Infected by trojan.

**chelseafan** · 2011-12-09, 15:48

I was using the internet and suddenly i disconnected from the internet, the screen went white and froze. I rebooted and this popped up...

'There was a problem starting C:\Users\James\AppData\Local\Temp\0.768814013133.exe
The specified model could not be found.'

and then this popped up...

'OpenOffice.org3.3. Either another instance of openoffice.org is opening your personal settings or your personal settings are located.
Simultaneous access can lead to inconsistencies in your personal settings. Before continuing, you should ensure user ''closes open office.org host''
Do you really want to continue?'

Here's my logfile...

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Paul at 14:03:06 on 2011-12-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3959.1924 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\OnlyWire\OnlyWireWindows.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\java.exe
C:\Users\James\Documents\Texter\texter.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = 127.0.0.1
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FaceSmooch Toolbar: {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files (x86)\facesmoochtb\facesmoochDx.dll
BHO: Updater For FaceSmooch Toolbar: {41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} - C:\Program Files (x86)\facesmoochtb\auxi\facesmoochAu.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: FaceSmooch Toolbar: {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files (x86)\facesmoochtb\facesmoochDx.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [AdobeBridge]
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SansaDispatch] C:\Users\Paul\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MP3ROC~1.LNK - C:\Program Files (x86)\MP3 Rocket\MP3Rocket.exe
StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Texter.lnk - C:\Program Files (x86)\Texter\texter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OnlyWire.LNK - C:\Program Files (x86)\OnlyWire\OnlyWireWindows.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3A572524-78C6-4EEA-82EC-40C541C42D1E} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3A572524-78C6-4EEA-82EC-40C541C42D1E}\044525555475946494 : DhcpNameServer = 10.42.254.10 10.42.254.26
TCP: Interfaces\{3A572524-78C6-4EEA-82EC-40C541C42D1E}\2456C6B696E6F5E4F5144435C4F5343313736433 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3A572524-78C6-4EEA-82EC-40C541C42D1E}\35B4952353435333 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3A572524-78C6-4EEA-82EC-40C541C42D1E}\3747164796F6E6F547F677562723 : DhcpNameServer = 50.23.239.24 208.67.222.222
TCP: Interfaces\{3A572524-78C6-4EEA-82EC-40C541C42D1E}\64C6F6F62753D224 : DhcpNameServer = 10.0.1.1 203.144.207.49
TCP: Interfaces\{3A572524-78C6-4EEA-82EC-40C541C42D1E}\75C414E4E45445 : DhcpNameServer = 172.16.0.1
TCP: Interfaces\{3A572524-78C6-4EEA-82EC-40C541C42D1E}\E6F64747F577966696 : DhcpNameServer = 50.23.239.24 208.67.222.222
TCP: Interfaces\{5FBA79C8-743B-45CB-B3F6-4EC3856F55EA} : NameServer = 8.8.8.8,208.67.220.220
TCP: Interfaces\{5FBA79C8-743B-45CB-B3F6-4EC3856F55EA} : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: FaceSmooch Toolbar: {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files (x86)\facesmoochtb\facesmoochDx.dll
BHO-X64: FaceSmooch Toolbar - No File
BHO-X64: Updater For FaceSmooch Toolbar: {41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} - C:\Program Files (x86)\facesmoochtb\auxi\facesmoochAu.dll
BHO-X64: Updater For FaceSmooch Toolbar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: FaceSmooch Toolbar: {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files (x86)\facesmoochtb\facesmoochDx.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-2-17 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-2-17 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-6-29 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-2-1 2253688]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-1 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-1 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-09 12:28:24 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE93D026-FF32-4BCF-8170-7EB83A8ED13E}\offreg.dll
2011-12-08 19:45:10 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE93D026-FF32-4BCF-8170-7EB83A8ED13E}\mpengine.dll
2011-12-06 19:25:59 -------- d-----w- C:\Users\Paul\AppData\Local\{E3B6484C-CC8D-456B-AB9C-0E89D4A6E3B6}
2011-12-06 19:25:47 -------- d-----w- C:\Users\Paul\AppData\Local\{7FD2D6D9-9EF2-4759-9A5C-C942209B8236}
2011-11-29 14:12:50 -------- d-----w- C:\Users\Paul\AppData\Local\{3E43F9C9-58FB-4810-A1F5-E0D81AD74A10}
2011-11-29 14:12:39 -------- d-----w- C:\Users\Paul\AppData\Local\{F11BD7AC-FA3C-4B76-A58C-EE0A4119DE80}
2011-11-27 11:37:13 -------- d-----w- C:\Users\Paul\AppData\Local\{4C410295-EADF-499D-9D6F-CFD5CCA8EF8A}
2011-11-19 23:42:32 -------- d-----w- C:\Users\Paul\AppData\Local\{090930C6-A55A-4E56-8715-C825D788A9CF}
2011-11-19 23:42:19 -------- d-----w- C:\Users\Paul\AppData\Local\{0BD7DD2A-D698-4CE1-B0F7-7C3D630C1AF4}
2011-11-19 10:53:57 -------- d-----w- C:\Users\Paul\AppData\Local\{80D1E28B-63EE-4595-A64D-EA30695E31EF}
2011-11-19 10:53:45 -------- d-----w- C:\Users\Paul\AppData\Local\{F4967D60-9D78-460D-955D-75FCAFEED890}
2011-11-09 21:33:24 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 21:33:24 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 21:33:22 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 21:33:20 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-11-19 10:54:38 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:03:44.96 ===============

**jeffce** · 2011-12-12, 15:34

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Having said that....Let's get going!! :thumbup:
----------

To start with do you have your system set up on a proxy by chance?
----------

Please download DeFogger to your desktop.
Right-click and Run as Administrator DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
If it needs to, DeFogger may ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
----------

Please download aswMBR to your desktop.

Right click and Run as Administrator the aswMBR icon to run it.
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it
----------

In your next reply please let me know about the proxy settings and post the log created by aswMBR.

**chelseafan** · 2011-12-12, 19:28

cheers jeff, here are the results

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-12 18:18:18
-----------------------------
18:18:18.539 OS Version: Windows x64 6.1.7601 Service Pack 1
18:18:18.539 Number of processors: 4 586 0x2502
18:18:18.540 ComputerName: PAUL-PC UserName: Paul
18:18:19.228 Initialize success
18:18:33.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:18:33.753 Disk 0 Vendor: WDC_WD5000BEVT-22A0RT0 01.01A01 Size: 476940MB BusType: 3
18:18:35.770 Disk 0 MBR read successfully
18:18:35.776 Disk 0 MBR scan
18:18:35.779 Disk 0 Windows 7 default MBR code
18:18:35.784 Service scanning
18:18:36.610 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:18:37.268 Modules scanning
18:18:37.274 Disk 0 trace - called modules:
18:18:37.326 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:18:37.332 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800527e060]
18:18:37.338 3 CLASSPNP.SYS[fffff8800197143f] -> nt!IofCallDriver -> [0xfffffa8004fe3580]
18:18:37.344 5 ACPI.sys[fffff88000f8a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004fd1060]
18:18:37.351 Scan finished successfully
18:18:49.769 Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
18:18:49.800 The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"

**jeffce** · 2011-12-12, 20:30

Hi Chelseafan,

Do you know if your computer is set to run on a proxy?

**chelseafan** · 2011-12-14, 00:38

I don't know what you mean, sorry.

**jeffce** · 2011-12-14, 03:13

Hi,

I don't know what you mean, sorry.

If you don't know what I mean than you didn't do it.

I will be back soon with the next set of instructions.

**jeffce** · 2011-12-15, 16:23

Hi chelseafan,

I am so sorry about the delay in response. :(

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

**chelseafan** · 2011-12-15, 21:20

I'm having a problem with combofix, when the computer restarts the combofix window opens and constantly flickers very fast, the only way to stop it is to open another window for it to stop for a few seconds so i can click exit.

**jeffce** · 2011-12-15, 21:25

Hi chelseafan,

Ok...lets use something else for now.

-------

Download OTL to your desktop.
Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**chelseafan** · 2011-12-15, 22:05

OTL logfile created on: 12/15/2011 9:00:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\James\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 70.79% Memory free
7.73 Gb Paging File | 6.42 Gb Available in Paging File | 83.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 8.58 Gb Free Space | 8.79% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 41.39 Gb Free Space | 42.38% Space Free | Partition Type: NTFS
Drive E: | 270.44 Gb Total Space | 108.46 Gb Free Space | 40.11% Space Free | Partition Type: NTFS
Drive F: | 452.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 100.00 Mb Total Space | 70.07 Mb Free Space | 70.07% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\James\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\SysWOW64\java.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\OnlyWire\OnlyWireWindows.exe ()
PRC - C:\Users\James\My Documents\Texter\texter.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\OnlyWire\OnlyWireWindows.exe ()
MOD - C:\Users\James\My Documents\Texter\texter.exe ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Crypkey License) -- C:\Windows\SysWow64\Crypserv.exe (CrypKey (Canada) Ltd.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SeratoUsb) -- C:\Windows\SysNative\drivers\SeratoUsb.sys (Cristalink Ltd)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 A0 14 D3 06 3F CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: savedpasswords@adamfranco.com:1.2.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:4.0.0
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.2
FF - prefs.js..extensions.enabledItems: pbupload@photobucket.com:1.3.1

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/10 20:56:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/16 09:58:30 | 000,000,000 | ---D | M]

[2011/02/01 15:15:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2011/11/27 11:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\extensions
[2011/11/27 11:37:12 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/11/27 11:37:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/01 15:16:02 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/03/19 10:54:31 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\extensions\add-to-searchbox@maltekraus.de
[2011/11/27 11:37:10 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\extensions\foxmarks@kei.com
[2011/09/13 12:04:11 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011/05/17 22:31:45 | 000,000,000 | ---D | M] (Saved Passwords Button) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\extensions\savedpasswords@adamfranco.com
[2011/11/27 11:37:11 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\extensions\support@lastpass.com
[2011/03/19 11:03:06 | 000,002,454 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\searchplugins\google-image-search.xml
[2011/03/23 22:45:21 | 000,001,097 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\searchplugins\mrtzcmp3--3.xml
[2011/03/19 10:59:26 | 000,001,060 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\searchplugins\the-internet-movie-database-imdb.xml
[2010/11/07 07:14:56 | 000,001,597 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\searchplugins\the-pirate-bay.xml
[2010/05/27 14:39:22 | 000,002,057 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\8b6eqx2g.default\searchplugins\youtube-video-search.xml
[2011/07/22 18:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/29 08:42:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/04 20:25:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 18:30:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/22 18:02:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/12 04:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
() (No name found) -- C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8B6EQX2G.DEFAULT\EXTENSIONS\{02450954-CDD9-410F-B1DA-DB804E18C671}.XPI
() (No name found) -- C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8B6EQX2G.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8B6EQX2G.DEFAULT\EXTENSIONS\PBUPLOAD@PHOTOBUCKET.COM.XPI
[2011/10/10 20:56:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/10 20:56:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/10/29 19:12:14 | 000,002,185 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\facesmoochtb.xml

========== Chrome ==========

CHR - default_search_provider: The Internet Movie Database (IMDb) (Enabled)
CHR - default_search_provider: search_url = http://www.imdb.com/find?s=all&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.14_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.16_0\
CHR - Extension: Readable by Evernote = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\halondangdgpjbcemokdmjlpjmndpljd\1.3313.163.470_0\
CHR - Extension: Readable by Evernote = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\halondangdgpjbcemokdmjlpjmndpljd\1.3313.163.470_1\

O1 HOSTS File: ([2011/12/15 19:24:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (FaceSmooch Toolbar) - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files (x86)\facesmoochtb\facesmoochDx.dll File not found
O2 - BHO: (Updater For FaceSmooch Toolbar) - {41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} - C:\Program Files (x86)\facesmoochtb\auxi\facesmoochAu.dll File not found
O3 - HKLM\..\Toolbar: (FaceSmooch Toolbar) - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files (x86)\facesmoochtb\facesmoochDx.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF17639.3XE (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Paul\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF17639.3XE (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MP3 Rocket (Minimized).lnk = File not found
O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Texter.lnk = C:\Program Files (x86)\Texter\texter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A572524-78C6-4EEA-82EC-40C541C42D1E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FBA79C8-743B-45CB-B3F6-4EC3856F55EA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FBA79C8-743B-45CB-B3F6-4EC3856F55EA}: NameServer = 8.8.8.8,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/15 20:15:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/15 20:15:06 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\temp
[2011/12/15 19:58:18 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/12/15 19:13:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/15 19:13:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/15 19:13:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/15 19:13:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/15 19:13:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/14 21:12:49 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/14 21:12:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 21:12:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 21:12:48 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 21:12:48 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 21:12:48 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 21:12:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 20:36:11 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 20:36:10 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/14 20:11:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/12 18:21:06 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{48145C7F-EE2A-4542-8DE2-EB933E2C2562}
[2011/12/06 19:25:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{E3B6484C-CC8D-456B-AB9C-0E89D4A6E3B6}
[2011/12/06 19:25:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{7FD2D6D9-9EF2-4759-9A5C-C942209B8236}
[2011/11/29 14:12:50 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{3E43F9C9-58FB-4810-A1F5-E0D81AD74A10}
[2011/11/29 14:12:39 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{F11BD7AC-FA3C-4B76-A58C-EE0A4119DE80}
[2011/11/27 11:37:13 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{4C410295-EADF-499D-9D6F-CFD5CCA8EF8A}
[2011/11/19 23:42:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{090930C6-A55A-4E56-8715-C825D788A9CF}
[2011/11/19 23:42:19 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{0BD7DD2A-D698-4CE1-B0F7-7C3D630C1AF4}
[2011/11/19 10:53:57 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{80D1E28B-63EE-4595-A64D-EA30695E31EF}
[2011/11/19 10:53:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{F4967D60-9D78-460D-955D-75FCAFEED890}

========== Files - Modified Within 30 Days ==========

[2011/12/15 20:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/15 20:23:33 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/15 20:23:33 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/15 20:20:42 | 000,782,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/15 20:20:42 | 000,667,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/15 20:20:42 | 000,126,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/15 20:16:24 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/15 20:15:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/15 20:15:50 | 3113,295,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/15 19:24:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/15 03:21:04 | 004,853,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 18:19:55 | 000,000,512 | ---- | M] () -- C:\Users\Paul\Documents\MBR.dat
[2011/12/12 18:18:49 | 000,000,512 | ---- | M] () -- C:\Users\Paul\Desktop\MBR.dat
[2011/12/12 18:17:38 | 000,000,168 | ---- | M] () -- C:\Users\Paul\defogger_reenable
[2011/12/10 14:59:13 | 000,000,971 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/12/10 14:59:13 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/12/09 14:40:30 | 000,003,974 | ---- | M] () -- C:\Users\Paul\Desktop\Attach.zip
[2011/11/19 10:54:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/12/15 19:13:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/15 19:13:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/15 19:13:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/15 19:13:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/15 19:13:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/12 18:19:55 | 000,000,512 | ---- | C] () -- C:\Users\Paul\Documents\MBR.dat
[2011/12/12 18:18:49 | 000,000,512 | ---- | C] () -- C:\Users\Paul\Desktop\MBR.dat
[2011/12/12 18:17:37 | 000,000,168 | ---- | C] () -- C:\Users\Paul\defogger_reenable
[2011/12/10 14:59:13 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/12/09 14:40:30 | 000,003,974 | ---- | C] () -- C:\Users\Paul\Desktop\Attach.zip
[2011/07/07 19:29:03 | 000,001,456 | ---- | C] () -- C:\Users\Paul\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/07/07 13:32:18 | 000,000,132 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/06/19 14:01:15 | 000,000,132 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/05/13 14:38:36 | 000,000,132 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/20 07:22:21 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/20 07:22:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/09 16:22:55 | 000,000,077 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/04/09 16:22:49 | 000,031,846 | ---- | C] () -- C:\Windows\SysWow64\Ckldrv.sys
[2011/04/09 16:22:49 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/04/09 16:22:49 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/04/09 16:22:49 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/02/17 20:36:52 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/02/10 06:32:14 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2011/02/09 16:37:18 | 000,002,384 | ---- | C] () -- C:\Windows\SysWow64\LOWERP.ini
[2011/02/09 16:37:18 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\LPOff.ini
[2011/02/09 06:55:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/02/02 20:39:43 | 000,000,600 | ---- | C] () -- C:\Users\Paul\AppData\Local\PUTTY.RND
[2011/02/02 15:23:37 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/02/01 16:12:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/01 16:00:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/01 15:36:03 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/02/01 15:35:40 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/01 15:11:20 | 000,768,550 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2005/10/14 09:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005/10/14 09:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005/10/14 09:56:50 | 000,778,240 | ---- | C] () -- C:\Windows\SysWow64\DivXsm.exe
[2005/10/14 09:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005/10/14 09:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005/10/14 09:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005/10/14 09:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005/10/14 09:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005/10/14 09:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

========== LOP Check ==========

[2011/07/29 19:36:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ADVIZOR Solutions, Inc
[2011/08/18 12:20:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Audacity
[2011/07/22 14:59:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Blueberry
[2011/06/21 17:55:08 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CBS Interactive
[2011/07/19 23:50:52 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/04 20:01:12 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\com.userlytics.studio.62F3C6489AAEBB5EA6D06458DD51566F7BEEA00A.1
[2011/04/20 06:29:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DAEMON Tools Lite
[2011/04/24 07:23:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Easy Macro Recorder
[2011/04/02 12:28:44 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo
[2011/02/02 15:24:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GlobalSCAPE
[2011/04/03 10:42:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\HDRsoft
[2011/06/10 06:15:09 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Leadertech
[2011/03/31 23:03:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\LogSys
[2011/08/11 00:06:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/06/20 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MP3Rocket
[2011/04/29 10:20:17 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\My Games
[2011/07/03 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Notepad++
[2011/02/02 18:20:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenOffice.org
[2011/04/20 07:22:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PunkBuster
[2011/07/11 00:22:45 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Research In Motion
[2011/08/18 17:50:03 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\SanDisk
[2011/07/13 09:04:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Sick Marketing
[2011/04/02 20:47:52 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TeamViewer
[2011/02/10 06:34:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Tencent
[2011/05/11 17:54:06 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TS3Client
[2011/09/05 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TweetAdder3
[2011/12/10 14:59:14 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\uTorrent
[2011/02/01 15:34:53 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Windows Live Writer
[2011/03/20 13:25:01 | 000,000,000 | -HSD | M] -- C:\Users\Paul\AppData\Roaming\wyUpdate AU
[2011/11/10 12:29:02 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 12/15/2011 9:00:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\James\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 70.79% Memory free
7.73 Gb Paging File | 6.42 Gb Available in Paging File | 83.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 8.58 Gb Free Space | 8.79% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 41.39 Gb Free Space | 42.38% Space Free | Partition Type: NTFS
Drive E: | 270.44 Gb Total Space | 108.46 Gb Free Space | 40.11% Space Free | Partition Type: NTFS
Drive F: | 452.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 100.00 Mb Total Space | 70.07 Mb Free Space | 70.07% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA64B79-30A1-F52E-D801-B07CF05FFFAF}" = ccc-utility64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D8DACA27-C2D9-9E8E-A8A5-A10E0C670D01}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PhotomatixPro4.0x64_is1" = Photomatix Pro version 4.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 beta 5 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{016095EE-5BB3-791C-A558-06412FF78691}" = CCC Help Russian
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10F4A085-EA81-594B-C0B8-ADF013D26B8E}" = CCC Help Turkish
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14EC371D-145C-9AC3-B3A8-EA90C6B0325E}" = PX Profile Update
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1942E836-414C-4414-672B-93FCC8CC18AB}" = CCC Help Danish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{284AE43C-30E4-B57E-A234-05496D05AB68}" = Catalyst Control Center Graphics Previews Vista
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{32354BAB-8BAE-7189-6E3F-922D47292D3D}" = CCC Help Czech
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5735A865-CD31-5788-DA38-AAB06EAED9F4}" = CCC Help Hungarian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5901E428-EC91-71EE-BA56-9417E40BE182}" = ccc-core-static
"{5F33C9B4-DDCD-4061-874E-E471310AEAAE}" = Scratch Live 2.3.0 (23065)
"{60AA5155-39C7-14AA-FB4B-489B1C8DE9A1}" = CCC Help Chinese Traditional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72449E65-4852-2FD9-F603-D77E39DD3CF6}" = CCC Help Finnish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AF10B4-52A5-4E94-BBA4-2413264D43DD}" = Tweet Adder 3
"{7703542C-3842-C5EE-2452-B006F441A162}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F529418-344D-3792-F7B6-04EB805F5931}" = CCC Help English
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89135274-728D-EFAB-472C-A1691369B21D}" = Market Samurai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{91F29ED6-6C82-F83D-BF8D-3E67D18E7249}" = Catalyst Control Center Localization All
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{990EEE1A-4D64-16AF-A944-AD97AE080D26}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A98031B-0A1A-AFDC-87F4-AAFDC1E97B7D}" = CCC Help Portuguese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AEAA9D8A-A347-0FC4-5CAF-D9F2236FCF49}" = CCC Help French
"{AEB43F42-8F9D-DBD8-0B11-941CC27C174A}" = CCC Help Norwegian
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{C2EE73BE-CD73-6EC9-A5A0-0E080A60A00E}" = CCC Help Chinese Standard
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{CFCF4223-BC7B-110C-4E19-5FF025721C4B}" = CCC Help Spanish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E17D581A-6949-6A53-7A18-E80C6BDCC800}" = CCC Help Italian
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96D1A04-B0B4-0788-D70F-0A9BB9C503BD}" = CCC Help Korean
"{EB5E21BC-AC56-A45D-5593-A1C55A380677}" = CCC Help Swedish
"{ECEDC447-3EED-6F90-CB39-0A49BD2D63DE}" = CCC Help Thai
"{EF45FBBD-3CE8-698B-AC44-C693468F53D3}" = CCC Help Greek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F47BEA79-07F3-5602-76B4-B9B9042269A1}" = Catalyst Control Center InstallProxy
"{F73D3B6A-4E5F-E93D-C7C3-65DE80BEE0E7}" = CCC Help Dutch
"{F9D7691A-E3CD-EF15-DE38-EDF0BB1E345F}" = CCC Help Japanese
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alarm Clock_is1" = Alarm Clock v1.0
"Audacity 1.3 Beta_is1" = Audacity 1.3.12
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy Macro Recorder_is1" = Easy Macro Recorder 4.0
"Google Chrome" = Google Chrome
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Notepad++" = Notepad++
"OnlyWire" = OnlyWire
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.4.0
"Stealth Keyword Competition Analyzer_is1" = Stealth Keyword Competition Analyzer 2.2
"Steam App 240" = Counter-Strike: Source
"Steam App 440" = Team Fortress 2
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"4086567683.d.seesmic.com" = Seesmic Desktop 2
"CNET TechTracker" = CNET TechTracker
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Thread: Infected by trojan.

Thread Tools

Display

Infected by trojan.

Posting Permissions