-06 9394792]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

c:\users\Ninoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2010-4-6 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^Ninoy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Ninoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Ninoy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Ninoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 06:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2010-03-01 04:00 9216928 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-08 04:51 136176 ----atw- c:\users\Ninoy\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-23 15:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-11-29 06:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 00:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-05-10 07:08 16342528 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 GarenaPEngine;GarenaPEngine;c:\users\Ninoy\AppData\Local\Temp\QTV9C21.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-07-20 3641832]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]

.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2221091872-1666174094-3519672525-1001Core.job
- c:\users\Ninoy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-08 04:51]

2010-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2221091872-1666174094-3519672525-1001UA.job
- c:\users\Ninoy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-08 04:51]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{1aeaf837-aa42-46ba-9c44-7afc7678bb55}\components\FFExternalAlert.dll
FF - component: c:\users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{1aeaf837-aa42-46ba-9c44-7afc7678bb55}\components\RadioWMPCore.dll
FF - component: c:\users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Ninoy\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - c:\users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Extension: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - c:\users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Extension: LockerzAlerts Toolbar: {1aeaf837-aa42-46ba-9c44-7afc7678bb55} - c:\users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{1aeaf837-aa42-46ba-9c44-7afc7678bb55}
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-{8FB91814-FE42-4B62-9B54-4B677A420715}_is1 - c:\rockstar games\GTA San Andreas\unins000.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Ninoy\AppData\Local\Temp\QTV9C21.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-03 07:38:45
ComboFix-quarantined-files.txt 2010-12-02 20:38

Pre-Run: 24,459,358,208 bytes free
Post-Run: 24,454,074,368 bytes free

- - End Of File - - 1089DFE74C333C6C9AD428EE41EF29C8

ken545
2010-12-03, 01:11
Hi,

Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe







Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
FF - prefs.js..network.proxy.http_port: 50370

:Services

:Reg

:Files


:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Riverback
2010-12-03, 08:47
I didnt know if you wanted me to run a 2nd OTL scan after the fix but here are the logs.

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Prefs.js: 50370 removed from network.proxy.http_port
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ninoy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1942934 bytes
->Java cache emptied: 40655818 bytes
->FireFox cache emptied: 77509218 bytes
->Google Chrome cache emptied: 270442395 bytes
->Flash cache emptied: 29779 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 372.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 12032010_173234

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 3/12/2010 5:39:34 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ninoy\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,014.00 Mb Total Physical Memory | 123.00 Mb Available Physical Memory | 12.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.14 Gb Total Space | 22.98 Gb Free Space | 44.93% Space Free | Partition Type: NTFS
Drive D: | 50.89 Gb Total Space | 24.17 Gb Free Space | 47.50% Space Free | Partition Type: NTFS
Drive F: | 968.00 Mb Total Space | 5.98 Mb Free Space | 0.62% Space Free | Partition Type: FAT32

Computer Name: NINOY-LAPTOP | User Name: Ninoy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ninoy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\niSvcLoc.exe (National Instruments)


========== Modules (SafeList) ==========

MOD - C:\Users\Ninoy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (niSvcLoc) -- C:\Windows\System32\niSvcLoc.exe (National Instruments)
SRV - (NILM License manager) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (GGSAFERDriver) -- C:\Program Files\Garena\plugins\UI\safedrv.sys File not found
DRV - (GarenaPEngine) -- C:\Users\Ninoy\AppData\Local\Temp\QTV9C21.tmp File not found
DRV - (catchme) -- C:\Users\Ninoy\AppData\Local\Temp\catchme.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA E2 FC 5D F5 1B CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {1aeaf837-aa42-46ba-9c44-7afc7678bb55}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 21:25:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 21:25:24 | 000,000,000 | ---D | M]

[2010/03/02 11:04:19 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Extensions
[2010/12/02 10:25:10 | 000,000,000 | ---D | M] -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions
[2010/06/28 19:51:39 | 000,000,000 | ---D | M] (LockerzAlerts Toolbar) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{1aeaf837-aa42-46ba-9c44-7afc7678bb55}
[2010/11/04 18:31:51 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/08/19 09:19:32 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/07/11 02:54:23 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/11/04 18:31:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/04 18:31:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/01 22:18:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ninoy\AppData\Roaming\Mozilla\Firefox\Profiles\1gjj0xsn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/25 10:25:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/14 05:22:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/25 10:25:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/23 10:36:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/23 10:36:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/23 10:36:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/23 10:36:24 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/12/03 17:33:03 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AlcWzrd] C:\Windows\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Ninoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/03 17:32:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/03 17:30:14 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\Desktop\ERUNT
[2010/12/03 07:38:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/03 07:38:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/03 07:38:48 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\AppData\Local\temp
[2010/12/03 07:26:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/03 07:26:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/03 07:26:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/03 07:25:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/03 07:25:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/03 07:25:16 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/12/02 11:07:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Ninoy\Desktop\OTL.exe
[2010/11/28 18:21:46 | 000,000,000 | ---D | C] -- C:\ST2TEMP
[2010/11/25 09:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/25 09:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/23 10:46:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/22 16:16:15 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\AppData\Local\Microsoft Games
[2010/11/21 09:38:23 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\AppData\Roaming\Avira
[2010/11/21 09:32:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/11/21 09:32:33 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/21 09:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/21 09:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/20 00:32:25 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\Desktop\backups
[2010/11/19 11:30:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ninoy\Desktop\HijackThis.exe
[2010/11/13 13:19:42 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\Documents\agl receipt 13.11.10_files
[2010/11/11 23:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/11/09 23:03:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/07 22:24:40 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\AppData\Roaming\.minecraft
[2010/11/07 14:05:30 | 000,000,000 | ---D | C] -- C:\Users\Ninoy\AppData\Roaming\Malwarebytes
[2010/11/07 14:05:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/07 14:04:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/07 14:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/07 14:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/02 11:50:56 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2010/03/02 11:50:55 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2010/03/02 11:50:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/12/03 17:42:36 | 000,628,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/03 17:42:36 | 000,111,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/03 17:35:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/03 17:35:05 | 797,446,144 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/03 17:33:03 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/12/03 17:29:28 | 000,513,320 | ---- | M] () -- C:\Users\Ninoy\Desktop\erunt.zip
[2010/12/03 17:13:18 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/03 17:13:18 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/03 09:02:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2221091872-1666174094-3519672525-1001UA.job
[2010/12/03 08:02:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2221091872-1666174094-3519672525-1001Core.job
[2010/12/03 07:25:08 | 003,983,777 | R--- | M] () -- C:\Users\Ninoy\Desktop\ComboFix.exe
[2010/12/02 21:47:35 | 000,288,107 | ---- | M] () -- C:\Users\Ninoy\Desktop\gmer.zip
[2010/12/02 11:07:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ninoy\Desktop\OTL.exe
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/25 09:22:39 | 000,001,220 | ---- | M] () -- C:\Users\Ninoy\Desktop\Spybot - Search & Destroy.lnk
[2010/11/23 11:04:17 | 277,192,505 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/23 10:06:32 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/21 09:32:42 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/11/19 23:56:03 | 000,000,000 | ---- | M] () -- C:\Users\Ninoy\defogger_reenable
[2010/11/19 23:15:33 | 000,001,226 | ---- | M] () -- C:\Users\Ninoy\Desktop\Revo Uninstaller.lnk
[2010/11/19 11:31:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ninoy\Desktop\HijackThis.exe
[2010/11/18 07:19:38 | 000,105,984 | RHS- | M] () -- C:\Windows\System32\consentd.dll
[2010/11/13 13:19:44 | 000,014,110 | ---- | M] () -- C:\Users\Ninoy\Documents\agl receipt 13.11.10.htm
[2010/11/10 20:41:12 | 000,000,854 | ---- | M] () -- C:\Users\Ninoy\Documents\cc_20101110_204110.reg
[2010/11/10 20:41:00 | 000,002,856 | ---- | M] () -- C:\Users\Ninoy\Documents\cc_20101110_204058.reg
[2010/11/10 20:40:49 | 000,016,270 | ---- | M] () -- C:\Users\Ninoy\Documents\cc_20101110_204046.reg
[2010/11/10 20:40:26 | 000,170,624 | ---- | M] () -- C:\Users\Ninoy\Documents\cc_20101110_204012.reg
[2010/11/10 20:39:29 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\Ninoy\Desktop\gmer.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/07 14:05:09 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/06 20:03:57 | 000,002,405 | ---- | M] () -- C:\Users\Ninoy\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2010/12/03 17:29:22 | 000,513,320 | ---- | C] () -- C:\Users\Ninoy\Desktop\erunt.zip
[2010/12/03 07:26:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/03 07:26:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/03 07:26:13 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/03 07:26:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/03 07:26:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/03 07:24:28 | 003,983,777 | R--- | C] () -- C:\Users\Ninoy\Desktop\ComboFix.exe
[2010/12/02 21:47:30 | 000,288,107 | ---- | C] () -- C:\Users\Ninoy\Desktop\gmer.zip
[2010/11/25 09:22:39 | 000,001,220 | ---- | C] () -- C:\Users\Ninoy\Desktop\Spybot - Search & Destroy.lnk
[2010/11/21 09:32:42 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/11/20 00:26:19 | 277,192,505 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/19 23:56:03 | 000,000,000 | ---- | C] () -- C:\Users\Ninoy\defogger_reenable
[2010/11/18 07:19:38 | 000,105,984 | RHS- | C] () -- C:\Windows\System32\consentd.dll
[2010/11/13 13:19:42 | 000,014,110 | ---- | C] () -- C:\Users\Ninoy\Documents\agl receipt 13.11.10.htm
[2010/11/10 20:41:11 | 000,000,854 | ---- | C] () -- C:\Users\Ninoy\Documents\cc_20101110_204110.reg
[2010/11/10 20:40:59 | 000,002,856 | ---- | C] () -- C:\Users\Ninoy\Documents\cc_20101110_204058.reg
[2010/11/10 20:40:48 | 000,016,270 | ---- | C] () -- C:\Users\Ninoy\Documents\cc_20101110_204046.reg
[2010/11/10 20:40:18 | 000,170,624 | ---- | C] () -- C:\Users\Ninoy\Documents\cc_20101110_204012.reg
[2010/11/10 20:39:29 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/08 10:32:38 | 000,296,448 | ---- | C] () -- C:\Users\Ninoy\Desktop\gmer.exe
[2010/11/07 14:05:09 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/07 18:49:55 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2010/10/07 18:49:54 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2010/09/13 17:10:11 | 000,138,056 | ---- | C] () -- C:\Users\Ninoy\AppData\Roaming\PnkBstrK.sys
[2010/07/18 14:36:19 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/06/16 00:34:56 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/06/14 05:31:04 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/28 11:04:46 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/05/05 22:20:35 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/02 20:38:46 | 000,000,918 | ---- | C] () -- C:\Users\Ninoy\AppData\Roaming\coreavc.ini
[2010/04/28 12:03:32 | 000,103,936 | ---- | C] () -- C:\Users\Ninoy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/09 22:01:40 | 000,430,080 | ---- | C] () -- C:\Windows\System32\wmpheadphones.dll
[2010/03/25 23:16:03 | 000,000,017 | ---- | C] () -- C:\Users\Ninoy\AppData\Local\resmon.resmoncfg
[2010/03/02 11:51:35 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2010/03/02 11:51:35 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2010/03/02 11:51:34 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2010/03/02 11:51:34 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2010/03/02 11:50:55 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010/03/02 11:50:55 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/07/14 10:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2002/10/07 11:00:00 | 000,007,140 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Thanks for the help so far :D

ken545
2010-12-03, 11:58
Hi,

Are you still being redirected ?

C:\32788R22FWJFW <--Delete this folder

Riverback
2010-12-03, 16:11
I just tried spamming random searches into Google and so far no redirect.

Thanks for the help. I'll post again if the little bastard pops up again :D:thanks:

ken545
2010-12-03, 16:41
Lets make sure we got it all


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

Riverback
2010-12-04, 05:14
The scan didnt find anything :X

ken545
2010-12-04, 13:28
Great :bigthumb:

Open OTL and click on the Cleanup Tab and it will remove most of the tools we used to clean your system along with there backups.



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)





Safe Surfn
Ken

ken545
2010-12-08, 14:25
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.