Link Hijacking

December 10, 2009 at 10:18:45
Specs: Windows 7 Home Premium
Over the last two days I've started to get my search engines redirected to random sites. Nothing is popping up on any antivirus, spyware, or malware scans. Any assistance would be appreciated.

See More: Link Hijacking

Report •


#1
December 10, 2009 at 14:03:15
What is it that you re using to scan with? Chances are you got a rootkit that replaced the IEXPLORE.EXE file. To fix this you have to do a lot of manual changes. Check this post out...

http://www.computing.net/answers/se...

I believe MalwareBytes can fix it...

http://www.malwarebytes.org/


Report •

#2
December 10, 2009 at 14:17:45
Please run the following scans and post their results.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply. It may take 3 to 4 post to get the entire log to us.

Download Gmer.exe from the following link.

Link1

1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.


Report •

#3
December 11, 2009 at 16:50:25
When I run RSIT I get an error whnever it gets to listing services and drivers:
Line -1:
Error: Variable used without being declared.
It then closes the program. I did get this file out of C:\RIST:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Theo at 2009-12-11 18:49:32
Microsoft Windows 7 Home Premium
System drive C: has 97 GB (43%) free of 223 GB
Total RAM: 3067 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:34 PM, on 12/11/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Users\Theo\Desktop\RSIT.exe
C:\Program Files\trend micro\Theo.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/sof...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9923 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Efqpjjfs.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-11-30 1422632]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-11-13 1807600]
"Dell Webcam Central"=C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [2008-11-11 442536]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-06-29 458844]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-29 98304]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2009-08-07 2930768]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-06-03 206064]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-08-25 2171904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-02-04 128232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
C:\Program Files\Dell Video Chat\DellVideoChat.exe [2009-06-19 4825976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\valve\steam\steam.exe [2009-11-24 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2009-07-13 660480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MediaTV Monitor.lnk]
C:\PROGRA~1\ADSTEC~1\MEDIAT~1\MEDIAT~1.EXE [2007-03-05 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Theo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE [2008-10-25 98696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
VPN Client.lnk - C:\Windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico

C:\Users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]


Report •

Related Solutions

#4
December 11, 2009 at 16:50:47
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-11 18:45:48 ----D---- C:\Program Files\trend micro
2009-12-11 18:45:46 ----D---- C:\rsit
2009-12-10 12:07:01 ----D---- C:\Program Files\SpywareBlaster
2009-12-10 11:33:25 ----A---- C:\Windows\system32\javaws.exe
2009-12-10 11:33:25 ----A---- C:\Windows\system32\javaw.exe
2009-12-10 11:33:25 ----A---- C:\Windows\system32\java.exe
2009-12-10 11:10:39 ----HDC---- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-10 11:10:30 ----D---- C:\ProgramData\Lavasoft
2009-12-10 11:10:30 ----D---- C:\Program Files\Lavasoft
2009-12-09 21:18:08 ----RASH---- C:\Windows\system32\p2pcollabe.dll
2009-12-09 13:56:18 ----A---- C:\Windows\system32\MRT.exe
2009-12-08 21:57:13 ----A---- C:\Windows\system32\mshtml.dll
2009-12-08 21:57:12 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-02 18:53:21 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-11-25 22:21:52 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 22:21:39 ----D---- C:\Program Files\MSXML 4.0
2009-11-21 20:10:37 ----D---- C:\ProgramData\eSellerate
2009-11-21 20:10:37 ----D---- C:\Program Files\Common Files\eSellerate
2009-11-21 20:10:33 ----D---- C:\Program Files\NewBlue
2009-11-21 14:09:24 ----N---- C:\Windows\system32\MpSigStub.exe
2009-11-21 03:14:18 ----A---- C:\Windows\system32\msv1_0.dll
2009-11-21 03:09:08 ----A---- C:\Windows\system32\msasn1.dll
2009-11-21 03:09:07 ----A---- C:\Windows\system32\wmp.dll
2009-11-21 03:09:06 ----A---- C:\Windows\system32\CertEnroll.dll
2009-11-21 03:09:06 ----A---- C:\Windows\explorer.exe
2009-11-21 03:09:05 ----A---- C:\Windows\system32\wmploc.DLL
2009-11-21 03:09:05 ----A---- C:\Windows\system32\winresume.exe
2009-11-21 03:09:05 ----A---- C:\Windows\system32\winload.exe
2009-11-21 03:09:05 ----A---- C:\Windows\system32\t2embed.dll
2009-11-21 03:09:05 ----A---- C:\Windows\system32\fontsub.dll
2009-11-21 03:09:05 ----A---- C:\Windows\system32\atmfd.dll
2009-11-20 22:24:32 ----A---- C:\Windows\system32\Oemdspif.dll
2009-11-20 22:24:31 ----A---- C:\Windows\system32\atitmmxx.dll
2009-11-20 22:24:31 ----A---- C:\Windows\system32\atipdlxx.dll
2009-11-20 22:24:29 ----A---- C:\Windows\system32\atioglxx.dll
2009-11-20 22:24:29 ----A---- C:\Windows\system32\atimuixx.dll
2009-11-20 22:24:29 ----A---- C:\Windows\system32\atimpc32.dll
2009-11-20 22:24:29 ----A---- C:\Windows\system32\amdpcom32.dll
2009-11-20 22:24:28 ----A---- C:\Windows\system32\atiesrxx.exe
2009-11-20 22:24:28 ----A---- C:\Windows\system32\atieclxx.exe
2009-11-20 22:24:28 ----A---- C:\Windows\system32\ATIDEMGX.dll
2009-11-20 22:24:28 ----A---- C:\Windows\system32\aticalrt.dll
2009-11-20 22:24:28 ----A---- C:\Windows\system32\aticaldd.dll
2009-11-20 22:24:28 ----A---- C:\Windows\system32\aticalcl.dll
2009-11-20 22:24:28 ----A---- C:\Windows\system32\atiadlxx.dll
2009-11-20 22:24:28 ----A---- C:\Windows\system32\ati2edxx.dll
2009-11-20 21:00:33 ----D---- C:\Program Files\Common Files\Steam
2009-11-20 20:45:21 ----D---- C:\Windows\Panther
2009-11-20 20:36:13 ----A---- C:\Windows\system32\GEARAspi.dll
2009-11-20 20:35:02 ----D---- C:\Program Files\iTunes
2009-11-20 20:35:02 ----D---- C:\Program Files\iPod
2009-11-20 20:32:58 ----D---- C:\Program Files\QuickTime
2009-11-20 20:32:45 ----HD---- C:\$WINDOWS.~Q
2009-11-20 20:23:28 ----D---- C:\Users\Theo\AppData\Roaming\HPAppData
2009-11-20 20:21:26 ----HD---- C:\$INPLACE.~TR
2009-11-20 20:18:36 ----D---- C:\Program Files\Dell Video Chat
2009-11-20 20:17:10 ----D---- C:\ProgramData\SupportSoft
2009-11-20 20:15:29 ----D---- C:\Program Files\Dell Support Center
2009-11-20 20:15:25 ----D---- C:\Program Files\Common Files\supportsoft
2009-11-20 20:14:51 ----D---- C:\ProgramData\ATI
2009-11-20 20:12:40 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-11-20 20:12:11 ----D---- C:\Program Files\ATI
2009-11-20 20:10:26 ----D---- C:\Program Files\Creative Live! Cam
2009-11-20 20:07:53 ----N---- C:\Windows\system32\stapi32.dll
2009-11-20 20:04:47 ----A---- C:\Windows\system32\ctapo32.dll
2009-11-20 20:04:47 ----A---- C:\Windows\system32\aestecap.dll
2009-11-20 20:04:47 ----A---- C:\Windows\system32\aestaren.dll
2009-11-20 20:04:47 ----A---- C:\Windows\system32\aestacap.dll
2009-11-20 20:04:46 ----A---- C:\Windows\system32\stlang.dll
2009-11-20 20:04:46 ----A---- C:\Windows\system32\idtmini1.exe
2009-11-20 20:04:46 ----A---- C:\Windows\system32\ctppld.dll
2009-11-20 20:03:41 ----A---- C:\Windows\system32\st326217.dll
2009-11-20 19:58:12 ----SHD---- C:\Recovery
2009-11-20 18:55:18 ----SD---- C:\Users\Theo\AppData\Roaming\Microsoft
2009-11-20 18:55:18 ----D---- C:\Users\Theo\AppData\Roaming\Media Center Programs
2009-11-20 18:54:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-20 18:53:57 ----D---- C:\Windows\system32\URTTEMP
2009-11-20 18:53:31 ----SHD---- C:\Windows\Installer
2009-11-20 18:50:13 ----D---- C:\Program Files\IDT
2009-11-20 18:50:13 ----A---- C:\Windows\system32\stcplx.dll
2009-11-20 18:50:13 ----A---- C:\Windows\system32\stapo.dll
2009-11-20 18:50:10 ----A---- C:\Windows\system32\AESTCom.dll
2009-11-20 18:50:08 ----D---- C:\Windows\system32\SRSLabs
2009-11-20 18:49:35 ----D---- C:\Program Files\Synaptics
2009-11-20 18:47:47 ----D---- C:\Windows\Prefetch
2009-11-20 18:15:37 ----RASH---- C:\BOOTSECT.BAK
2009-11-19 15:24:43 ----D---- C:\Fraps
2009-11-19 00:43:56 ----D---- C:\Users\Theo\AppData\Roaming\Screaming Bee
2009-11-17 23:00:48 ----A---- C:\Windows\system32\frapsvid.dll


Report •

#5
December 11, 2009 at 16:51:52
======List of files/folders modified in the last 1 months======

2009-12-11 18:49:32 ----D---- C:\Windows\Temp
2009-12-11 18:45:48 ----RD---- C:\Program Files
2009-12-11 18:44:29 ----D---- C:\Users\Theo\AppData\Roaming\Skype
2009-12-11 18:43:36 ----D---- C:\Program Files\Mozilla Firefox
2009-12-11 16:37:19 ----D---- C:\Windows\System32
2009-12-11 16:37:18 ----D---- C:\Windows\inf
2009-12-11 16:36:39 ----D---- C:\Windows\system32\config
2009-12-11 16:33:29 ----D---- C:\Windows\system32\Tasks
2009-12-11 16:33:26 ----D---- C:\Users\Theo\AppData\Roaming\Spyware Terminator
2009-12-11 16:32:46 ----D---- C:\Users\Theo\AppData\Roaming\skypePM
2009-12-10 14:54:24 ----D---- C:\Users\Theo\AppData\Roaming\Audacity
2009-12-10 12:08:52 ----D---- C:\Program Files\Spyware Terminator
2009-12-10 12:08:15 ----AD---- C:\ProgramData\TEMP
2009-12-10 11:50:18 ----D---- C:\Windows\Tasks
2009-12-10 11:45:30 ----D---- C:\Windows
2009-12-10 11:33:28 ----HD---- C:\Config.Msi
2009-12-10 11:33:20 ----D---- C:\Program Files\Java
2009-12-10 11:32:50 ----D---- C:\ProgramData\Spyware Terminator
2009-12-10 11:13:10 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-10 11:13:10 ----D---- C:\Windows\system32\drivers
2009-12-10 11:13:10 ----D---- C:\Windows\system32\catroot
2009-12-10 11:10:39 ----HD---- C:\ProgramData
2009-12-10 00:16:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-09 23:00:22 ----SHD---- C:\System Volume Information
2009-12-09 20:58:51 ----D---- C:\Users\Theo\AppData\Roaming\uTorrent
2009-12-09 13:56:20 ----D---- C:\Windows\debug
2009-12-09 00:34:03 ----D---- C:\ProgramData\Microsoft Help
2009-12-09 00:33:25 ----RSD---- C:\Windows\assembly
2009-12-08 21:51:35 ----D---- C:\Windows\system32\catroot2
2009-12-08 21:51:33 ----D---- C:\Windows\winsxs
2009-12-06 15:34:04 ----D---- C:\Users\Theo\AppData\Roaming\gtk-2.0
2009-12-02 18:53:15 ----D---- C:\Program Files\Dell DataSafe Online
2009-11-27 17:53:21 ----D---- C:\Windows\rescache
2009-11-25 22:22:03 ----D---- C:\Windows\system32\en-US
2009-11-22 21:04:38 ----D---- C:\Users\Theo\AppData\Roaming\HpUpdate
2009-11-22 14:57:03 ----D---- C:\Windows\system32\NDF
2009-11-22 12:50:46 ----D---- C:\Windows\pss
2009-11-21 20:30:54 ----D---- C:\Program Files\Vstplugins
2009-11-21 20:11:08 ----D---- C:\Windows\system32\LogFiles
2009-11-21 20:10:37 ----D---- C:\Program Files\Common Files
2009-11-21 17:57:31 ----D---- C:\Windows\system32\wdi
2009-11-21 16:47:08 ----A---- C:\Windows\win.ini
2009-11-21 14:24:52 ----D---- C:\Windows\Microsoft.NET
2009-11-21 03:33:08 ----D---- C:\Windows\system32\Boot
2009-11-21 03:33:08 ----D---- C:\Windows\ehome
2009-11-21 03:33:08 ----D---- C:\Windows\AppPatch
2009-11-21 03:33:08 ----D---- C:\Program Files\Windows Media Player
2009-11-21 03:33:08 ----D---- C:\Program Files\Internet Explorer
2009-11-21 00:38:08 ----D---- C:\Windows\system32\DriverStore
2009-11-20 23:45:51 ----D---- C:\Program Files\Windows Sidebar
2009-11-20 23:45:45 ----D---- C:\Windows\system32\spool
2009-11-20 21:03:19 ----D---- C:\ProgramData\Symantec
2009-11-20 21:03:18 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-11-20 20:45:04 ----SHD---- C:\boot
2009-11-20 20:42:46 ----SD---- C:\Windows\system32\Microsoft
2009-11-20 20:35:02 ----D---- C:\Program Files\Common Files\Apple
2009-11-20 20:32:58 ----D---- C:\ProgramData\Apple Computer
2009-11-20 20:19:29 ----D---- C:\ProgramData\Dell
2009-11-20 20:19:07 ----D---- C:\Program Files\Dell
2009-11-20 20:14:06 ----D---- C:\Program Files\ATI Technologies
2009-11-20 20:11:06 ----D---- C:\Program Files\Dell Webcam
2009-11-20 20:09:52 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-20 20:00:51 ----D---- C:\Windows\system32\wbem
2009-11-20 20:00:42 ----D---- C:\Windows\system32\restore
2009-11-20 19:58:12 ----D---- C:\Windows\system32\Recovery
2009-11-20 19:51:46 ----D---- C:\Windows\SoftwareDistribution
2009-11-20 19:42:16 ----D---- C:\Windows\Registration
2009-11-20 19:40:44 ----RSD---- C:\Windows\Media
2009-11-20 19:40:37 ----HD---- C:\Windows\system32\GroupPolicy
2009-11-20 19:33:34 ----RD---- C:\Users
2009-11-20 19:28:34 ----D---- C:\Users\Theo\AppData\Roaming\WinRAR
2009-11-20 19:28:33 ----D---- C:\Users\Theo\AppData\Roaming\Ulead Systems
2009-11-20 19:28:31 ----D---- C:\Users\Theo\AppData\Roaming\Thunderbird
2009-11-20 19:28:31 ----D---- C:\Users\Theo\AppData\Roaming\Stardock
2009-11-20 19:28:30 ----D---- C:\Users\Theo\AppData\Roaming\Sony Creative Software
2009-11-20 19:28:30 ----D---- C:\Users\Theo\AppData\Roaming\Sony
2009-11-20 19:28:25 ----RHD---- C:\Users\Theo\AppData\Roaming\SecuROM
2009-11-20 19:28:25 ----D---- C:\Users\Theo\AppData\Roaming\Reallusion
2009-11-20 19:28:25 ----D---- C:\Users\Theo\AppData\Roaming\Publish Providers
2009-11-20 19:28:25 ----D---- C:\Users\Theo\AppData\Roaming\proDAD
2009-11-20 19:28:25 ----D---- C:\Users\Theo\AppData\Roaming\Oracle
2009-11-20 19:28:25 ----D---- C:\Users\Theo\AppData\Roaming\NetMedia Providers
2009-11-20 19:28:23 ----D---- C:\Users\Theo\AppData\Roaming\Mozilla
2009-11-20 19:27:44 ----D---- C:\Users\Theo\AppData\Roaming\Malwarebytes
2009-11-20 19:27:33 ----D---- C:\Users\Theo\AppData\Roaming\Macromedia
2009-11-20 19:27:33 ----D---- C:\Users\Theo\AppData\Roaming\InstallShield
2009-11-20 19:27:33 ----D---- C:\Users\Theo\AppData\Roaming\Identities
2009-11-20 19:27:33 ----D---- C:\Users\Theo\AppData\Roaming\HP
2009-11-20 19:27:33 ----D---- C:\Users\Theo\AppData\Roaming\Dell
2009-11-20 19:27:33 ----D---- C:\Users\Theo\AppData\Roaming\Creative
2009-11-20 19:27:32 ----D---- C:\Users\Theo\AppData\Roaming\ATI
2009-11-20 19:27:32 ----D---- C:\Users\Theo\AppData\Roaming\ArcSoft
2009-11-20 19:27:32 ----D---- C:\Users\Theo\AppData\Roaming\Apple Computer
2009-11-20 19:27:32 ----D---- C:\Users\Theo\AppData\Roaming\Adobe
2009-11-20 19:14:01 ----D---- C:\Windows\WindowsMobile
2009-11-20 19:14:01 ----D---- C:\Windows\Users
2009-11-20 19:14:01 ----D---- C:\Windows\twain_32
2009-11-20 19:14:01 ----D---- C:\Windows\system32\zh-TW
2009-11-20 19:14:01 ----D---- C:\Windows\system32\zh-HK
2009-11-20 19:14:01 ----D---- C:\Windows\system32\XPSViewer
2009-11-20 19:14:01 ----D---- C:\Windows\system32\tr-TR
2009-11-20 19:14:00 ----D---- C:\Windows\system32\sysprep
2009-11-20 19:14:00 ----D---- C:\Windows\system32\sv-SE
2009-11-20 19:14:00 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-20 19:13:54 ----D---- C:\Windows\system32\RemInst
2009-11-20 19:13:54 ----D---- C:\Windows\system32\pt-BR
2009-11-20 19:13:54 ----D---- C:\Windows\system32\oobe
2009-11-20 19:13:54 ----D---- C:\Windows\system32\oem
2009-11-20 19:13:54 ----D---- C:\Windows\system32\nl-NL
2009-11-20 19:13:54 ----D---- C:\Windows\system32\nb-NO
2009-11-20 19:13:54 ----D---- C:\Windows\system32\Macromed
2009-11-20 19:13:54 ----D---- C:\Windows\system32\ko-KR
2009-11-20 19:13:54 ----D---- C:\Windows\system32\it-IT
2009-11-20 19:13:54 ----D---- C:\Windows\system32\he-IL
2009-11-20 19:13:54 ----D---- C:\Windows\system32\fr-FR
2009-11-20 19:13:54 ----D---- C:\Windows\system32\fi-FI
2009-11-20 19:13:54 ----D---- C:\Windows\system32\EventProviders
2009-11-20 19:13:54 ----D---- C:\Windows\system32\es-ES
2009-11-20 19:13:53 ----D---- C:\Windows\system32\el-GR
2009-11-20 19:13:52 ----D---- C:\Windows\system32\de-DE
2009-11-20 19:13:52 ----D---- C:\Windows\system32\da-DK
2009-11-20 19:13:52 ----D---- C:\Windows\system32\Branding
2009-11-20 19:13:52 ----D---- C:\Windows\system32\ar-SA
2009-11-20 19:13:52 ----D---- C:\Windows\system32\AGEIA
2009-11-20 19:13:52 ----D---- C:\Windows\system32\Adobe
2009-11-20 19:13:47 ----D---- C:\Windows\Sun
2009-11-20 19:13:47 ----D---- C:\Windows\Speech
2009-11-20 19:13:47 ----D---- C:\Windows\ShellNew
2009-11-20 19:13:46 ----D---- C:\Windows\nap
2009-11-20 19:13:42 ----D---- C:\Windows\Logs
2009-11-20 19:13:42 ----D---- C:\Windows\lhsp
2009-11-20 19:13:25 ----RSD---- C:\Windows\Fonts
2009-11-20 19:13:25 ----D---- C:\Windows\Hewlett-Packard
2009-11-20 19:13:25 ----D---- C:\Windows\Help
2009-11-20 19:13:11 ----D---- C:\Windows\F3C1DE9E5E164BA9B8547B53A45E3579.TMP
2009-11-20 19:13:11 ----D---- C:\Windows\Downloaded Program Files
2009-11-20 19:13:10 ----D---- C:\Windows\CtDrvInstall
2009-11-20 19:13:10 ----D---- C:\Windows\Boot
2009-11-20 19:13:08 ----HDC---- C:\ProgramData\{DF6E6A21-48E9-4FBD-B0B2-9E838A1DFED0}
2009-11-20 19:13:07 ----HDC---- C:\ProgramData\{6F7EF3E6-7F1B-4824-84CD-E8DF6F1B4168}
2009-11-20 19:13:07 ----HDC---- C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2009-11-20 19:13:07 ----HDC---- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-11-20 19:13:07 ----HDC---- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2009-11-20 19:13:07 ----HD---- C:\ProgramData\{5553977E-AF8B-4870-AEB6-53B6C1BC822D}
2009-11-20 19:13:07 ----D---- C:\ProgramData\WEBREG
2009-11-20 19:13:07 ----D---- C:\ProgramData\Uninstall
2009-11-20 19:13:07 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-11-20 19:13:07 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-20 19:13:06 ----D---- C:\ProgramData\Ulead Systems
2009-11-20 19:12:56 ----D---- C:\ProgramData\Stardock
2009-11-20 19:12:56 ----D---- C:\ProgramData\Sony
2009-11-20 19:12:56 ----D---- C:\ProgramData\Sonic
2009-11-20 19:12:56 ----D---- C:\ProgramData\Skype
2009-11-20 19:12:51 ----D---- C:\ProgramData\PC-Doctor
2009-11-20 19:12:51 ----D---- C:\ProgramData\Office Genuine Advantage
2009-11-20 19:12:51 ----D---- C:\ProgramData\NCH Software
2009-11-20 19:12:50 ----SD---- C:\ProgramData\Microsoft
2009-11-20 19:12:39 ----D---- C:\ProgramData\Media Center Programs
2009-11-20 19:12:39 ----D---- C:\ProgramData\McAfee
2009-11-20 19:12:39 ----D---- C:\ProgramData\Malwarebytes
2009-11-20 19:12:39 ----D---- C:\ProgramData\Ironclad Games
2009-11-20 19:12:39 ----D---- C:\ProgramData\InstallShield
2009-11-20 19:12:39 ----D---- C:\ProgramData\HP Product Assistant
2009-11-20 19:12:39 ----D---- C:\ProgramData\HP
2009-11-20 19:12:31 ----D---- C:\ProgramData\Hewlett-Packard
2009-11-20 19:12:31 ----D---- C:\ProgramData\Electronic Arts
2009-11-20 19:12:30 ----D---- C:\ProgramData\Creative
2009-11-20 19:12:29 ----D---- C:\ProgramData\CCP
2009-11-20 19:12:28 ----D---- C:\ProgramData\Avira
2009-11-20 19:12:28 ----D---- C:\ProgramData\Autodesk
2009-11-20 19:12:28 ----D---- C:\ProgramData\Apple
2009-11-20 19:12:28 ----D---- C:\ProgramData\Adobe
2009-11-20 19:12:28 ----D---- C:\Program Files\WinRAR
2009-11-20 19:12:27 ----D---- C:\Program Files\Windows Photo Gallery
2009-11-20 19:12:27 ----D---- C:\Program Files\Windows Media Components
2009-11-20 19:12:27 ----D---- C:\Program Files\Windows Live SkyDrive
2009-11-20 19:12:26 ----D---- C:\Program Files\Windows Live
2009-11-20 19:12:24 ----D---- C:\Program Files\Windows Calendar
2009-11-20 19:04:24 ----D---- C:\Program Files\Valve
2009-11-20 19:04:24 ----D---- C:\Program Files\uTorrent
2009-11-20 19:04:21 ----D---- C:\Program Files\tamasoftware
2009-11-20 19:03:45 ----D---- C:\Program Files\Stardock Games
2009-11-20 19:03:42 ----D---- C:\Program Files\Stardock
2009-11-20 19:03:40 ----D---- C:\Program Files\Sony Setup
2009-11-20 19:03:37 ----D---- C:\Program Files\Sony
2009-11-20 19:03:35 ----RD---- C:\Program Files\Skype
2009-11-20 19:03:34 ----D---- C:\Program Files\Roxio
2009-11-20 19:03:33 ----D---- C:\Program Files\RenegadePublicTools
2009-11-20 19:03:20 ----D---- C:\Program Files\Oracle
2009-11-20 19:03:20 ----D---- C:\Program Files\OpenLibraries
2009-11-20 19:03:19 ----D---- C:\Program Files\OpenAL
2009-11-20 19:03:19 ----D---- C:\Program Files\MSBuild
2009-11-20 19:03:19 ----D---- C:\Program Files\Mozilla Thunderbird
2009-11-20 19:03:14 ----D---- C:\Program Files\Microsoft.NET
2009-11-20 19:03:14 ----D---- C:\Program Files\Microsoft Works
2009-11-20 19:03:06 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2009-11-20 19:03:06 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-11-20 19:03:06 ----D---- C:\Program Files\Microsoft Visual Studio
2009-11-20 19:03:05 ----D---- C:\Program Files\Microsoft Sync Framework
2009-11-20 19:03:05 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-11-20 19:03:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-11-20 19:03:04 ----D---- C:\Program Files\Microsoft Office
2009-11-20 19:02:19 ----D---- C:\Program Files\Microsoft IntelliPoint
2009-11-20 19:02:19 ----D---- C:\Program Files\Microsoft Games
2009-11-20 19:02:18 ----D---- C:\Program Files\Microsoft
2009-11-20 19:02:17 ----D---- C:\Program Files\Lame for Audacity
2009-11-20 19:02:07 ----D---- C:\Program Files\HP
2009-11-20 19:01:43 ----D---- C:\Program Files\Google
2009-11-20 19:01:42 ----D---- C:\Program Files\gmax
2009-11-20 19:01:23 ----D---- C:\Program Files\GIMP-2.0
2009-11-20 19:00:57 ----D---- C:\Program Files\GameSpy
2009-11-20 19:00:57 ----D---- C:\Program Files\Free Mp3WmaOgg Converter
2009-11-20 19:00:57 ----D---- C:\Program Files\Electronic Arts
2009-11-20 18:59:15 ----D---- C:\Program Files\EA Games
2009-11-20 18:58:49 ----D---- C:\Program Files\Dell Inc
2009-11-20 18:58:42 ----D---- C:\Program Files\CyberLink
2009-11-20 18:58:33 ----HD---- C:\Program Files\Creative Installation Information
2009-11-20 18:58:31 ----D---- C:\Program Files\Creative
2009-11-20 18:58:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-20 18:58:18 ----D---- C:\Program Files\Common Files\Windows Live
2009-11-20 18:58:18 ----D---- C:\Program Files\Common Files\Ulead Systems
2009-11-20 18:58:16 ----D---- C:\Program Files\Common Files\System
2009-11-20 18:58:14 ----D---- C:\Program Files\Common Files\SureThing Shared
2009-11-20 18:58:14 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-11-20 18:58:14 ----D---- C:\Program Files\Common Files\Skype
2009-11-20 18:58:14 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-11-20 18:58:09 ----D---- C:\Program Files\Common Files\Reallusion
2009-11-20 18:58:09 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-11-20 18:58:08 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-20 18:58:00 ----D---- C:\Program Files\Common Files\InstallShield
2009-11-20 18:57:58 ----D---- C:\Program Files\Common Files\HP
2009-11-20 18:57:57 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-11-20 18:57:57 ----D---- C:\Program Files\Common Files\Deterministic Networks
2009-11-20 18:57:57 ----D---- C:\Program Files\Common Files\DESIGNER
2009-11-20 18:57:57 ----D---- C:\Program Files\Common Files\Creative
2009-11-20 18:57:57 ----D---- C:\Program Files\Common Files\Autodesk Shared
2009-11-20 18:57:55 ----D---- C:\Program Files\Common Files\ArcSoft
2009-11-20 18:57:34 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-11-20 18:57:34 ----D---- C:\Program Files\Common Files\Adobe
2009-11-20 18:57:31 ----D---- C:\Program Files\Cisco Systems
2009-11-20 18:57:31 ----D---- C:\Program Files\Bonjour
2009-11-20 18:57:29 ----D---- C:\Program Files\Avira
2009-11-20 18:57:29 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2009-11-20 18:57:23 ----D---- C:\Program Files\Apple Software Update
2009-11-20 18:57:11 ----D---- C:\Program Files\ADS Tech
2009-11-20 18:57:08 ----D---- C:\Program Files\Adobe
2009-11-20 18:56:22 ----D---- C:\Windows\system32\CodeIntegrity
2009-11-20 17:10:32 ----D---- C:\DELL


Report •

#6
December 11, 2009 at 17:04:46
When I tried to use GMER, it finished the initial scan, but when it was scanning I got a BSOD. When I rebooted and tried again, it stopped working mid-scan. When I tried it a third time it BSODed again.


HOWEVER, it appears that the problem is solved after following some of the steps on related topics. Thanks for your help!


Report •

#7
December 11, 2009 at 19:33:48
Thanks for the follow-up.

Report •

#8
December 15, 2009 at 12:24:51
Aah, it has come back from the dead! Grr.

Anyways, new RSIT log. Again, Gmer causes BSOD if I run it. Any help is appreciated!

Logfile of random's system information tool 1.06 (written by random/random)
Run by Theo at 2009-12-15 14:21:16
Microsoft Windows 7 Home Premium
System drive C: has 125 GB (56%) free of 223 GB
Total RAM: 3067 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:35 PM, on 12/15/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ADS Tech\MediaTV 3\MediaTVMonitor.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Theo\Desktop\RSIT.exe
C:\Program Files\trend micro\Theo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/sof...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9912 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Efqpjjfs.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-11-30 1422632]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-11-13 1807600]
"Dell Webcam Central"=C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [2008-11-11 442536]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-06-29 458844]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-29 98304]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2009-08-07 2930768]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-06-03 206064]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-08-25 2171904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-02-04 128232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
C:\Program Files\Dell Video Chat\DellVideoChat.exe [2009-06-19 4825976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\valve\steam\steam.exe [2009-11-24 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2009-07-13 660480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MediaTV Monitor.lnk]
C:\PROGRA~1\ADSTEC~1\MEDIAT~1\MEDIAT~1.EXE [2007-03-05 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Theo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE [2008-10-25 98696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
VPN Client.lnk - C:\Windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico

C:\Users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]


Report •

#9
December 15, 2009 at 12:25:13
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


Report •

#10
December 15, 2009 at 12:25:26
======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-11 20:10:11 ----D---- C:\Program Files\VideoSlurp
2009-12-11 19:58:46 ----A---- C:\Windows\system32\pthreadGC2.dll
2009-12-11 19:58:43 ----D---- C:\Program Files\AoA Audio Extractor
2009-12-11 18:59:14 ----D---- C:\Windows\Minidump
2009-12-11 18:45:48 ----D---- C:\Program Files\trend micro
2009-12-11 18:45:46 ----D---- C:\rsit
2009-12-10 12:07:01 ----D---- C:\Program Files\SpywareBlaster
2009-12-10 11:33:25 ----A---- C:\Windows\system32\javaws.exe
2009-12-10 11:33:25 ----A---- C:\Windows\system32\javaw.exe
2009-12-10 11:33:25 ----A---- C:\Windows\system32\java.exe
2009-12-10 11:10:30 ----D---- C:\ProgramData\Lavasoft
2009-12-09 21:18:08 ----RASH---- C:\Windows\system32\p2pcollabe.dll
2009-12-09 13:56:18 ----A---- C:\Windows\system32\MRT.exe
2009-12-08 21:57:13 ----A---- C:\Windows\system32\mshtml.dll
2009-12-08 21:57:12 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-02 18:53:21 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-11-25 22:21:52 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 22:21:39 ----D---- C:\Program Files\MSXML 4.0
2009-11-21 20:10:37 ----D---- C:\ProgramData\eSellerate
2009-11-21 20:10:37 ----D---- C:\Program Files\Common Files\eSellerate
2009-11-21 20:10:33 ----D---- C:\Program Files\NewBlue
2009-11-21 14:09:24 ----N---- C:\Windows\system32\MpSigStub.exe
2009-11-21 03:14:18 ----A---- C:\Windows\system32\msv1_0.dll
2009-11-21 03:09:08 ----A---- C:\Windows\system32\msasn1.dll
2009-11-21 03:09:07 ----A---- C:\Windows\system32\wmp.dll
2009-11-21 03:09:06 ----A---- C:\Windows\system32\CertEnroll.dll
2009-11-21 03:09:06 ----A---- C:\Windows\explorer.exe
2009-11-21 03:09:05 ----A---- C:\Windows\system32\wmploc.DLL
2009-11-21 03:09:05 ----A---- C:\Windows\system32\winresume.exe
2009-11-21 03:09:05 ----A---- C:\Windows\system32\winload.exe
2009-11-21 03:09:05 ----A---- C:\Windows\system32\t2embed.dll
2009-11-21 03:09:05 ----A---- C:\Windows\system32\fontsub.dll
2009-11-21 03:09:05 ----A---- C:\Windows\system32\atmfd.dll
2009-11-20 22:24:32 ----A---- C:\Windows\system32\Oemdspif.dll
2009-11-20 22:24:31 ----A---- C:\Windows\system32\atitmmxx.dll
2009-11-20 22:24:31 ----A---- C:\Windows\system32\atipdlxx.dll
2009-11-20 22:24:29 ----A---- C:\Windows\system32\atioglxx.dll
2009-11-20 22:24:29 ----A---- C:\Windows\system32\atimuixx.dll
2009-11-20 22:24:29 ----A---- C:\Windows\system32\atimpc32.dll
2009-11-20 22:24:29 ----A---- C:\Windows\system32\amdpcom32.dll
2009-11-20 22:24:28 ----A---- C:\Windows\system32\atiesrxx.exe
2009-11-20 22:24:28 ----A---- C:\Windows\system32\atieclxx.exe
2009-11-20 22:24:28 ----A---- C:\Windows\system32\ATIDEMGX.dll
2009-11-20 22:24:28 ----A---- C:\Windows\system32\aticalrt.dll
2009-11-20 22:24:28 ----A---- C:\Windows\system32\aticaldd.dll
2009-11-20 22:24:28 ----A---- C:\Windows\system32\aticalcl.dll
2009-11-20 22:24:28 ----A---- C:\Windows\system32\atiadlxx.dll
2009-11-20 22:24:28 ----A---- C:\Windows\system32\ati2edxx.dll
2009-11-20 21:00:33 ----D---- C:\Program Files\Common Files\Steam
2009-11-20 20:45:21 ----D---- C:\Windows\Panther
2009-11-20 20:36:13 ----A---- C:\Windows\system32\GEARAspi.dll
2009-11-20 20:35:02 ----D---- C:\Program Files\iTunes
2009-11-20 20:35:02 ----D---- C:\Program Files\iPod
2009-11-20 20:32:58 ----D---- C:\Program Files\QuickTime
2009-11-20 20:32:45 ----HD---- C:\$WINDOWS.~Q
2009-11-20 20:23:28 ----D---- C:\Users\Theo\AppData\Roaming\HPAppData
2009-11-20 20:21:26 ----HD---- C:\$INPLACE.~TR
2009-11-20 20:18:36 ----D---- C:\Program Files\Dell Video Chat
2009-11-20 20:17:10 ----D---- C:\ProgramData\SupportSoft
2009-11-20 20:15:29 ----D---- C:\Program Files\Dell Support Center
2009-11-20 20:15:25 ----D---- C:\Program Files\Common Files\supportsoft
2009-11-20 20:14:51 ----D---- C:\ProgramData\ATI
2009-11-20 20:12:40 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-11-20 20:12:11 ----D---- C:\Program Files\ATI
2009-11-20 20:10:26 ----D---- C:\Program Files\Creative Live! Cam
2009-11-20 20:07:53 ----N---- C:\Windows\system32\stapi32.dll
2009-11-20 20:04:47 ----A---- C:\Windows\system32\ctapo32.dll
2009-11-20 20:04:47 ----A---- C:\Windows\system32\aestecap.dll
2009-11-20 20:04:47 ----A---- C:\Windows\system32\aestaren.dll
2009-11-20 20:04:47 ----A---- C:\Windows\system32\aestacap.dll
2009-11-20 20:04:46 ----A---- C:\Windows\system32\stlang.dll
2009-11-20 20:04:46 ----A---- C:\Windows\system32\idtmini1.exe
2009-11-20 20:04:46 ----A---- C:\Windows\system32\ctppld.dll
2009-11-20 20:03:41 ----A---- C:\Windows\system32\st326217.dll
2009-11-20 19:58:12 ----SHD---- C:\Recovery
2009-11-20 18:55:18 ----SD---- C:\Users\Theo\AppData\Roaming\Microsoft
2009-11-20 18:55:18 ----D---- C:\Users\Theo\AppData\Roaming\Media Center Programs
2009-11-20 18:54:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-20 18:53:57 ----D---- C:\Windows\system32\URTTEMP
2009-11-20 18:53:31 ----SHD---- C:\Windows\Installer
2009-11-20 18:50:13 ----D---- C:\Program Files\IDT
2009-11-20 18:50:13 ----A---- C:\Windows\system32\stcplx.dll
2009-11-20 18:50:13 ----A---- C:\Windows\system32\stapo.dll
2009-11-20 18:50:10 ----A---- C:\Windows\system32\AESTCom.dll
2009-11-20 18:50:08 ----D---- C:\Windows\system32\SRSLabs
2009-11-20 18:49:35 ----D---- C:\Program Files\Synaptics
2009-11-20 18:47:47 ----D---- C:\Windows\Prefetch
2009-11-20 18:15:37 ----RASH---- C:\BOOTSECT.BAK
2009-11-19 15:24:43 ----D---- C:\Fraps
2009-11-19 00:43:56 ----D---- C:\Users\Theo\AppData\Roaming\Screaming Bee
2009-11-17 23:00:48 ----A---- C:\Windows\system32\frapsvid.dll

======List of files/folders modified in the last 1 months======

2009-12-15 14:21:18 ----D---- C:\Windows\Temp
2009-12-15 14:20:41 ----D---- C:\Program Files\Mozilla Firefox
2009-12-15 14:03:33 ----D---- C:\Users\Theo\AppData\Roaming\Skype
2009-12-15 11:22:14 ----D---- C:\Windows\system32\config
2009-12-15 11:02:49 ----D---- C:\Users\Theo\AppData\Roaming\skypePM
2009-12-14 15:38:17 ----D---- C:\Windows\twain_32
2009-12-13 13:37:11 ----D---- C:\Windows\System32
2009-12-13 13:37:11 ----D---- C:\Windows\inf
2009-12-12 20:50:07 ----SHD---- C:\System Volume Information
2009-12-12 19:58:28 ----D---- C:\ProgramData\Spyware Terminator
2009-12-12 19:57:41 ----HD---- C:\ProgramData
2009-12-11 20:57:28 ----AD---- C:\ProgramData\TEMP
2009-12-11 20:35:14 ----D---- C:\Users\Theo\AppData\Roaming\Audacity
2009-12-11 20:10:11 ----RD---- C:\Program Files
2009-12-11 20:03:58 ----HD---- C:\Config.Msi
2009-12-11 20:03:51 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-11 20:03:51 ----D---- C:\Windows\system32\drivers
2009-12-11 20:03:15 ----D---- C:\Windows\system32\Tasks
2009-12-11 19:06:46 ----D---- C:\Windows\Tasks
2009-12-11 19:05:35 ----D---- C:\Windows
2009-12-11 19:00:03 ----D---- C:\Program Files\Spyware Terminator
2009-12-11 16:33:26 ----D---- C:\Users\Theo\AppData\Roaming\Spyware Terminator
2009-12-10 11:33:20 ----D---- C:\Program Files\Java
2009-12-10 11:13:10 ----D---- C:\Windows\system32\catroot
2009-12-10 00:16:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-09 20:58:51 ----D---- C:\Users\Theo\AppData\Roaming\uTorrent
2009-12-09 13:56:20 ----D---- C:\Windows\debug
2009-12-09 00:34:03 ----D---- C:\ProgramData\Microsoft Help
2009-12-09 00:33:25 ----RSD---- C:\Windows\assembly
2009-12-08 21:51:35 ----D---- C:\Windows\system32\catroot2
2009-12-08 21:51:33 ----D---- C:\Windows\winsxs
2009-12-06 15:34:04 ----D---- C:\Users\Theo\AppData\Roaming\gtk-2.0
2009-12-02 18:53:15 ----D---- C:\Program Files\Dell DataSafe Online
2009-11-27 17:53:21 ----D---- C:\Windows\rescache
2009-11-25 22:22:03 ----D---- C:\Windows\system32\en-US
2009-11-22 21:04:38 ----D---- C:\Users\Theo\AppData\Roaming\HpUpdate
2009-11-22 14:57:03 ----D---- C:\Windows\system32\NDF
2009-11-22 12:50:46 ----D---- C:\Windows\pss
2009-11-21 20:30:54 ----D---- C:\Program Files\Vstplugins
2009-11-21 20:11:08 ----D---- C:\Windows\system32\LogFiles
2009-11-21 20:10:37 ----D---- C:\Program Files\Common Files
2009-11-21 17:57:31 ----D---- C:\Windows\system32\wdi
2009-11-21 16:47:08 ----A---- C:\Windows\win.ini
2009-11-21 14:24:52 ----D---- C:\Windows\Microsoft.NET
2009-11-21 03:33:08 ----D---- C:\Windows\system32\Boot
2009-11-21 03:33:08 ----D---- C:\Windows\ehome
2009-11-21 03:33:08 ----D---- C:\Windows\AppPatch
2009-11-21 03:33:08 ----D---- C:\Program Files\Windows Media Player
2009-11-21 03:33:08 ----D---- C:\Program Files\Internet Explorer
2009-11-21 00:38:08 ----D---- C:\Windows\system32\DriverStore
2009-11-20 23:45:51 ----D---- C:\Program Files\Windows Sidebar
2009-11-20 23:45:45 ----D---- C:\Windows\system32\spool
2009-11-20 21:03:19 ----D---- C:\ProgramData\Symantec
2009-11-20 21:03:18 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-11-20 20:45:04 ----SHD---- C:\boot
2009-11-20 20:42:46 ----SD---- C:\Windows\system32\Microsoft
2009-11-20 20:35:02 ----D---- C:\Program Files\Common Files\Apple
2009-11-20 20:32:58 ----D---- C:\ProgramData\Apple Computer
2009-11-20 20:19:29 ----D---- C:\ProgramData\Dell
2009-11-20 20:19:07 ----D---- C:\Program Files\Dell
2009-11-20 20:14:06 ----D---- C:\Program Files\ATI Technologies
2009-11-20 20:11:06 ----D---- C:\Program Files\Dell Webcam
2009-11-20 20:09:52 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-20 20:00:51 ----D---- C:\Windows\system32\wbem
2009-11-20 20:00:42 ----D---- C:\Windows\system32\restore
2009-11-20 19:58:12 ----D---- C:\Windows\system32\Recovery
2009-11-20 19:51:46 ----D---- C:\Windows\SoftwareDistribution
2009-11-20 19:42:16 ----D---- C:\Windows\Registration
2009-11-20 19:40:44 ----RSD---- C:\Windows\Media
2009-11-20 19:40:37 ----HD---- C:\Windows\system32\GroupPolicy
2009-11-20 19:33:34 ----RD---- C:\Users
2009-11-20 19:28:34 ----D---- C:\Users\Theo\AppData\Roaming\WinRAR
2009-11-20 19:28:33 ----D---- C:\Users\Theo\AppData\Roaming\Ulead Systems
2009-11-20 19:28:31 ----D---- C:\Users\Theo\AppData\Roaming\Thunderbird
2009-11-20 19:28:31 ----D---- C:\Users\Theo\AppData\Roaming\Stardock
2009-11-20 19:28:30 ----D---- C:\Users\Theo\AppData\Roaming\Sony Creative Software
2009-11-20 19:28:30 ----D---- C:\Users\Theo\AppData\Roaming\Sony
2009-11-20 19:28:25 ----RHD---- C:\Users\Theo\AppData\Roaming\SecuROM
2009-11-20 19:28:25 ----D---- C:\Users\Theo\AppData\Roaming\Reallusion
2009-11-20 19:28:25 ----D---- C:\Users\Theo\AppData\Roaming\Publish Providers
2009-11-20 19:28:25 ----D---- C:\Users\Theo\AppData\Roaming\proDAD
2009-11-20 19:28:25 ----D---- C:\Users\Theo\AppData\Roaming\Oracle
2009-11-20 19:28:25 ----D---- C:\Users\Theo\AppData\Roaming\NetMedia Providers
2009-11-20 19:28:23 ----D---- C:\Users\Theo\AppData\Roaming\Mozilla
2009-11-20 19:27:44 ----D---- C:\Users\Theo\AppData\Roaming\Malwarebytes
2009-11-20 19:27:33 ----D---- C:\Users\Theo\AppData\Roaming\Macromedia
2009-11-20 19:27:33 ----D---- C:\Users\Theo\AppData\Roaming\InstallShield
2009-11-20 19:27:33 ----D---- C:\Users\Theo\AppData\Roaming\Identities
2009-11-20 19:27:33 ----D---- C:\Users\Theo\AppData\Roaming\HP
2009-11-20 19:27:33 ----D---- C:\Users\Theo\AppData\Roaming\Dell
2009-11-20 19:27:33 ----D---- C:\Users\Theo\AppData\Roaming\Creative
2009-11-20 19:27:32 ----D---- C:\Users\Theo\AppData\Roaming\ATI
2009-11-20 19:27:32 ----D---- C:\Users\Theo\AppData\Roaming\ArcSoft
2009-11-20 19:27:32 ----D---- C:\Users\Theo\AppData\Roaming\Apple Computer
2009-11-20 19:27:32 ----D---- C:\Users\Theo\AppData\Roaming\Adobe
2009-11-20 19:14:01 ----D---- C:\Windows\WindowsMobile
2009-11-20 19:14:01 ----D---- C:\Windows\Users
2009-11-20 19:14:01 ----D---- C:\Windows\system32\zh-TW
2009-11-20 19:14:01 ----D---- C:\Windows\system32\zh-HK
2009-11-20 19:14:01 ----D---- C:\Windows\system32\XPSViewer
2009-11-20 19:14:01 ----D---- C:\Windows\system32\tr-TR
2009-11-20 19:14:00 ----D---- C:\Windows\system32\sysprep
2009-11-20 19:14:00 ----D---- C:\Windows\system32\sv-SE
2009-11-20 19:14:00 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-20 19:13:54 ----D---- C:\Windows\system32\RemInst
2009-11-20 19:13:54 ----D---- C:\Windows\system32\pt-BR
2009-11-20 19:13:54 ----D---- C:\Windows\system32\oobe
2009-11-20 19:13:54 ----D---- C:\Windows\system32\oem
2009-11-20 19:13:54 ----D---- C:\Windows\system32\nl-NL
2009-11-20 19:13:54 ----D---- C:\Windows\system32\nb-NO
2009-11-20 19:13:54 ----D---- C:\Windows\system32\Macromed
2009-11-20 19:13:54 ----D---- C:\Windows\system32\ko-KR
2009-11-20 19:13:54 ----D---- C:\Windows\system32\it-IT
2009-11-20 19:13:54 ----D---- C:\Windows\system32\he-IL
2009-11-20 19:13:54 ----D---- C:\Windows\system32\fr-FR
2009-11-20 19:13:54 ----D---- C:\Windows\system32\fi-FI
2009-11-20 19:13:54 ----D---- C:\Windows\system32\EventProviders
2009-11-20 19:13:54 ----D---- C:\Windows\system32\es-ES
2009-11-20 19:13:53 ----D---- C:\Windows\system32\el-GR
2009-11-20 19:13:52 ----D---- C:\Windows\system32\de-DE
2009-11-20 19:13:52 ----D---- C:\Windows\system32\da-DK
2009-11-20 19:13:52 ----D---- C:\Windows\system32\Branding
2009-11-20 19:13:52 ----D---- C:\Windows\system32\ar-SA
2009-11-20 19:13:52 ----D---- C:\Windows\system32\AGEIA
2009-11-20 19:13:52 ----D---- C:\Windows\system32\Adobe
2009-11-20 19:13:47 ----D---- C:\Windows\Sun
2009-11-20 19:13:47 ----D---- C:\Windows\Speech
2009-11-20 19:13:47 ----D---- C:\Windows\ShellNew
2009-11-20 19:13:46 ----D---- C:\Windows\nap
2009-11-20 19:13:42 ----D---- C:\Windows\Logs
2009-11-20 19:13:42 ----D---- C:\Windows\lhsp
2009-11-20 19:13:25 ----RSD---- C:\Windows\Fonts
2009-11-20 19:13:25 ----D---- C:\Windows\Hewlett-Packard
2009-11-20 19:13:25 ----D---- C:\Windows\Help
2009-11-20 19:13:11 ----D---- C:\Windows\F3C1DE9E5E164BA9B8547B53A45E3579.TMP
2009-11-20 19:13:11 ----D---- C:\Windows\Downloaded Program Files
2009-11-20 19:13:10 ----D---- C:\Windows\CtDrvInstall
2009-11-20 19:13:10 ----D---- C:\Windows\Boot
2009-11-20 19:13:08 ----HDC---- C:\ProgramData\{DF6E6A21-48E9-4FBD-B0B2-9E838A1DFED0}
2009-11-20 19:13:07 ----HDC---- C:\ProgramData\{6F7EF3E6-7F1B-4824-84CD-E8DF6F1B4168}
2009-11-20 19:13:07 ----HDC---- C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2009-11-20 19:13:07 ----HDC---- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-11-20 19:13:07 ----HDC---- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2009-11-20 19:13:07 ----HD---- C:\ProgramData\{5553977E-AF8B-4870-AEB6-53B6C1BC822D}
2009-11-20 19:13:07 ----D---- C:\ProgramData\WEBREG
2009-11-20 19:13:07 ----D---- C:\ProgramData\Uninstall
2009-11-20 19:13:07 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-11-20 19:13:07 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-20 19:13:06 ----D---- C:\ProgramData\Ulead Systems
2009-11-20 19:12:56 ----D---- C:\ProgramData\Stardock
2009-11-20 19:12:56 ----D---- C:\ProgramData\Sony
2009-11-20 19:12:56 ----D---- C:\ProgramData\Sonic
2009-11-20 19:12:56 ----D---- C:\ProgramData\Skype
2009-11-20 19:12:51 ----D---- C:\ProgramData\PC-Doctor
2009-11-20 19:12:51 ----D---- C:\ProgramData\Office Genuine Advantage
2009-11-20 19:12:51 ----D---- C:\ProgramData\NCH Software
2009-11-20 19:12:50 ----SD---- C:\ProgramData\Microsoft
2009-11-20 19:12:39 ----D---- C:\ProgramData\Media Center Programs
2009-11-20 19:12:39 ----D---- C:\ProgramData\McAfee
2009-11-20 19:12:39 ----D---- C:\ProgramData\Malwarebytes
2009-11-20 19:12:39 ----D---- C:\ProgramData\Ironclad Games
2009-11-20 19:12:39 ----D---- C:\ProgramData\InstallShield
2009-11-20 19:12:39 ----D---- C:\ProgramData\HP Product Assistant
2009-11-20 19:12:39 ----D---- C:\ProgramData\HP
2009-11-20 19:12:31 ----D---- C:\ProgramData\Hewlett-Packard
2009-11-20 19:12:31 ----D---- C:\ProgramData\Electronic Arts
2009-11-20 19:12:30 ----D---- C:\ProgramData\Creative
2009-11-20 19:12:29 ----D---- C:\ProgramData\CCP
2009-11-20 19:12:28 ----D---- C:\ProgramData\Avira
2009-11-20 19:12:28 ----D---- C:\ProgramData\Autodesk
2009-11-20 19:12:28 ----D---- C:\ProgramData\Apple
2009-11-20 19:12:28 ----D---- C:\ProgramData\Adobe
2009-11-20 19:12:28 ----D---- C:\Program Files\WinRAR
2009-11-20 19:12:27 ----D---- C:\Program Files\Windows Photo Gallery
2009-11-20 19:12:27 ----D---- C:\Program Files\Windows Media Components
2009-11-20 19:12:27 ----D---- C:\Program Files\Windows Live SkyDrive
2009-11-20 19:12:26 ----D---- C:\Program Files\Windows Live
2009-11-20 19:12:24 ----D---- C:\Program Files\Windows Calendar
2009-11-20 19:04:24 ----D---- C:\Program Files\Valve
2009-11-20 19:04:24 ----D---- C:\Program Files\uTorrent
2009-11-20 19:04:21 ----D---- C:\Program Files\tamasoftware
2009-11-20 19:03:45 ----D---- C:\Program Files\Stardock Games
2009-11-20 19:03:42 ----D---- C:\Program Files\Stardock
2009-11-20 19:03:40 ----D---- C:\Program Files\Sony Setup
2009-11-20 19:03:37 ----D---- C:\Program Files\Sony
2009-11-20 19:03:35 ----RD---- C:\Program Files\Skype
2009-11-20 19:03:34 ----D---- C:\Program Files\Roxio
2009-11-20 19:03:33 ----D---- C:\Program Files\RenegadePublicTools
2009-11-20 19:03:20 ----D---- C:\Program Files\Oracle
2009-11-20 19:03:20 ----D---- C:\Program Files\OpenLibraries
2009-11-20 19:03:19 ----D---- C:\Program Files\OpenAL
2009-11-20 19:03:19 ----D---- C:\Program Files\MSBuild
2009-11-20 19:03:19 ----D---- C:\Program Files\Mozilla Thunderbird
2009-11-20 19:03:14 ----D---- C:\Program Files\Microsoft.NET
2009-11-20 19:03:14 ----D---- C:\Program Files\Microsoft Works
2009-11-20 19:03:06 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2009-11-20 19:03:06 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-11-20 19:03:06 ----D---- C:\Program Files\Microsoft Visual Studio
2009-11-20 19:03:05 ----D---- C:\Program Files\Microsoft Sync Framework
2009-11-20 19:03:05 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-11-20 19:03:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-11-20 19:03:04 ----D---- C:\Program Files\Microsoft Office
2009-11-20 19:02:19 ----D---- C:\Program Files\Microsoft IntelliPoint
2009-11-20 19:02:19 ----D---- C:\Program Files\Microsoft Games
2009-11-20 19:02:18 ----D---- C:\Program Files\Microsoft
2009-11-20 19:02:17 ----D---- C:\Program Files\Lame for Audacity
2009-11-20 19:02:07 ----D---- C:\Program Files\HP
2009-11-20 19:01:43 ----D---- C:\Program Files\Google
2009-11-20 19:01:42 ----D---- C:\Program Files\gmax
2009-11-20 19:01:23 ----D---- C:\Program Files\GIMP-2.0
2009-11-20 19:00:57 ----D---- C:\Program Files\GameSpy
2009-11-20 19:00:57 ----D---- C:\Program Files\Free Mp3WmaOgg Converter
2009-11-20 19:00:57 ----D---- C:\Program Files\Electronic Arts
2009-11-20 18:59:15 ----D---- C:\Program Files\EA Games
2009-11-20 18:58:49 ----D---- C:\Program Files\Dell Inc
2009-11-20 18:58:42 ----D---- C:\Program Files\CyberLink
2009-11-20 18:58:33 ----HD---- C:\Program Files\Creative Installation Information
2009-11-20 18:58:31 ----D---- C:\Program Files\Creative
2009-11-20 18:58:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-20 18:58:18 ----D---- C:\Program Files\Common Files\Windows Live
2009-11-20 18:58:18 ----D---- C:\Program Files\Common Files\Ulead Systems
2009-11-20 18:58:16 ----D---- C:\Program Files\Common Files\System
2009-11-20 18:58:14 ----D---- C:\Program Files\Common Files\SureThing Shared
2009-11-20 18:58:14 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-11-20 18:58:14 ----D---- C:\Program Files\Common Files\Skype
2009-11-20 18:58:14 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-11-20 18:58:09 ----D---- C:\Program Files\Common Files\Reallusion
2009-11-20 18:58:09 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-11-20 18:58:08 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-20 18:58:00 ----D---- C:\Program Files\Common Files\InstallShield
2009-11-20 18:57:58 ----D---- C:\Program Files\Common Files\HP
2009-11-20 18:57:57 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-11-20 18:57:57 ----D---- C:\Program Files\Common Files\Deterministic Networks
2009-11-20 18:57:57 ----D---- C:\Program Files\Common Files\DESIGNER
2009-11-20 18:57:57 ----D---- C:\Program Files\Common Files\Creative
2009-11-20 18:57:57 ----D---- C:\Program Files\Common Files\Autodesk Shared
2009-11-20 18:57:55 ----D---- C:\Program Files\Common Files\ArcSoft
2009-11-20 18:57:34 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-11-20 18:57:34 ----D---- C:\Program Files\Common Files\Adobe
2009-11-20 18:57:31 ----D---- C:\Program Files\Cisco Systems
2009-11-20 18:57:31 ----D---- C:\Program Files\Bonjour
2009-11-20 18:57:29 ----D---- C:\Program Files\Avira
2009-11-20 18:57:29 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2009-11-20 18:57:23 ----D---- C:\Program Files\Apple Software Update
2009-11-20 18:57:11 ----D---- C:\Program Files\ADS Tech
2009-11-20 18:57:08 ----D---- C:\Program Files\Adobe
2009-11-20 18:56:22 ----D---- C:\Windows\system32\CodeIntegrity
2009-11-20 17:10:32 ----D---- C:\DELL


Report •

#11
December 15, 2009 at 14:57:46
hmm, interestingly enough it seems that when GMER BSODs it ends the problem, at least for a few days.

Report •

#12
December 15, 2009 at 18:42:06
Probably your antivirus or anti-spyware causing the problem.

Disable Avira, Spywareware Terminator, Spybot's TeaTimer and Ad-Aware. This link will help you diable them Temporarily Disable Protection

Then run GMER and the following program

1. Download TDSSKiller and save it to your Desktop.
2. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
3. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


4. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
5. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Besure to re-enable your protection


Report •

#13
December 16, 2009 at 12:18:00
Even disconnected from the internet and after all protection is turned off, GMER still causes a BSOD- says it tries to rewrite read-only memory.

Here's the TDSSKiller document:

Host Name: THEO-PC
OS Name: Microsoft Windows 7 Home Premium
OS Version: 6.1.7600 N/A Build 7600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Theo
Registered Organization:
Product ID:
Original Install Date: 11/20/2009, 7:58:15 PM
System Boot Time: 12/16/2009, 2:16:00 PM
System Manufacturer: Dell Inc.
System Model: Studio 1555
System Type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x64 Family 6 Model 23 Stepping 10 GenuineIntel ~2200 Mhz
BIOS Version: Dell Inc. A06, 4/23/2009
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume3
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-06:00) Central Time (US & Canada)
Total Physical Memory: 3,067 MB
Available Physical Memory: 2,055 MB
Virtual Memory: Max Size: 6,132 MB
Virtual Memory: Available: 4,970 MB
Virtual Memory: In Use: 1,162 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\THEO-PC
Hotfix(s): 10 Hotfix(s) Installed.
[01]: KB973525
[02]: KB974332
[03]: KB974431
[04]: KB974455
[05]: KB974571
[06]: KB975364
[07]: KB975467
[08]: KB976098
[09]: KB976325
[10]: KB976749
Network Card(s): 2 NIC(s) Installed.
[01]: Broadcom NetLink (TM) Gigabit Ethernet
Connection Name: Local Area Connection
Status: Media disconnected
[02]: Dell Wireless 1397 WLAN Mini-Card
Connection Name: Wireless Network Connection
Status: Media disconnected
14:19:46:464 5564 ForceUnloadDriver: NtUnloadDriver error 2
14:19:46:464 5564 ForceUnloadDriver: NtUnloadDriver error 2
14:19:46:466 5564 ForceUnloadDriver: NtUnloadDriver error 2
14:19:46:484 5564 main: Driver KLMD successfully dropped
14:19:52:84 5564 main: Driver KLMD successfully loaded
14:19:52:84 5564
Scanning Registry ...
14:19:52:99 5564 ScanServices: Searching service UACd.sys
14:19:52:99 5564 ScanServices: Open/Create key error 2
14:19:52:99 5564 ScanServices: Searching service TDSSserv.sys
14:19:52:99 5564 ScanServices: Open/Create key error 2
14:19:52:99 5564 ScanServices: Searching service gaopdxserv.sys
14:19:52:99 5564 ScanServices: Open/Create key error 2
14:19:52:99 5564 ScanServices: Searching service gxvxcserv.sys
14:19:52:99 5564 ScanServices: Open/Create key error 2
14:19:52:99 5564 ScanServices: Searching service MSIVXserv.sys
14:19:52:99 5564 ScanServices: Open/Create key error 2
14:19:52:101 5564 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntkrnlpa.exe, base addr: 82E53000
14:19:52:106 5564 UnhookRegistry: Kernel local addr: 14A0000
14:19:52:119 5564 UnhookRegistry: KeServiceDescriptorTable addr: 16089C0
14:19:52:179 5564 UnhookRegistry: KiServiceTable addr: 150F6F0
14:19:52:181 5564 UnhookRegistry: NtEnumerateKey service number (local): 74
14:19:52:181 5564 UnhookRegistry: NtEnumerateKey local addr: 1705A2F
14:19:52:186 5564 KLMD_OpenDevice: Trying to open KLMD device
14:19:52:189 5564 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
14:19:52:189 5564 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
14:19:52:189 5564 KLMD_ReadMem: Trying to ReadMemory 0x82E942A5[0x4]
14:19:52:189 5564 UnhookRegistry: NtEnumerateKey service number (kernel): 74
14:19:52:189 5564 KLMD_ReadMem: Trying to ReadMemory 0x82EC28C0[0x4]
14:19:52:189 5564 UnhookRegistry: NtEnumerateKey real addr: 830B8A2F
14:19:52:189 5564 UnhookRegistry: NtEnumerateKey calc addr: 830B8A2F
14:19:52:189 5564 UnhookRegistry: No SDT hooks found on NtEnumerateKey
14:19:52:189 5564 KLMD_ReadMem: Trying to ReadMemory 0x830B8A2F[0xA]
14:19:52:189 5564 UnhookRegistry: No splicing found on NtEnumerateKey
14:19:52:194 5564
Scanning Kernel memory ...
14:19:52:194 5564 KLMD_OpenDevice: Trying to open KLMD device
14:19:52:194 5564 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
14:19:52:194 5564 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
14:19:52:194 5564 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 861B7030
14:19:52:194 5564 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects
14:19:52:194 5564 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 861B72E0
14:19:52:194 5564 KLMD_GetLowerDeviceObject: Trying to get lower device object for 861B72E0
14:19:52:194 5564 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 860E1030
14:19:52:194 5564 KLMD_GetLowerDeviceObject: Trying to get lower device object for 860E1030
14:19:52:194 5564 KLMD_ReadMem: Trying to ReadMemory 0x860E1030[0x38]
14:19:52:194 5564 DetectCureTDL3: DRIVER_OBJECT addr: 85CE2460
14:19:52:194 5564 KLMD_ReadMem: Trying to ReadMemory 0x85CE2460[0xA8]
14:19:52:194 5564 KLMD_ReadMem: Trying to ReadMemory 0x85C8D858[0x208]
14:19:52:196 5564 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
14:19:52:196 5564 DetectCureTDL3: IrpHandler (0) addr: 8B1E68C4
14:19:52:196 5564 DetectCureTDL3: IrpHandler (1) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (2) addr: 8B1E68C4
14:19:52:196 5564 DetectCureTDL3: IrpHandler (3) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (4) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (5) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (6) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (7) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (8) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (9) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (10) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (11) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (12) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (13) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (14) addr: 8B1D247C
14:19:52:196 5564 DetectCureTDL3: IrpHandler (15) addr: 8B1D244E
14:19:52:196 5564 DetectCureTDL3: IrpHandler (16) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (17) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (18) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (19) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (20) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (21) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (22) addr: 8B1D24AA
14:19:52:196 5564 DetectCureTDL3: IrpHandler (23) addr: 8B1E1DB2
14:19:52:196 5564 DetectCureTDL3: IrpHandler (24) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (25) addr: 82F04437
14:19:52:196 5564 DetectCureTDL3: IrpHandler (26) addr: 82F04437
14:19:52:196 5564 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
14:19:52:196 5564 KLMD_ReadMem: DeviceIoControl error 1
14:19:52:196 5564 TDL3_StartIoHookDetect: Unable to get StartIo handler code
14:19:52:196 5564 TDL3_FileDetect: Processing driver: atapi
14:19:52:196 5564 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_atapi.sys
14:19:52:196 5564 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
14:19:52:196 5564 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
14:19:52:209 5564
Completed

Results:
14:19:52:209 5564 Infected objects in memory: 0
14:19:52:209 5564 Cured objects in memory: 0
14:19:52:211 5564 Infected objects on disk: 0
14:19:52:211 5564 Objects on disk cured on reboot: 0
14:19:52:211 5564 Objects on disk deleted on reboot: 0
14:19:52:214 5564 Registry nodes deleted on reboot: 0
14:19:52:214 5564


Report •

#14
December 16, 2009 at 19:36:16
Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.
Leave all settings as they appear as default, except for the following:

Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor*.sys /s /md5
%SYSTEMDRIVE%\atapi* /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
%SYSTEMDRIVE%\nvgts.sys /s /md5
%SYSTEMDRIVE%\iastorv.sys /s /md5
%SYSTEMDRIVE%\ViPrt.sys /s /md5
%SYSTEMDRIVE%\eNetHook.dll /s /md5


Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Post the contents of that Notepad document in your next reply.


Report •

#15
December 17, 2009 at 12:31:10
OTL logfile created on: 12/17/2009 2:21:42 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Theo\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 120.16 Gb Free Space | 55.07% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.59 Gb Free Space | 58.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEO-PC
Current User Name: Theo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009/12/17 14:08:56 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Theo\Desktop\OTL.exe
PRC - [2009/11/13 16:15:00 | 01,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/31 14:30:53 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/25 14:43:17 | 02,171,904 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2009/08/25 14:43:17 | 00,487,424 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/08/25 14:24:48 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/08/07 12:35:04 | 02,930,768 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/08/02 23:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/31 15:22:53 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/07/25 07:20:20 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/13 19:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/29 11:44:38 | 00,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/29 11:44:38 | 00,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe
PRC - [2009/06/25 18:48:44 | 00,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/06/25 18:48:16 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/06/03 14:46:38 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 14:46:38 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/22 17:38:50 | 00,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 17:37:16 | 00,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/03/02 12:43:08 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/27 14:10:16 | 01,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/01/13 10:28:46 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/12/18 12:05:28 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/30 07:30:44 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/11/30 07:30:42 | 01,422,632 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/11/11 10:07:00 | 00,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/08/20 10:54:08 | 00,150,016 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/03/25 20:27:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/09/28 03:20:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009/12/17 14:08:56 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Theo\Desktop\OTL.exe
MOD - [2009/08/07 12:33:36 | 00,086,096 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2009/07/13 19:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 19:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 19:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 19:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/11/18 21:43:32 | 00,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/25 14:43:17 | 00,487,424 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009/08/25 14:24:48 | 00,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/07/31 15:22:53 | 00,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/25 07:20:20 | 00,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 19:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 19:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/29 11:44:38 | 00,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe -- (STacSV)
SRV - [2009/06/25 18:48:16 | 00,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/06/03 14:46:38 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/02 12:43:08 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/13 10:28:46 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/12/18 12:05:28 | 00,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 19:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/03/24 06:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/28 03:20:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/12/07 14:29:07 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/08/25 14:43:17 | 00,142,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009/07/13 19:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 19:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 19:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 19:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 19:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 19:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 19:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 19:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 19:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 19:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 19:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 19:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 19:20:44 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 19:20:37 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 19:20:36 | 00,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 19:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 19:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 19:20:36 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 19:20:36 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 19:20:36 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 19:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 19:20:36 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 19:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 19:20:28 | 00,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 19:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 19:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 19:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 19:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 19:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 19:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 19:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 19:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 19:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 19:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 19:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 19:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 19:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 19:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 19:19:04 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 19:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 18:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 18:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 18:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 17:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 17:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 17:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 17:52:04 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 17:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 17:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 17:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 17:51:23 | 00,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 17:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 17:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 17:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 17:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 17:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 17:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 17:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 17:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 17:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 16:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 16:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 16:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 16:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 16:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 16:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 16:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/07/13 16:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 16:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 16:02:48 | 01,131,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/13 16:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 14:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/06/29 11:44:38 | 00,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/06/25 19:23:46 | 04,993,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/05 08:28:12 | 00,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/06 16:03:00 | 00,274,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA008Vid.sys -- (OA008Vid)
DRV - [2009/04/06 13:19:46 | 00,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/06 06:30:08 | 00,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA008Ufd.sys -- (OA008Ufd)
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/13 10:27:38 | 00,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/11/30 07:30:40 | 00,204,464 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/10/28 09:48:04 | 00,135,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/09/15 11:11:02 | 00,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/09/15 11:11:00 | 00,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/09/15 11:10:56 | 00,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/05/08 15:58:58 | 00,277,888 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\A193_ADS.sys -- (A193_ADS)
DRV - [2007/11/14 02:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/04/09 09:50:34 | 00,009,600 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2006/11/10 14:05:00 | 00,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://us.mg201.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=2tgmaqphrommm|http://www.facebook.com/home.php"
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/20 19:01:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/20 20:22:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 14:01:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 14:01:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/20 20:34:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/11/20 19:28:23 | 00,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Mozilla\Extensions
[2009/09/14 20:51:32 | 00,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2009/12/17 02:29:54 | 00,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\yzd9951e.default\extensions
[2009/11/20 19:28:24 | 00,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\yzd9951e.default\extensions\anycolor.pavlos256@gmail.com
[2009/12/17 02:29:47 | 00,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\yzd9951e.default\extensions\isreaditlater@ideashower.com
[2009/12/17 02:29:54 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/31 21:25:09 | 00,002,400 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekservice115.xml
[2009/08/10 07:59:25 | 00,002,400 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekservice117.xml
[2009/08/14 20:37:22 | 00,002,400 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekservice119.xml
[2009/08/26 09:18:26 | 00,002,400 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekservice121.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

Report •

#16
December 17, 2009 at 12:31:16
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_17)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/sof... (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.104.254.254 144.92.254.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 20:37:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/12/17 14:08:55 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Users\Theo\Desktop\OTL.exe
[2009/12/17 03:02:49 | 00,000,000 | ---D | C] -- C:\Users\Theo\.thumbnails
[2009/12/16 14:14:45 | 00,134,408 | ---- | C] (Kaspersky Lab) -- C:\Users\Theo\Desktop\TDSSKiller.exe
[2009/12/13 14:26:21 | 00,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\Adobe
[2009/12/11 20:10:11 | 00,000,000 | ---D | C] -- C:\Program Files\VideoSlurp
[2009/12/11 19:58:46 | 00,086,683 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2009/12/11 19:58:43 | 00,000,000 | ---D | C] -- C:\Program Files\AoA Audio Extractor
[2009/12/11 19:55:00 | 00,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\Apple
[2009/12/11 18:59:14 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/12/11 18:45:48 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/12/11 18:45:46 | 00,000,000 | ---D | C] -- C:\rsit
[2009/12/11 18:43:41 | 00,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\Apple Computer
[2009/12/10 11:33:25 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/10 11:33:25 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/10 11:33:25 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/10 11:10:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/12/08 21:57:12 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/06 15:23:27 | 00,000,000 | ---D | C] -- C:\Users\Theo\.gimp-2.6
[2009/12/06 15:23:24 | 00,000,000 | ---D | C] -- C:\Users\Theo\.gegl-0.0
[2009/12/02 18:53:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/11/25 22:21:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/25 22:21:39 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/11/23 14:57:53 | 00,000,000 | ---D | C] -- C:\Users\Theo\Documents\ArcSoft ToGo
[2009/11/22 14:57:13 | 00,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\ElevatedDiagnostics
[2009/11/21 20:10:37 | 00,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2009/11/21 20:10:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2009/11/21 20:10:33 | 00,000,000 | ---D | C] -- C:\Program Files\NewBlue
[2009/11/21 16:47:08 | 00,000,000 | ---D | C] -- C:\Users\Theo\Documents\OneNote Notebooks
[2009/11/21 14:09:24 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/21 03:09:06 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/11/21 03:09:06 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/11/21 03:09:05 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/11/21 03:09:05 | 00,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/11/21 03:09:05 | 00,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/11/21 03:09:05 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/11/21 03:09:05 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/11/21 03:09:05 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/11/20 22:24:32 | 00,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2009/11/20 22:24:32 | 00,099,856 | ---- | C] (ATI Research Inc.) -- C:\Windows\System32\drivers\AtiHdmi.sys
[2009/11/20 22:24:31 | 00,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2009/11/20 22:24:31 | 00,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2009/11/20 22:24:29 | 11,651,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\atioglxx.dll
[2009/11/20 22:24:29 | 00,051,712 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2009/11/20 22:24:29 | 00,051,712 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2009/11/20 22:24:29 | 00,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2009/11/20 22:24:28 | 04,993,536 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2009/11/20 22:24:28 | 03,264,512 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2009/11/20 22:24:28 | 00,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2009/11/20 22:24:28 | 00,348,160 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe
[2009/11/20 22:24:28 | 00,184,320 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2009/11/20 22:24:28 | 00,176,128 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2009/11/20 22:24:28 | 00,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2009/11/20 22:24:28 | 00,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2009/11/20 22:24:28 | 00,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2009/11/20 22:24:28 | 00,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2009/11/20 21:00:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2009/11/20 20:45:21 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/11/20 20:36:13 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/11/20 20:36:13 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/11/20 20:35:02 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/20 20:35:02 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/20 20:32:58 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/11/20 20:32:45 | 00,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2009/11/20 20:23:28 | 00,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\HPAppData
[2009/11/20 20:21:26 | 00,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2009/11/20 20:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Dell Video Chat
[2009/11/20 20:18:00 | 00,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\SupportSoft
[2009/11/20 20:17:10 | 00,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2009/11/20 20:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2009/11/20 20:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2009/11/20 20:14:51 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009/11/20 20:12:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2009/11/20 20:12:11 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2009/11/20 20:10:26 | 00,000,000 | ---D | C] -- C:\Program Files\Creative Live! Cam
[2009/11/20 20:07:53 | 00,485,888 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2009/11/20 20:04:47 | 00,511,488 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\ctapo32.dll
[2009/11/20 20:04:47 | 00,368,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestecap.dll
[2009/11/20 20:04:47 | 00,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestacap.dll
[2009/11/20 20:04:47 | 00,061,440 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestaren.dll
[2009/11/20 20:04:46 | 12,021,852 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtcpl.cpl
[2009/11/20 20:04:46 | 03,600,384 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
[2009/11/20 20:04:46 | 00,536,576 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtmini1.exe
[2009/11/20 20:04:46 | 00,047,104 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\ctppld.dll
[2009/11/20 20:03:41 | 00,175,616 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\st326217.dll
[2009/11/20 19:58:12 | 00,000,000 | -HSD | C] -- C:\Recovery
[2009/11/20 18:55:18 | 00,000,000 | --SD | C] -- C:\Users\Theo\AppData\Roaming\Microsoft
[2009/11/20 18:55:18 | 00,000,000 | R--D | C] -- C:\Users\Theo\Videos
[2009/11/20 18:55:18 | 00,000,000 | R--D | C] -- C:\Users\Theo\Saved Games
[2009/11/20 18:55:18 | 00,000,000 | R--D | C] -- C:\Users\Theo\Pictures
[2009/11/20 18:55:18 | 00,000,000 | R--D | C] -- C:\Users\Theo\Music
[2009/11/20 18:55:18 | 00,000,000 | R--D | C] -- C:\Users\Theo\Links
[2009/11/20 18:55:18 | 00,000,000 | R--D | C] -- C:\Users\Theo\Favorites
[2009/11/20 18:55:18 | 00,000,000 | R--D | C] -- C:\Users\Theo\Downloads
[2009/11/20 18:55:18 | 00,000,000 | R--D | C] -- C:\Users\Theo\Documents
[2009/11/20 18:55:18 | 00,000,000 | R--D | C] -- C:\Users\Theo\Desktop
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\AppData\Local\Temporary Internet Files
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\Templates
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\Start Menu
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\SendTo
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\Recent
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\PrintHood
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\NetHood
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\Documents\My Videos
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\Documents\My Pictures
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\Documents\My Music
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\My Documents
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\Local Settings
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\AppData\Local\History
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\Cookies
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\Application Data
[2009/11/20 18:55:18 | 00,000,000 | -HSD | C] -- C:\Users\Theo\AppData\Local\Application Data
[2009/11/20 18:55:18 | 00,000,000 | -H-D | C] -- C:\Users\Theo\AppData
[2009/11/20 18:55:18 | 00,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\Temp
[2009/11/20 18:55:18 | 00,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\Microsoft
[2009/11/20 18:55:18 | 00,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\Media Center Programs
[2009/11/20 18:53:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2009/11/20 18:53:31 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/11/20 18:50:13 | 00,914,944 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2009/11/20 18:50:13 | 00,408,576 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2009/11/20 18:50:13 | 00,405,504 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2009/11/20 18:50:13 | 00,000,000 | ---D | C] -- C:\Program Files\IDT
[2009/11/20 18:50:10 | 00,086,016 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AESTCom.dll
[2009/11/20 18:50:08 | 00,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
[2009/11/20 18:49:35 | 00,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2009/11/20 18:47:47 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/11/20 16:46:07 | 00,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\DellWin7Upgrade
[2009/11/19 15:24:43 | 00,000,000 | ---D | C] -- C:\Fraps
[2009/11/19 00:43:56 | 00,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\Screaming Bee
[2009/11/18 20:39:13 | 00,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\MicroVision Applications
[2009/11/17 23:00:48 | 00,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009/12/17 14:23:24 | 04,718,592 | -HS- | M] () -- C:\Users\Theo\NTUSER.DAT
[2009/12/17 14:14:49 | 00,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/17 14:14:48 | 00,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/17 14:08:56 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Theo\Desktop\OTL.exe
[2009/12/17 14:06:20 | 00,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/17 14:06:20 | 00,000,310 | -HS- | M] () -- C:\Windows\tasks\Efqpjjfs.job
[2009/12/17 14:06:19 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/17 14:06:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/17 14:06:07 | 24,118,76352 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/17 03:19:13 | 02,944,705 | -H-- | M] () -- C:\Users\Theo\AppData\Local\IconCache.db
[2009/12/17 03:12:41 | 00,002,087 | ---- | M] () -- C:\Users\Theo\.recently-used.xbel
[2009/12/17 02:36:00 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/16 14:16:11 | 29,082,0406 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/13 22:32:33 | 00,028,160 | ---- | M] () -- C:\Users\Theo\Documents\Spanish Presentation Act 2.doc
[2009/12/13 13:37:11 | 00,752,744 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/13 13:37:11 | 00,641,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/13 13:37:11 | 00,114,520 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/11 18:55:48 | 00,292,864 | ---- | M] () -- C:\Users\Theo\Desktop\qt9zhpzl.exe
[2009/12/11 18:45:04 | 00,781,909 | ---- | M] () -- C:\Users\Theo\Desktop\RSIT.exe
[2009/12/10 11:20:45 | 00,007,597 | ---- | M] () -- C:\Users\Theo\AppData\Local\Resmon.ResmonCfg
[2009/12/09 21:18:08 | 00,108,032 | RHS- | M] () -- C:\Windows\System32\p2pcollabe.dll
[2009/12/07 14:29:07 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/12/05 17:37:40 | 00,134,408 | ---- | M] (Kaspersky Lab) -- C:\Users\Theo\Desktop\TDSSKiller.exe
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/27 12:16:35 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/24 14:44:07 | 00,023,877 | -HS- | M] () -- C:\Users\Theo\Documents\Folder.jpg
[2009/11/24 14:44:07 | 00,023,877 | -HS- | M] () -- C:\Users\Theo\Documents\AlbumArt_{60475C3F-2B00-473E-A051-C82A098A85A3}_Large.jpg
[2009/11/24 14:44:07 | 00,005,561 | -HS- | M] () -- C:\Users\Theo\Documents\AlbumArtSmall.jpg
[2009/11/24 14:44:07 | 00,005,561 | -HS- | M] () -- C:\Users\Theo\Documents\AlbumArt_{60475C3F-2B00-473E-A051-C82A098A85A3}_Small.jpg
[2009/11/23 19:06:23 | 00,013,632 | ---- | M] () -- C:\Users\Theo\Documents\Outline- spanish composition.docx
[2009/11/21 16:47:08 | 00,000,254 | ---- | M] () -- C:\Windows\win.ini
[2009/11/21 13:46:08 | 00,466,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/20 20:45:07 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/11/20 20:31:51 | 00,019,498 | ---- | M] () -- C:\Windows\hpqins13.dat
[2009/11/20 20:23:11 | 00,023,124 | ---- | M] () -- C:\Windows\hpqins15.dat
[2009/11/20 20:19:42 | 00,000,419 | ---- | M] () -- C:\Users\Theo\AppData\Local\Win7_Upgrade.bat
[2009/11/20 20:18:54 | 00,002,434 | ---- | M] () -- C:\Users\Theo\AppData\Local\Win7_tmp1.htm
[2009/11/20 20:11:48 | 00,000,075 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2009/11/20 19:59:21 | 00,133,504 | ---- | M] () -- C:\Users\Theo\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/20 19:58:27 | 00,000,020 | -HS- | M] () -- C:\Users\Theo\ntuser.ini
[2009/11/20 19:58:25 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/11/20 19:51:40 | 00,039,252 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/11/20 19:41:42 | 00,021,924 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/20 18:55:21 | 00,524,288 | -HS- | M] () -- C:\Users\Theo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/11/20 18:55:21 | 00,524,288 | -HS- | M] () -- C:\Users\Theo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/11/20 18:55:21 | 00,065,536 | -HS- | M] () -- C:\Users\Theo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/11/20 18:49:51 | 00,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2009/11/20 18:49:41 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/11/20 18:17:36 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/20 18:17:35 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/20 17:30:45 | 00,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/11/20 17:30:45 | 00,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/11/20 17:30:01 | 00,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/19 01:22:46 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/11/19 00:20:32 | 00,039,936 | ---- | M] () -- C:\Users\Theo\Documents\amnesia script.doc
[2009/11/18 23:31:25 | 00,300,111 | ---- | M] () -- C:\Users\Theo\Documents\Infernal Glitch thingie.m4v
[2009/11/18 21:07:54 | 00,012,691 | ---- | M] () -- C:\Users\Theo\Documents\BSA scholarship essays Dad comments.docx
[2009/11/18 21:07:54 | 00,000,162 | -H-- | M] () -- C:\Users\Theo\Documents\~$A scholarship essays Dad comments.docx
[2009/11/17 23:00:48 | 00,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009/12/17 03:12:41 | 00,002,087 | ---- | C] () -- C:\Users\Theo\.recently-used.xbel
[2009/12/13 22:32:33 | 00,028,160 | ---- | C] () -- C:\Users\Theo\Documents\Spanish Presentation Act 2.doc
[2009/12/11 18:55:47 | 00,292,864 | ---- | C] () -- C:\Users\Theo\Desktop\qt9zhpzl.exe
[2009/12/11 18:45:03 | 00,781,909 | ---- | C] () -- C:\Users\Theo\Desktop\RSIT.exe
[2009/12/09 21:18:09 | 00,000,310 | -HS- | C] () -- C:\Windows\tasks\Efqpjjfs.job
[2009/12/09 21:18:08 | 00,108,032 | RHS- | C] () -- C:\Windows\System32\p2pcollabe.dll
[2009/11/27 12:16:35 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/24 14:44:07 | 00,023,877 | -HS- | C] () -- C:\Users\Theo\Documents\AlbumArt_{60475C3F-2B00-473E-A051-C82A098A85A3}_Large.jpg
[2009/11/24 14:44:07 | 00,005,561 | -HS- | C] () -- C:\Users\Theo\Documents\AlbumArt_{60475C3F-2B00-473E-A051-C82A098A85A3}_Small.jpg
[2009/11/24 14:34:12 | 00,023,877 | -HS- | C] () -- C:\Users\Theo\Documents\Folder.jpg
[2009/11/24 14:34:12 | 00,005,561 | -HS- | C] () -- C:\Users\Theo\Documents\AlbumArtSmall.jpg
[2009/11/23 19:06:23 | 00,013,632 | ---- | C] () -- C:\Users\Theo\Documents\Outline- spanish composition.docx
[2009/11/20 20:30:59 | 00,007,597 | ---- | C] () -- C:\Users\Theo\AppData\Local\Resmon.ResmonCfg
[2009/11/20 20:27:41 | 00,019,498 | ---- | C] () -- C:\Windows\hpqins13.dat
[2009/11/20 20:21:50 | 00,023,124 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/11/20 20:21:50 | 00,000,716 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/11/20 20:19:42 | 00,000,419 | ---- | C] () -- C:\Users\Theo\AppData\Local\Win7_Upgrade.bat
[2009/11/20 20:01:59 | 00,002,434 | ---- | C] () -- C:\Users\Theo\AppData\Local\Win7_tmp1.htm
[2009/11/20 19:58:27 | 00,000,020 | -HS- | C] () -- C:\Users\Theo\ntuser.ini
[2009/11/20 19:58:25 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/20 19:53:22 | 24,118,76352 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/20 19:41:42 | 00,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/20 18:55:18 | 04,718,592 | -HS- | C] () -- C:\Users\Theo\NTUSER.DAT
[2009/11/20 18:55:18 | 00,524,288 | -HS- | C] () -- C:\Users\Theo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/11/20 18:55:18 | 00,524,288 | -HS- | C] () -- C:\Users\Theo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/11/20 18:55:18 | 00,065,536 | -HS- | C] () -- C:\Users\Theo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/11/20 18:50:01 | 00,010,896 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/20 18:50:01 | 00,010,896 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/20 18:49:51 | 00,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/11/20 18:49:41 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/11/20 18:15:37 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2009/11/20 17:12:39 | 00,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/11/20 17:12:39 | 00,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/11/19 00:20:32 | 00,039,936 | ---- | C] () -- C:\Users\Theo\Documents\amnesia script.doc
[2009/11/18 23:31:22 | 00,300,111 | ---- | C] () -- C:\Users\Theo\Documents\Infernal Glitch thingie.m4v
[2009/11/18 21:07:54 | 00,000,162 | -H-- | C] () -- C:\Users\Theo\Documents\~$A scholarship essays Dad comments.docx
[2009/11/18 21:07:47 | 00,012,691 | ---- | C] () -- C:\Users\Theo\Documents\BSA scholarship essays Dad comments.docx
[2009/09/16 20:51:24 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 12:21:05 | 00,118,784 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll
[2009/08/25 14:43:17 | 00,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/31 21:22:44 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/07/24 18:26:53 | 00,000,035 | ---- | C] () -- C:\Windows\worldbuilder.INI
[2009/07/23 21:16:48 | 00,139,224 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/07/23 21:16:48 | 00,022,328 | ---- | C] () -- C:\Users\Theo\AppData\Roaming\PnkBstrK.sys
[2009/07/13 17:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/19 19:06:22 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/01/13 10:29:00 | 00,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\eventlog.dll /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\scecli.dll /s /md5 >[/color]
[2009/07/13 19:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 19:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[color=#A23BEC]< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[/color]
[2009/07/13 19:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 19:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

[color=#A23BEC]< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >[/color]
[2009/07/13 19:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 19:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[color=#A23BEC]< %SYSTEMDRIVE%\sceclt.dll /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\logevent.dll /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\iaStor.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\nvstor*.sys /s /md5 >[/color]
[2009/07/13 19:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[2009/07/13 19:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 19:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

[color=#A23BEC]< %SYSTEMDRIVE%\atapi* /s /md5 >[/color]
[2009/07/13 19:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[2009/07/13 19:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 19:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[color=#A23BEC]< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\viasraid.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\AGP440.sys /s /md5 >[/color]
[2009/07/13 19:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[2009/07/13 19:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 19:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[color=#A23BEC]< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\viamraid.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\nvata.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\nvgts.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\iastorv.sys /s /md5 >[/color]
[2009/07/13 19:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[2009/07/13 19:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 19:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[color=#A23BEC]< %SYSTEMDRIVE%\ViPrt.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\eNetHook.dll /s /md5 >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

Report •

#17
December 17, 2009 at 18:59:57
Please run Esets online scanner from this link:

ESET

1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( I want to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.


Report •

#18
December 20, 2009 at 15:34:26
It found nothing:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=894694796eb0a84893cfd1094e7699e8
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-12-20 11:36:52
# local_time=2009-12-20 05:36:52 (-0600, Central Standard Time)
# country="United States"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 357141 357141 0 0
# compatibility_mode=1797 16775165 100 100 0 37677668 0 0
# compatibility_mode=5893 16776573 100 94 184918 12893219 0 0
# compatibility_mode=7937 16777213 100 100 0 11653880 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=172061
# found=0
# cleaned=0
# scan_time=3784

Report •

#19
December 20, 2009 at 16:07:28
Navigate to and delete this file if found:


C:\Windows\tasks\Efqpjjfs.job

Remember..your Avira antivirus, Windows Defender, Spyware Terminator and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#20
December 20, 2009 at 16:35:56
I did not find the file there.

ComboFix 09-12-19.04 - Theo 12/20/2009 18:24:17.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3067.2001 [GMT -6:00]
Running from: c:\users\Theo\Desktop\Combo-Fix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3674275196-973046703-3687896311-500
c:\windows\system32\oem7.inf
c:\windows\system32\st326217.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-21 00:29 . 2009-12-21 00:30 -------- d-----w- c:\users\Theo\AppData\Local\temp
2009-12-21 00:29 . 2009-12-21 00:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-20 22:32 . 2009-12-20 22:32 -------- d-----w- c:\program files\ESET
2009-12-20 02:02 . 2009-12-20 02:02 103736 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{A8EECCEB-2311-B9C3-8BAC-F09282D1C012}-hl2.exe
2009-12-17 23:11 . 2009-12-17 23:11 -------- d-----w- c:\programdata\McAfee Security Scan
2009-12-17 23:10 . 2009-12-17 23:14 -------- d-----w- c:\programdata\NOS
2009-12-17 23:10 . 2009-12-17 23:10 -------- d-----w- c:\program files\NOS
2009-12-17 23:10 . 2009-12-10 17:04 31936 ----a-w- c:\users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\yzd9951e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-12-17 23:10 . 2009-12-10 17:04 29344 ----a-w- c:\users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\yzd9951e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-12-17 09:02 . 2009-12-17 09:02 -------- d-----w- c:\users\Theo\.thumbnails
2009-12-13 20:26 . 2009-12-13 20:30 -------- d-----w- c:\users\Theo\AppData\Local\Adobe
2009-12-12 02:10 . 2009-12-12 02:10 -------- d-----w- c:\program files\VideoSlurp
2009-12-12 01:58 . 2007-05-13 18:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-12 01:58 . 2009-12-12 01:58 -------- d-----w- c:\program files\AoA Audio Extractor
2009-12-12 01:55 . 2009-12-12 01:55 -------- d-----w- c:\users\Theo\AppData\Local\Apple
2009-12-12 00:45 . 2009-12-15 20:21 -------- d-----w- c:\program files\trend micro
2009-12-12 00:45 . 2009-12-12 00:45 -------- d-----w- C:\rsit
2009-12-12 00:43 . 2009-12-12 00:43 -------- d-----w- c:\users\Theo\AppData\Local\Apple Computer
2009-12-10 17:10 . 2009-12-12 02:03 -------- d-----w- c:\programdata\Lavasoft
2009-12-10 03:18 . 2009-12-10 03:18 108032 --sha-r- c:\windows\system32\p2pcollabe.dll
2009-12-06 21:23 . 2009-12-17 09:12 -------- d-----w- c:\users\Theo\.gimp-2.6
2009-12-06 21:23 . 2009-12-06 21:23 -------- d-----w- c:\users\Theo\.gegl-0.0
2009-12-03 00:53 . 2009-12-03 00:53 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-26 04:21 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-26 04:21 . 2009-11-26 04:21 -------- d-----w- c:\program files\MSXML 4.0
2009-11-22 20:57 . 2009-11-22 20:57 -------- d-----w- c:\users\Theo\AppData\Local\ElevatedDiagnostics
2009-11-22 02:10 . 2009-11-22 02:10 279172 ----a-w- c:\programdata\eSellerate\eWebClient.dll
2009-11-22 02:10 . 2009-11-22 02:10 -------- d-----w- c:\programdata\eSellerate
2009-11-22 02:10 . 2009-11-22 02:10 -------- d-----w- c:\program files\Common Files\eSellerate
2009-11-22 02:10 . 2009-11-22 02:31 -------- d-----w- c:\program files\NewBlue
2009-11-21 20:09 . 2009-11-03 02:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-21 09:14 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-21 09:09 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-11-21 09:09 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-21 09:09 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-11-21 09:09 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
2009-11-21 09:09 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-21 09:09 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2009-11-21 09:09 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2009-11-21 09:09 . 2009-07-30 16:29 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-11-21 09:09 . 2009-07-30 16:27 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-11-21 09:09 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-11-21 04:25 . 2009-11-21 04:25 10134 ----a-r- c:\users\Theo\AppData\Roaming\Microsoft\Installer\{86C527CC-4AF2-903C-7BFF-5975272CC645}\ARPPRODUCTICON.exe
2009-11-21 03:00 . 2009-11-21 03:00 -------- d-----w- c:\program files\Common Files\Steam
2009-11-21 02:45 . 2009-11-21 01:58 -------- d-----w- c:\windows\Panther
2009-11-21 02:36 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-21 02:36 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-11-21 02:35 . 2009-11-21 02:35 -------- d-----w- c:\program files\iTunes
2009-11-21 02:35 . 2009-11-21 02:35 -------- d-----w- c:\program files\iPod
2009-11-21 02:32 . 2009-11-21 02:34 -------- d-----w- c:\program files\QuickTime
2009-11-21 02:32 . 2009-11-21 01:43 -------- d-----w- C:\$WINDOWS.~Q
2009-11-21 02:27 . 2009-11-21 02:31 19498 ----a-w- c:\windows\hpqins13.dat
2009-11-21 02:23 . 2009-12-21 00:21 -------- d-----w- c:\users\Theo\AppData\Roaming\HPAppData
2009-11-21 02:21 . 2009-11-21 02:23 23124 ----a-w- c:\windows\hpqins15.dat
2009-11-21 02:21 . 2009-11-21 02:26 -------- d-----w- C:\$INPLACE.~TR
2009-11-21 02:19 . 2009-11-21 02:19 419 ----a-w- c:\users\Theo\AppData\Local\Win7_Upgrade.bat
2009-11-21 02:18 . 2009-11-21 02:18 -------- d-----w- c:\program files\Dell Video Chat
2009-11-21 02:18 . 2009-11-21 02:18 -------- d-----w- c:\users\Theo\AppData\Local\SupportSoft
2009-11-21 02:17 . 2009-11-21 02:17 -------- d-----w- c:\programdata\SupportSoft
2009-11-21 02:15 . 2009-11-21 02:16 -------- d-----w- c:\program files\Dell Support Center
2009-11-21 02:15 . 2009-11-21 02:15 -------- d-----w- c:\program files\Common Files\supportsoft
2009-11-21 02:14 . 2009-11-21 02:14 -------- d-----w- c:\programdata\ATI
2009-11-21 02:12 . 2009-11-21 02:12 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-11-21 02:12 . 2009-11-21 02:12 -------- d-----w- c:\program files\ATI
2009-11-21 02:10 . 2009-11-21 02:10 -------- d-----w- c:\program files\Creative Live! Cam
2009-11-21 02:07 . 2009-06-29 17:44 485888 ------w- c:\windows\system32\stapi32.dll
2009-11-21 02:04 . 2009-05-12 19:25 511488 ----a-w- c:\windows\system32\ctapo32.dll
2009-11-21 02:04 . 2009-03-02 17:57 142848 ----a-w- c:\windows\system32\aestacap.dll
2009-11-21 02:04 . 2009-03-02 17:57 61440 ----a-w- c:\windows\system32\aestaren.dll
2009-11-21 02:04 . 2009-03-02 17:08 368640 ----a-w- c:\windows\system32\aestecap.dll
2009-11-21 02:04 . 2009-06-29 17:44 536576 ----a-w- c:\windows\system32\idtmini1.exe
2009-11-21 02:04 . 2009-06-29 17:44 3600384 ----a-w- c:\windows\system32\stlang.dll
2009-11-21 02:04 . 2009-05-12 19:26 47104 ----a-w- c:\windows\system32\ctppld.dll
2009-11-21 02:00 . 2009-12-13 19:37 -------- d-----w- c:\windows\system32\wbem\Performance
2009-11-21 01:59 . 2009-11-21 01:59 133504 ----a-w- c:\users\Theo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-21 01:58 . 2009-11-21 01:58 -------- d-----w- C:\Recovery
2009-11-21 01:41 . 2009-11-21 01:41 21924 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-21 01:33 . 2009-11-21 01:33 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-11-21 00:53 . 2009-11-21 00:53 -------- d-----w- c:\windows\system32\URTTEMP
2009-11-21 00:53 . 2009-12-12 02:03 -------- d-sh--w- c:\windows\Installer
2009-11-21 00:50 . 2009-11-21 02:08 -------- d-----w- c:\program files\IDT
2009-11-21 00:50 . 2009-06-29 17:44 914944 ----a-w- c:\windows\system32\stapo.dll
2009-11-21 00:50 . 2009-06-29 17:44 408576 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-11-21 00:50 . 2009-06-29 17:44 405504 ----a-w- c:\windows\system32\stcplx.dll
2009-11-21 00:50 . 2009-03-02 17:47 86016 ----a-w- c:\windows\system32\AESTCom.dll
2009-11-21 00:50 . 2009-11-21 00:50 -------- d-----w- c:\windows\system32\SRSLabs
2009-11-21 00:49 . 2009-11-21 00:49 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-21 00:49 . 2009-11-21 00:49 -------- d-----w- c:\program files\Synaptics

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 00:23 . 2009-07-25 00:57 -------- d-----w- c:\users\Theo\AppData\Roaming\Skype
2009-12-20 22:07 . 2009-07-25 01:10 -------- d-----w- c:\users\Theo\AppData\Roaming\skypePM
2009-12-20 00:50 . 2009-08-25 20:43 -------- d-----w- c:\programdata\Spyware Terminator
2009-12-20 00:50 . 2009-07-09 12:01 -------- d-----w- c:\programdata\McAfee
2009-12-18 07:13 . 2009-10-06 03:58 -------- d-----w- c:\users\Theo\AppData\Roaming\Audacity
2009-12-17 09:12 . 2009-08-06 22:13 -------- d-----w- c:\users\Theo\AppData\Roaming\gtk-2.0
2009-12-16 20:23 . 2009-08-25 20:43 -------- d-----w- c:\users\Theo\AppData\Roaming\Spyware Terminator
2009-12-12 01:00 . 2009-08-25 20:43 -------- d-----w- c:\program files\Spyware Terminator
2009-12-10 17:33 . 2009-07-09 11:25 -------- d-----w- c:\program files\Java
2009-12-10 06:16 . 2009-08-25 20:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-10 06:16 . 2009-10-19 04:57 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-10 02:58 . 2009-07-25 01:26 -------- d-----w- c:\users\Theo\AppData\Roaming\uTorrent
2009-12-09 06:34 . 2009-07-09 11:52 -------- d-----w- c:\programdata\Microsoft Help
2009-12-07 20:29 . 2009-08-25 21:15 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 22:14 . 2009-08-25 20:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-08-25 20:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 00:53 . 2009-07-09 11:39 -------- d-----w- c:\program files\Dell DataSafe Online
2009-11-27 18:16 . 2009-11-27 18:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-23 03:04 . 2009-08-29 06:10 -------- d-----w- c:\users\Theo\AppData\Roaming\HpUpdate
2009-11-22 02:30 . 2009-09-13 02:16 -------- d-----w- c:\program files\Vstplugins
2009-11-21 05:45 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2009-11-21 03:03 . 2009-07-25 00:14 -------- d-----w- c:\programdata\Symantec
2009-11-21 03:03 . 2009-07-25 00:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-21 02:35 . 2009-07-24 03:39 -------- d-----w- c:\program files\Common Files\Apple
2009-11-21 02:32 . 2009-07-24 03:40 -------- d-----w- c:\programdata\Apple Computer
2009-11-21 02:19 . 2009-07-09 11:54 -------- d-----w- c:\programdata\Dell
2009-11-21 02:19 . 2009-07-09 11:26 -------- d-----w- c:\program files\Dell
2009-11-21 02:14 . 2009-07-09 11:31 -------- d-----w- c:\program files\ATI Technologies
2009-11-21 02:11 . 2009-07-09 11:41 75 --sh--r- c:\windows\CT4CET.bin
2009-11-21 02:11 . 2009-07-09 11:40 -------- d-----w- c:\program files\Dell Webcam
2009-11-21 02:09 . 2009-07-09 11:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 01:28 . 2009-08-20 22:29 -------- d-----w- c:\users\Theo\AppData\Roaming\Ulead Systems
2009-11-21 01:28 . 2009-09-02 00:36 -------- d-----w- c:\users\Theo\AppData\Roaming\Thunderbird
2009-11-21 01:28 . 2009-07-26 21:04 -------- d-----w- c:\users\Theo\AppData\Roaming\Stardock
2009-11-21 01:28 . 2009-09-12 21:46 -------- d-----w- c:\users\Theo\AppData\Roaming\Sony Creative Software
2009-11-21 01:28 . 2009-08-23 03:22 -------- d-----w- c:\users\Theo\AppData\Roaming\Sony
2009-11-21 01:28 . 2009-11-19 06:43 -------- d-----w- c:\users\Theo\AppData\Roaming\Screaming Bee
2009-11-21 01:28 . 2009-10-04 16:38 -------- d-----w- c:\users\Theo\AppData\Roaming\NetMedia Providers
2009-11-21 01:28 . 2009-09-24 23:18 -------- d-----w- c:\users\Theo\AppData\Roaming\proDAD
2009-11-21 01:28 . 2009-09-01 22:43 -------- d-----w- c:\users\Theo\AppData\Roaming\Oracle
2009-11-21 01:28 . 2009-08-23 03:28 -------- d-----w- c:\users\Theo\AppData\Roaming\Publish Providers
2009-11-21 01:28 . 2009-08-14 17:15 -------- d-----w- c:\users\Theo\AppData\Roaming\Reallusion
2009-11-21 01:28 . 2009-07-25 20:50 -------- d--h--r- c:\users\Theo\AppData\Roaming\SecuROM
2009-11-21 01:27 . 2009-08-25 20:32 -------- d-----w- c:\users\Theo\AppData\Roaming\Malwarebytes
2009-11-21 01:27 . 2009-07-28 21:38 -------- d-----w- c:\users\Theo\AppData\Roaming\HP
2009-11-21 01:27 . 2009-07-25 02:36 -------- d-----w- c:\users\Theo\AppData\Roaming\Creative
2009-11-21 01:27 . 2009-07-24 16:57 -------- d-----w- c:\users\Theo\AppData\Roaming\InstallShield
2009-11-21 01:27 . 2009-07-23 23:24 -------- d-----w- c:\users\Theo\AppData\Roaming\Dell
2009-11-21 01:27 . 2009-09-11 18:25 -------- d-----w- c:\users\Theo\AppData\Roaming\ArcSoft
2009-11-21 01:27 . 2009-07-24 03:43 -------- d-----w- c:\users\Theo\AppData\Roaming\Apple Computer
2009-11-21 01:27 . 2009-07-23 23:28 -------- d-----w- c:\users\Theo\AppData\Roaming\ATI
2009-11-21 01:13 . 2009-07-26 21:03 -------- dc-h--w- c:\programdata\{DF6E6A21-48E9-4FBD-B0B2-9E838A1DFED0}
2009-11-21 01:13 . 2009-09-19 03:02 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-21 01:13 . 2009-07-31 23:08 -------- dc-h--w- c:\programdata\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2009-11-21 01:13 . 2009-07-31 21:22 -------- dc-h--w- c:\programdata\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2009-11-21 01:13 . 2009-07-28 21:39 -------- d-----w- c:\programdata\WEBREG
2009-11-21 01:13 . 2009-07-26 21:04 -------- dc-h--w- c:\programdata\{6F7EF3E6-7F1B-4824-84CD-E8DF6F1B4168}
2009-11-21 01:13 . 2009-07-25 20:21 -------- dc-h--w- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-11-21 01:13 . 2009-07-24 03:55 -------- d--h--w- c:\programdata\{5553977E-AF8B-4870-AEB6-53B6C1BC822D}
2009-11-21 01:13 . 2009-07-24 03:42 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-11-21 01:13 . 2009-07-09 11:39 -------- d-----w- c:\programdata\Uninstall
2009-11-21 01:13 . 2009-08-20 22:26 -------- d-----w- c:\programdata\Ulead Systems
2009-11-21 01:04 . 2009-10-29 20:54 -------- d-----w- c:\program files\Valve
2009-11-21 01:04 . 2009-09-13 00:55 -------- d-----w- c:\program files\uTorrent
2009-11-21 01:04 . 2009-10-08 02:14 -------- d-----w- c:\program files\tamasoftware
2009-11-21 01:02 . 2009-07-24 02:24 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-11-21 01:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-11-21 01:02 . 2009-07-09 11:47 -------- d-----w- c:\program files\Microsoft
2009-11-21 01:02 . 2009-08-19 23:44 -------- d-----w- c:\program files\Lame for Audacity
2009-11-21 01:02 . 2009-07-28 21:27 -------- d-----w- c:\program files\HP
2009-11-21 01:01 . 2009-08-25 20:24 -------- d-----w- c:\program files\Google
2009-11-21 01:01 . 2009-07-25 15:48 -------- d-----w- c:\program files\gmax
2009-11-21 01:01 . 2009-08-10 23:55 -------- d-----w- c:\program files\GIMP-2.0
2009-11-21 01:00 . 2009-08-01 03:22 -------- d-----w- c:\program files\Free Mp3WmaOgg Converter
2009-11-21 01:00 . 2009-07-24 03:18 -------- d-----w- c:\program files\GameSpy
2009-11-21 01:00 . 2009-07-24 02:58 -------- d-----w- c:\program files\Electronic Arts
2009-11-21 00:59 . 2009-07-24 21:29 -------- d-----w- c:\program files\EA Games
2009-11-21 00:57 . 2009-07-28 21:31 -------- d-----w- c:\program files\Common Files\HP
2009-11-21 00:49 . 2009-11-21 00:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-11-20 22:56 . 2009-11-20 22:56 0 ----a-w- c:\windows\system32\drivers\bcmA7B9.tmp
2009-11-18 05:00 . 2009-11-18 05:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-16 22:36 . 2009-11-16 22:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-13 04:06 . 2009-07-28 21:25 166217 ----a-w- c:\windows\hpoins28.dat
2009-11-12 23:07 . 2009-11-12 23:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 21:59 . 2009-10-26 20:28 -------- d-----w- c:\programdata\ijjigame
2009-10-11 10:17 . 2009-07-09 11:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-30 1422632]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-08-25 2171904]

c:\users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-7-24 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MediaTV Monitor.lnk]
backup=c:\windows\pss\MediaTV Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MediaTV Monitor.lnk

[HKLM\~\startupfolder\C:^Users^Theo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 18:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-12-03 22:14 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
2009-06-19 16:25 4825976 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-25 04:06 1217808 ----a-w- c:\program files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe"

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [8/25/2009 2:43 PM 142592]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [7/13/2009 5:52 PM 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe [11/20/2009 6:50 PM 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [11/20/2009 10:24 PM 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/25/2009 3:15 PM 108289]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [12/18/2008 12:05 PM 155648]
R3 A193_ADS;VideoXpress V2 Analog Capture;c:\windows\System32\drivers\A193_ADS.sys [9/11/2009 12:21 PM 277888]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\System32\drivers\CtClsFlt.sys [7/9/2009 5:40 AM 135936]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [7/13/2009 4:02 PM 229888]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\System32\drivers\OA008Ufd.sys [3/6/2009 6:30 AM 133632]
R3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\System32\drivers\OA008Vid.sys [5/6/2009 4:03 PM 274048]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [4/6/2009 1:19 PM 23064]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\System32\drivers\UsbFltr.sys [4/9/2007 9:50 AM 9600]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2009 2:24 PM 133104]

--- Other Services/Drivers In Memory ---

*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\yzd9951e.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg201.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=2tgmaqphrommm|http://www.facebook.com/home.php
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Theo\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\yzd9951e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-UVS10 Preload - c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
AddRemove-FMOD Designer - c:\program files\FMOD SoundSystem\FMOD Designer\uninstall.exe
AddRemove-Half-Life Uplink - c:\sierra\HALF-L~1\UNWISE.EXE
AddRemove-LADSPA_plugins-win_is1 - c:\program files\Audacity\Plug-Ins\unins000.exe
AddRemove-Steam - c:\progra~1\Valve\Steam\UNWISE.EXE
AddRemove-VST Bridge_is1 - c:\program files\Audacity\Plug-ins\VST Bridge\unins000.exe
AddRemove-Yahoo! BrowserPlus - c:\users\Theo\AppData\Local\Yahoo!\BrowserPlus\BrowserPlusUninstaller.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-12-20 18:32:28
ComboFix-quarantined-files.txt 2009-12-21 00:32

Pre-Run: 128,392,863,744 bytes free
Post-Run: 128,708,677,632 bytes free

- - End Of File - - B1F3DC95BA80D9A62A32D900E8E9120F


Report •

#21
December 20, 2009 at 17:52:23
Please download GooredFix and save it to your Desktop.

1. Double-click GooredFix.exe to run it.

2. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

Then let me know if you are still being redirected.


Report •

#22
December 20, 2009 at 18:03:33
GooredFix by jpshortstuff (06.12.09.1)
Log created at 20:04 on 20/12/2009 (Theo)
Firefox version 3.5.6 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:31 23/07/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [17:33 10/12/2009]

C:\Users\Theo\Application Data\Mozilla\Firefox\Profiles\yzd9951e.default\extensions\
anycolor.pavlos256@gmail.com [03:22 25/10/2009]
isreaditlater@ideashower.com [08:29 17/12/2009]
{20a82645-c095-46ed-80e3-08825760534b} [03:08 24/07/2009]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [23:10 17/12/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{000a9d1c-beef-4f90-9363-039d445309b8}"="C:\Program Files\Google\Google Gears\Firefox\" [01:36 04/11/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [09:38 11/04/2009]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02:22 21/11/2009]

-=E.O.F=-


And it appears that the problem has been fixed


Report •

#23
December 20, 2009 at 18:08:02
A little clean-up to do.

Delete RSIT, Gmer.exe, TDSSKiller, and GooredFix from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •

#24
January 3, 2010 at 11:19:39
This thing just won't go away...
I ran GMER and this time i did not get a BSOD

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-03 13:16:02
Windows 6.1.7600
Running: rrt1w5pr.exe; Driver: C:\Users\Theo\AppData\Local\Temp\pxldipog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x9055388E]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x905530EC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x90552DCE]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x90554938]
SSDT 97A85C8C ZwCreateThread
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x90552ED8]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x90552FC2]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x90553BBC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x905533F4]
SSDT 97A85C78 ZwOpenProcess
SSDT 97A85C7D ZwOpenThread
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x90553526]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x90552BFC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x90553B04]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x9055370C]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E34AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E34104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E343F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E341DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E34958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E346F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E34F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E351A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E94579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82EC07B8 4 Bytes [8E, 38, 55, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 82EC07F8 4 Bytes [EC, 30, 55, 90] {IN AL, DX ; XOR [EBP-0x70], DL}
.text ntkrnlpa.exe!RtlSidHashLookup + 308 82EC0808 4 Bytes [CE, 2D, 55, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 340 82EC0840 4 Bytes [38, 49, 55, 90] {CMP [ECX+0x55], CL; NOP }
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82EC084C 4 Bytes [8C, 5C, A8, 97] {MOV WORD [EAX+EBP*4-0x69], DS}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90C20000, 0x2D4FC0, 0xE8000020]
.text peauth.sys 9AEABC9D 28 Bytes [5E, B7, 43, 98, 70, E2, 61, ...]
.text peauth.sys 9AEABCC1 28 Bytes [5E, B7, 43, 98, 70, E2, 61, ...]
PAGE peauth.sys 9AEB1B9B 72 Bytes [27, DD, 0D, 40, DC, 7B, AE, ...]
PAGE peauth.sys 9AEB1BEC 111 Bytes [10, 57, 0A, 4D, 9B, 11, 27, ...]
PAGE peauth.sys 9AEB1E20 101 Bytes [66, D4, 3B, 55, 0A, F3, CF, ...]
PAGE ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C75D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C75D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C75D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C75D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7480250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74802494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747E5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747E56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747F8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747F4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747F50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747F51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [747F66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747F82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747F8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747F907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747FE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747F4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\.jar@ jarfile
Reg HKLM\SOFTWARE\Classes\.jnlp@ JNLPFile
Reg HKLM\SOFTWARE\Classes\.jnlp@Content Type application/x-java-jnlp-file
Reg HKLM\SOFTWARE\Classes\jarfile@ Executable Jar File
Reg HKLM\SOFTWARE\Classes\jarfile\shell
Reg HKLM\SOFTWARE\Classes\jarfile\shell\open
Reg HKLM\SOFTWARE\Classes\jarfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\jarfile\shell\open\command@ "C:\Program Files\Java\jre6\bin\javaw.exe" -jar "%1" %*
Reg HKLM\SOFTWARE\Classes\JavaPlugin\CLSID
Reg HKLM\SOFTWARE\Classes\JavaPlugin\CLSID@ {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Reg HKLM\SOFTWARE\Classes\JavaPlugin.160_17\CLSID
Reg HKLM\SOFTWARE\Classes\JavaPlugin.160_17\CLSID@ {5852F5ED-8BF4-11D4-A245-0080C6F74284}
Reg HKLM\SOFTWARE\Classes\JavaPlugin.FamilyVersionSupport\CLSID
Reg HKLM\SOFTWARE\Classes\JavaPlugin.FamilyVersionSupport\CLSID@ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled@ isInstalled Class
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled\CLSID
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled\CLSID@ {5852F5ED-8BF4-11D4-A245-0080C6F74284}
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled\CurVer
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled\CurVer@ JavaWebStart.isInstalled.1.6.0.0
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0@ isInstalled Class
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0\CLSID
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0\CLSID@ {5852F5ED-8BF4-11D4-A245-0080C6F74284}
Reg HKLM\SOFTWARE\Classes\JNLPFile@ JNLP File
Reg HKLM\SOFTWARE\Classes\JNLPFile\Shell
Reg HKLM\SOFTWARE\Classes\JNLPFile\Shell\Open
Reg HKLM\SOFTWARE\Classes\JNLPFile\Shell\Open@ &Launch
Reg HKLM\SOFTWARE\Classes\JNLPFile\Shell\Open\Command
Reg HKLM\SOFTWARE\Classes\JNLPFile\Shell\Open\Command@ "C:\Program Files\Java\jre6\bin\javaws.exe" "%1"

---- EOF - GMER 1.0.15 ----


Report •


Ask Question