please help me..im getting crazy..

yowanvista said:
The Log above mentions Uniblue software and TuneUP Utilities, be aware that these are very large cause of errors and usually cause problematic situations, most of these end up messing up with the system. These programs are actually useless in Windows 7

Fix any errors caused by these software by running SFC
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Your last resort is a http://www.sevenforums.com/tutorials/3413-repair-install.html
Click to expand...

sory but im using a notebook so i hav no cd/dvd rom..even a externel one so any other sugestion..:(
 

My Computer

OS
Windows 7 Ultimate x32
soulz said:
yowanvista said:
The Log above mentions Uniblue software and TuneUP Utilities, be aware that these are very large cause of errors and usually cause problematic situations, most of these end up messing up with the system. These programs are actually useless in Windows 7

Fix any errors caused by these software by running SFC
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Your last resort is a http://www.sevenforums.com/tutorials/3413-repair-install.html
Click to expand...

sory but im using a notebook so i hav no cd/dvd rom..even a externel one so any other sugestion..:(
Click to expand...
Did you run SFC? Remove all these 'system tuners'(TuneUP, Uniblue, Winoptimizer etc...) as they seemed to have messed up the whole system
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 10 Pro x64, Arch Linux
CPU
Intel Core 2 Quad Q8200 OC'd 3.08GHz
Motherboard
Asus Rampage formula LGA775
Memory
8GB DDR2 900Mhz
Graphics Card(s)
MSI GT730 2GB GDDR5 (Kepler)
Sound Card
Supreme FX2
Monitor(s) Displays
Samsung LS22F350 LED
Screen Resolution
1080P
Hard Drives
Kingston SSDNow UV400 120GB, 500GB Hitachi, 2TB Samsung, 500GB Seagate FreeAgent, 640GB Samsung, 160GB Toshiba (Arch)
PSU
AeroCool 500W Bronze
Cooling
Cooler Master V6 + 3X fans
Keyboard
Prolink keyboard
Mouse
Logitech M705
Internet Speed
1MiB/s
Browser
Chrome Beta
Registry Cleaners

I notice the presence of several Registry Cleaners on your pc.

Advanced SystemCare 3
MAGIX PC Check & Tuning
PC Booster Version 7
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.
Click to expand...
miekiemoes' Blog: Registry Cleaners and System Tweaking Tools
Regcleaner

I strongly recommend uninstalling all the above mentioned programs!

======================

Did you install a program named System Control Manager?

http://www.ikriv.com/en/prog/tools/ServiceControl/index.htmlhttp://download.cnet.com/System-Control-Manager/3000-18512_4-10966315.html

======================

Download CKScanner from here
Important - Save it to your desktop.
Right click CKScanner.exe, select Run as administrator, then click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

======================

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe and select Run as administrator to run it.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
======================

Please post the following in your next reply:

  1. The answer to my question about the program System Control Manager
  2. CKFiles.txt
  3. OTL.txt
  4. Extras.txt


Note: The logs you will be posting may be rather long. Please post them in individual replies to ensure that the logs do not get cut off.

When posting, please do not use the Quote or Multi icons. Please use the Post Reply.

Thank you
 

My Computer

Computer Manufacturer/Model Number
Dell Studio 15
OS
Windows 7 Ultimate 64 bit
Follow Carolyn's in structions. :geek:

Do you recognize this proxyserver? ProxyServer = http=93.86.162.100:8080;
Serbia Telekom Srbija Adsl Users

Edit (if you don't know this proxyserver) >>> Disable the proxy settings in Internet Explorer:
1) Under “Tools” in the browser tool bar select “Internet Options”.
2) In the “Internet Options” window that pops up, click the “Connections” tab at the top.
3) Click “LAN Settings” near the bottom of the “Connections” section.
4) If the “Proxy server” checkbox is marked with a check, click it to deselect/uncheck it.
5) Click “Ok” to close the “Local Area Network (LAN) Settings” window.
6) Click “Ok” to close the “Internet Options” window.
Reboot
Make sure "Proxy server" is still disabled under your LAN Settings.
 
Last edited:

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Jacee said:
Follow Carolyn's in structions. :geek:

Do you recognize this proxyserver? ProxyServer = http=93.86.162.100:8080;
Serbia Telekom Srbija Adsl Users

Edit (if you don't know this proxyserver) >>> Disable the proxy settings in Internet Explorer:
1) Under “Tools” in the browser tool bar select “Internet Options”.
2) In the “Internet Options” window that pops up, click the “Connections” tab at the top.
3) Click “LAN Settings” near the bottom of the “Connections” section.
4) If the “Proxy server” checkbox is marked with a check, click it to deselect/uncheck it.
5) Click “Ok” to close the “Local Area Network (LAN) Settings” window.
6) Click “Ok” to close the “Internet Options” window.
Reboot
Make sure "Proxy server" is still disabled under your LAN Settings.
Click to expand...

thanks jece but now my ie is still down for the reason i don know..so now im using firefox 3+..
 

My Computer

OS
Windows 7 Ultimate x32
yes i hav that system control manager..n always running..
Code: 
===========
ckfiles.txt
 
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\carboncs v1.1\cstrike\gfx\detail\cracked cement.tga
c:\program files\jdownloader\jd\plugins\hoster\crackedcom.class
c:\program files\superantispyware\keygen.exe
c:\windows\prefetch\crack.exe-0dad9529.pf
scanner sequence 3.BB.11
----- EOF ----- 
 
===========
otl.txt
 
OTL logfile created on: 13/3/2011 11:10:27 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\avflink\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy
 
1,013.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.37 Gb Total Space | 29.13 Gb Free Space | 34.94% Space Free | Partition Type: NTFS
Drive D: | 55.58 Gb Total Space | 33.04 Gb Free Space | 59.44% Space Free | Partition Type: NTFS
Drive K: | 3.73 Gb Total Space | 1.15 Gb Free Space | 30.95% Space Free | Partition Type: FAT32
 
Computer Name: SOULZZX | User Name: avflink | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[COLOR=#e56717]========== Processes (SafeList) ==========[/COLOR]
 
PRC - [2011/03/13 08:27:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\avflink\Desktop\OTL.exe
PRC - [2011/03/10 13:57:06 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/01/28 17:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/01/13 13:38:42 | 000,064,000 | ---- | M] (Megamedia Ltd.) -- C:\Users\avflink\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe
PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/14 10:05:43 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2010/12/05 19:15:00 | 000,086,016 | ---- | M] () -- C:\Windows\Installer\MSIB717.tmp
PRC - [2010/10/12 22:04:20 | 004,142,448 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
PRC - [2010/10/01 09:50:23 | 000,296,448 | ---- | M] (Microsoft) -- C:\Program Files\Stardock\ObjectDockPlus2\ObjectDockTray.exe
PRC - [2010/07/21 15:43:24 | 000,198,864 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/10/31 13:45:39 | 002,131,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/08/22 01:30:58 | 002,068,480 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2009/07/14 09:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/10 07:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe
 
 
[COLOR=#e56717]========== Modules (SafeList) ==========[/COLOR]
 
MOD - [2011/03/13 08:27:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\avflink\Desktop\OTL.exe
MOD - [2010/08/21 13:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
[COLOR=#e56717]========== Win32 Services (SafeList) ==========[/COLOR]
 
SRV - [2011/02/10 22:51:33 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/14 10:05:43 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/12/05 19:15:00 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\windows\Installer\MSIB717.tmp -- (HyperDeskCustomThemeEnabler)
SRV - [2010/11/18 13:28:24 | 000,196,096 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files\MAGIX\PC_Check_Tuning_2011_Download_Version\MXSAS.exe -- (MAGIX StartUp Analyze Service)
SRV - [2010/11/01 19:02:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/27 18:23:16 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/10/27 18:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/13 16:26:14 | 000,012,592 | ---- | M] (SRS Labs, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe -- (SRSHDAudioService)
SRV - [2010/04/29 04:30:00 | 003,555,568 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/08/24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS)
SRV - [2009/07/31 13:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/10 07:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
[COLOR=#e56717]========== Driver Services (SafeList) ==========[/COLOR]
 
DRV - [2011/01/25 18:40:06 | 000,085,768 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/12/10 14:24:32 | 000,420,920 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/13 20:30:00 | 002,109,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/10/07 13:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/07/02 11:08:32 | 000,384,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRS_HDAL_i386.sys -- (SRS_HDAL_Service)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/11 02:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/10 10:44:48 | 000,022,328 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys -- (MSI_DVD_010507)
DRV - [2010/05/10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010/05/10 10:44:36 | 000,016,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys -- (MSI_VGASYS_010507)
DRV - [2010/04/12 16:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/18 02:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2010/01/27 10:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/29 03:49:00 | 000,169,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/08/06 06:44:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/08/06 04:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/07/29 12:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009/07/25 03:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 06:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/01 11:03:10 | 000,372,224 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2009/06/24 10:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/06/20 01:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2009/06/20 01:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/06/20 01:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/06/18 03:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/01/18 17:19:10 | 000,003,567 | ---- | M] (Beyond Logic [URL="http://www.beyondlogic.org"]Beyond Logic[/URL]) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\porttalk.sys -- (PortTalk)
DRV - [2008/04/04 18:34:26 | 000,014,208 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\windows\System32\drivers\disksec.sys -- (DiskSec)
DRV - [2007/01/29 22:40:22 | 000,449,408 | ---- | M] (MSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MSILiveVirtualCamera.sys -- (MSILiveVirtualCamera)
DRV - [2003/09/17 09:06:00 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\system32\giveio.sys -- (giveio)
 
 
[COLOR=#e56717]========== Standard Registry (SafeList) ==========[/COLOR]
 
 
[COLOR=#e56717]========== Internet Explorer ==========[/COLOR]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL="http://www.yahoo.com"]Yahoo![/URL]
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL="http://securityresponse.symantec.com/avcenter/fix_homepage/"]Home Page Reset - Symantec Corp.[/URL]
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL="http://securityresponse.symantec.com/avcenter/fix_homepage/"]Home Page Reset - Symantec Corp.[/URL]
 
IE - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [URL="http://www.bing.com/"]Bing[/URL] [binary data]
IE - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL="http://malaysia.msn.com/"]Hotmail, MSN, Messenger - Malaysia[/URL]
IE - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [URL="http://www.yahoo.com/?ilc=1"]Yahoo![/URL]
IE - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=93.86.162.100:8080;ftp=93.86.162.100:8080;https=93.86.162.100:8080;
 
[COLOR=#e56717]========== FireFox ==========[/COLOR]
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=ddr"
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9
FF - prefs.js..extensions.enabledItems: [EMAIL="[email protected]"][email protected][/EMAIL]:1.1
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: [EMAIL="[email protected]"][email protected][/EMAIL]:6.9.8
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm607YYMY&ptb=ZvGNrw9LM9AAXAKljZDzog&ind=2011012801&ptnrS=ZKxdm607YYMY&si=19870&n=77dd9ec1&psa=&st=kwd&searchfor="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 0
FF - user.js..network.proxy.ssl: ""
FF - user.js..network.proxy.ssl_port: 0
FF - user.js..network.proxy.ftp: ""
FF - user.js..network.proxy.ftp_port: 0
FF - user.js..network.proxy.gopher: ""
FF - user.js..network.proxy.gopher_port: 0
FF - user.js..network.proxy.socks_version: 5
FF - user.js..network.proxy.socks: ""
FF - user.js..network.proxy.socks_port: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/03/01 13:14:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/01 13:14:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/01 13:14:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla\components [2011/03/08 10:26:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla\plugins [2011/03/08 10:26:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2011/02/04 16:57:48 | 000,000,000 | ---D | M]
 
[2010/11/28 11:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avflink\AppData\Roaming\mozilla\Extensions
[2011/01/30 13:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avflink\AppData\Roaming\mozilla\Firefox\Profiles\1x2a7f13.Firefox4\extensions
[2010/11/28 12:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avflink\AppData\Roaming\mozilla\Firefox\Profiles\1x2a7f13.Firefox4\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2011/01/30 13:55:53 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\avflink\AppData\Roaming\mozilla\Firefox\Profiles\1x2a7f13.Firefox4\extensions\[email protected]
[2011/03/13 15:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avflink\AppData\Roaming\mozilla\Firefox\Profiles\2czp8mth.Firefox3\extensions
[2011/02/07 16:27:16 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Users\avflink\AppData\Roaming\mozilla\Firefox\Profiles\2czp8mth.Firefox3\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
[2010/12/22 16:29:11 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\avflink\AppData\Roaming\mozilla\Firefox\Profiles\2czp8mth.Firefox3\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/12 19:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avflink\AppData\Roaming\mozilla\Firefox\Profiles\2czp8mth.Firefox3\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2011/01/30 14:19:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\avflink\AppData\Roaming\mozilla\Firefox\Profiles\2czp8mth.Firefox3\extensions\[email protected]
[2011/03/08 23:38:14 | 000,000,000 | ---D | M] (XJZ Survey Remover) -- C:\Users\avflink\AppData\Roaming\mozilla\Firefox\Profiles\2czp8mth.Firefox3\extensions\[email protected]
[2011/02/26 11:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avflink\AppData\Roaming\mozilla\Firefox\Profiles\f1brrzjl.default\extensions
[2011/02/26 11:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avflink\AppData\Roaming\mozilla\Firefox\Profiles\f1brrzjl.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2010/12/08 17:32:01 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\avflink\AppData\Roaming\mozilla\Firefox\Profiles\f1brrzjl.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/01/28 12:18:15 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\avflink\AppData\Roaming\mozilla\Firefox\Profiles\f1brrzjl.default\extensions\[email protected]
[2011/02/04 16:04:09 | 000,009,966 | ---- | M] () -- C:\Users\avflink\AppData\Roaming\Mozilla\Firefox\Profiles\f1brrzjl.default\searchplugins\mywebsearch.xml
File not found (No name found) -- 
[2011/03/01 13:14:37 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/03/01 13:14:38 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2011/03/01 13:14:40 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
File not found (No name found) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN
File not found (No name found) -- C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\SPFIREFOX
[2011/01/30 14:05:39 | 000,000,000 | ---D | M] (MegaKey) -- C:\USERS\AVFLINK\APPDATA\LOCAL\MEGAMEDIA\MEGAKEY\{1D3DB383-DB45-45B2-9F46-91218CA2CBCB}
[2011/02/23 18:00:15 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\AVFLINK\APPDATA\ROAMING\IDM\IDMMZCC3
() (No name found) -- C:\USERS\AVFLINK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1BRRZJL.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\AVFLINK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1BRRZJL.DEFAULT\EXTENSIONS\[email protected]
[2010/12/13 20:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
 
O1 HOSTS File: ([2011/03/13 14:15:29 | 000,000,046 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 [URL="http://www.example.com"]IANA — Example domains[/URL]
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (IE 4.x-6.x BHO for Internet Download Accelerator) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\Program Files\IDA\idaiehlp.dll (WestByte)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (MegaIeHelperBHO Class) - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\avflink\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll (Megamedia Ltd.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000..\Run: [MegakeyUpdater] C:\Users\avflink\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe (Megamedia Ltd.)
O4 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000..\Run: [SRSHDAudioLab] C:\Program Files\SRS Labs\SRS HD Audio Lab\HDAL.exe (SRS Labs, Inc.)
O4 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
O4 - Startup: C:\Users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1517447009-2668293335-1708370260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Capture Web Page - C:\Users\avflink\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download remotely with IDA - C:\Program Files\IDA\remdown.htm ()
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Fetch to Megaupload - C:\Users\avflink\AppData\Local\Megamedia\Megakey\MegaUpload.htm ()
O9 - Extra Button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe (WestByte)
O9 - Extra 'Tools' menuitem : &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe (WestByte)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} [URL]http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab[/URL] (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\Windows\System32\wbsys.dll) - C:\Windows\System32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll (Stardock)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven)
O24 - Desktop WallPaper: C:\Users\avflink\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[COLOR=#e56717]========== Files/Folders - Created Within 30 Days ==========[/COLOR]
 
[2011/03/13 14:15:27 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Roaming\Avira
[2011/03/13 14:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/03/13 14:10:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2011/03/13 14:10:27 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2011/03/13 14:10:27 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2011/03/13 14:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/03/13 14:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/03/13 14:00:48 | 000,000,000 | ---D | C] -- C:\Users\avflink\Desktop\ESET.NOD32.Av.BE.4.2.71.3.x86
[2011/03/13 08:27:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\avflink\Desktop\OTL.exe
[2011/03/12 18:40:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/03/12 18:40:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/03/12 11:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/03/12 11:31:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/12 11:30:56 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2011/03/12 11:04:44 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/03/12 10:58:51 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/03/12 10:38:18 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Local\temp
[2011/03/12 08:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/03/11 19:52:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/03/11 19:52:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/03/11 19:52:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/03/11 19:52:31 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/03/11 19:52:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/11 10:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/11 00:17:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/03/11 00:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/11 00:17:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/03/11 00:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2011/03/10 13:52:57 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/10 13:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/03/10 13:52:49 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/03/10 13:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/10 13:36:24 | 000,000,000 | ---D | C] -- C:\Users\avflink\Desktop\SUPERAntiSpyware Professional (MrXidus)
[2011/03/07 15:50:06 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Local\stub
[2011/03/06 00:41:09 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Local\ODUI
[2011/03/06 00:38:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
[2011/03/06 00:13:51 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Roaming\Stardock
[2011/03/05 15:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/03/05 02:00:38 | 000,000,000 | ---D | C] -- C:\Users\avflink\Documents\IDM
[2011/03/04 21:01:26 | 002,030,592 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer_backup.exe
[2011/03/04 21:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Start Orb Manager
[2011/03/04 19:57:42 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nCube
[2011/03/04 19:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\nCube
[2011/03/04 15:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/03/02 13:16:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/03/02 13:16:08 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/03/02 13:15:43 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/03/02 13:15:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/03/02 13:15:42 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/03/02 13:15:42 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/03/02 13:15:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/03/02 13:15:40 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/03/02 13:15:40 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/03/02 13:15:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/03/02 13:15:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/03/01 23:24:05 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Local\Winamp Toolbar
[2011/02/28 15:41:52 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Local\SRS Labs
[2011/02/28 15:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SRS Labs
[2011/02/27 11:35:39 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Roaming\Activision
[2011/02/27 11:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Activision
[2011/02/26 09:01:45 | 000,000,000 | ---D | C] -- C:\Users\avflink\New folder
[2011/02/23 21:55:50 | 000,000,000 | ---D | C] -- C:\Users\avflink\Documents\aIDM
[2011/02/23 18:54:12 | 000,000,000 | ---D | C] -- C:\Users\avflink\Documents\file n folder desktop
[2011/02/23 17:59:42 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Roaming\IDM
[2011/02/23 17:59:33 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/02/23 17:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/02/23 17:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2011/02/23 16:58:08 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2011/02/23 16:58:06 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2011/02/22 17:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2011/02/22 02:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlienGUIse
[2011/02/22 00:19:44 | 000,042,672 | ---- | C] (Stardock.Net, Inc) -- C:\windows\System32\wbsys.dll
[2011/02/21 20:53:15 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sndrec32.exe
[2011/02/18 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/02/18 17:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations
[2011/02/17 08:50:26 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Local\Dexter the Game
[2011/02/17 08:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icarus Studios, Inc
[2011/02/17 08:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\Icarus Studios, Inc
[2011/02/14 17:59:49 | 000,000,000 | ---D | C] -- C:\Users\avflink\AppData\Roaming\Lonely Troops
[2011/02/14 17:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Funny Bear Studio
[2011/02/14 17:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy2
[2011/02/14 17:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com
[2011/02/14 17:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\MyPlayCity.com
[2011/02/12 15:15:17 | 000,000,000 | ---D | C] -- C:\Users\avflink\Documents\Wondershare DVD Slideshow Builder
[2011/02/12 15:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare
[2011/02/12 15:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2011/02/12 15:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2011/02/12 08:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/02/12 08:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/02/11 23:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memory Washer
[2011/02/11 23:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Memory Washer
[2008/06/16 16:06:12 | 000,548,919 | ---- | C] ( ) -- C:\windows\System32\colorcvt.dll
[2008/06/16 16:06:12 | 000,065,602 | ---- | C] ( ) -- C:\windows\System32\cook.dll
[2008/03/30 07:42:46 | 000,557,056 | ---- | C] ( ) -- C:\windows\System32\raac.dll
[2008/03/30 07:42:46 | 000,286,720 | ---- | C] ( ) -- C:\windows\System32\drvc.dll
[2008/03/30 07:42:46 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\drv2.dll
[2008/03/30 07:42:46 | 000,139,264 | ---- | C] ( ) -- C:\windows\System32\sipr.dll
[2008/03/30 07:42:46 | 000,090,112 | ---- | C] ( ) -- C:\windows\System32\atrc.dll
[2008/03/30 07:42:46 | 000,057,344 | ---- | C] ( ) -- C:\windows\System32\rv20.dll
[2008/03/30 07:42:46 | 000,053,248 | ---- | C] ( ) -- C:\windows\System32\rv30.dll
[2008/03/30 07:42:46 | 000,049,152 | ---- | C] ( ) -- C:\windows\System32\rv40.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
[COLOR=#e56717]========== Files - Modified Within 30 Days ==========[/COLOR]
 
[2011/03/13 23:05:01 | 000,025,312 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/13 23:05:01 | 000,025,312 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/13 22:59:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/13 22:59:35 | 796,897,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/13 14:15:29 | 000,000,046 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/03/13 14:10:47 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/03/13 14:01:16 | 000,651,648 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/03/13 14:01:16 | 000,120,580 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/03/13 08:27:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\avflink\Desktop\OTL.exe
[2011/03/13 08:26:59 | 000,453,632 | ---- | M] () -- C:\Users\avflink\Desktop\CKScanner.exe
[2011/03/12 18:16:05 | 004,286,091 | ---- | M] () -- C:\Users\avflink\Desktop\ComboFix_2.exe
[2011/03/12 17:28:11 | 000,002,115 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/03/10 13:52:49 | 000,001,952 | ---- | M] () -- C:\Users\avflink\Desktop\SUPERAntiSpyware Professional.lnk
[2011/03/09 22:04:21 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2011/03/09 16:00:26 | 000,000,374 | ---- | M] () -- C:\windows\tasks\AWC Startup.job
[2011/03/09 11:10:58 | 000,000,380 | ---- | M] () -- C:\windows\tasks\AWC AutoSweep.job
[2011/03/06 00:40:36 | 000,002,032 | ---- | M] () -- C:\Users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2011/03/05 15:57:16 | 001,047,558 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
[2011/03/02 08:50:06 | 000,002,829 | ---- | M] () -- C:\Users\Public\Desktop\Youtube Movie Maker.lnk
[2011/03/01 22:58:58 | 000,001,382 | ---- | M] () -- C:\Users\avflink\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/26 23:11:26 | 000,175,104 | ---- | M] () -- C:\Users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe
[2011/02/23 17:55:00 | 000,506,312 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/02/23 01:04:03 | 000,000,638 | ---- | M] () -- C:\windows\win.old
[2011/02/21 20:51:52 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\sndrec32.exe
[2011/02/18 18:00:19 | 000,000,224 | ---- | M] () -- C:\windows\System32\9B13A86D.plf
[2011/02/12 13:53:56 | 000,000,019 | ---- | M] () -- C:\Users\avflink\Desktop\ram.vbe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
[COLOR=#e56717]========== Files Created - No Company Name ==========[/COLOR]
 
[2011/03/13 14:15:29 | 000,175,104 | ---- | C] () -- C:\Users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe
[2011/03/13 14:10:47 | 000,001,987 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/03/13 08:27:00 | 000,453,632 | ---- | C] () -- C:\Users\avflink\Desktop\CKScanner.exe
[2011/03/12 18:12:49 | 004,286,091 | ---- | C] () -- C:\Users\avflink\Desktop\ComboFix_2.exe
[2011/03/12 11:32:08 | 000,002,115 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/03/11 19:52:52 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/03/11 19:52:52 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/03/11 19:52:52 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/03/11 19:52:52 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/03/11 19:52:52 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/03/10 13:52:49 | 000,001,952 | ---- | C] () -- C:\Users\avflink\Desktop\SUPERAntiSpyware Professional.lnk
[2011/03/09 22:04:21 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2011/03/06 00:40:36 | 000,002,032 | ---- | C] () -- C:\Users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2011/03/05 15:56:00 | 001,047,558 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
[2011/03/02 08:50:06 | 000,002,829 | ---- | C] () -- C:\Users\Public\Desktop\Youtube Movie Maker.lnk
[2011/02/22 00:19:47 | 000,057,904 | ---- | C] () -- C:\windows\System32\wbload.dll
[2011/02/18 18:00:19 | 000,000,224 | ---- | C] () -- C:\windows\System32\9B13A86D.plf
[2011/02/17 15:01:20 | 000,230,400 | ---- | C] () -- C:\ProgramData\tempraw
[2011/02/12 13:53:56 | 000,000,019 | ---- | C] () -- C:\Users\avflink\Desktop\ram.vbe
[2011/02/01 11:34:48 | 002,050,952 | ---- | C] () -- C:\windows\System32\igkrng400.bin
[2010/12/17 15:26:10 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/12/05 15:23:06 | 000,384,752 | ---- | C] () -- C:\windows\System32\drivers\SRS_HDAL_i386.sys
[2010/11/27 19:49:47 | 000,006,374 | ---- | C] () -- C:\Users\avflink\AppData\Roaming\PStrip.bak
[2010/11/27 19:45:58 | 000,006,713 | ---- | C] () -- C:\Users\avflink\AppData\Roaming\PStrip.ini
[2010/11/27 18:55:53 | 000,000,064 | ---- | C] () -- C:\windows\wininit.ini
[2010/11/12 18:14:36 | 000,081,920 | ---- | C] () -- C:\windows\System32\GkSui20.EXE
[2010/11/07 19:39:06 | 000,008,192 | ---- | C] () -- C:\Users\avflink\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/11 15:12:22 | 000,012,446 | ---- | C] () -- C:\Users\avflink\AppData\Roaming\UserTile.png
[2010/09/22 19:32:50 | 000,000,084 | ---- | C] () -- C:\windows\netdet.ini
[2010/09/13 23:08:43 | 001,970,176 | ---- | C] () -- C:\windows\System32\d3dx9.dll
[2010/08/05 19:24:57 | 000,000,003 | ---- | C] () -- C:\windows\treeskp.sys
[2010/08/05 19:24:57 | 000,000,003 | ---- | C] () -- C:\windows\sbacknt.bin
[2010/07/08 12:04:10 | 000,000,036 | ---- | C] () -- C:\Users\avflink\AppData\Local\housecall.guid.cache
[2010/07/02 11:36:30 | 000,855,641 | ---- | C] () -- C:\Users\avflink\AppData\Roaming\PandaIDProtectHelp.chm
[2010/07/02 10:58:38 | 000,000,264 | ---- | C] () -- C:\windows\System32\PSUNCpl.dat
[2010/06/09 03:55:56 | 000,007,650 | ---- | C] () -- C:\Users\avflink\AppData\Local\resmon.resmoncfg
[2010/05/26 12:32:26 | 000,000,000 | ---- | C] () -- C:\Users\avflink\AppData\Roaming\wklnhst.dat
[2010/01/27 10:09:02 | 000,053,299 | ---- | C] () -- C:\windows\System32\pthreadVC.dll
[2009/12/15 14:41:30 | 000,268,912 | ---- | C] () -- C:\windows\System32\drivers\SRS_SSCFilter_i386.sys
[2009/08/04 06:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/04 06:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 12:33:53 | 000,506,312 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,651,648 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,120,580 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 08:19:49 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 01:07:46 | 000,025,448 | ---- | C] () -- C:\windows\System32\drivers\uxpatch.sys
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2008/04/23 08:42:12 | 000,376,832 | ---- | C] () -- C:\windows\System32\QFaceFilter.dll
[2008/03/21 06:56:56 | 000,069,632 | ---- | C] () -- C:\windows\System32\QFaceSound.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\windows\System32\giveio.sys
 
[COLOR=#e56717]========== Alternate Data Streams ==========[/COLOR]
 
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DF0DB8AB
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
 
< End of report >
 
==================
 
extras.txt
 
OTL Extras logfile created on: 13/3/2011 11:10:27 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\avflink\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy
 
1,013.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.37 Gb Total Space | 29.13 Gb Free Space | 34.94% Space Free | Partition Type: NTFS
Drive D: | 55.58 Gb Total Space | 33.04 Gb Free Space | 59.44% Space Free | Partition Type: NTFS
Drive K: | 3.73 Gb Total Space | 1.15 Gb Free Space | 30.95% Space Free | Partition Type: FAT32
 
Computer Name: SOULZZX | User Name: avflink | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[COLOR=#e56717]========== Extra Registry (SafeList) ==========[/COLOR]
 
 
[COLOR=#e56717]========== File Associations ==========[/COLOR]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)
 
[COLOR=#e56717]========== Shell Spawning ==========[/COLOR]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- Reg Error: Value error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[COLOR=#e56717]========== Security Center Settings ==========[/COLOR]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[COLOR=#e56717]========== System Restore Settings ==========[/COLOR]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[COLOR=#e56717]========== Firewall Settings ==========[/COLOR]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[COLOR=#e56717]========== Authorized Applications List ==========[/COLOR]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
[COLOR=#e56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/COLOR]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13550D11-1C3B-4585-A27B-9880BB1DA05D}" = Hyperdesk - DarkMatter Gamma Ray
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AFAB5E-0631-4A3F-934F-EFC59479A26E}" = Hyperdesk - DarkMatter Subspace
"{218E7693-3899-4C57-8831-8E57DDD8AE93}" = MAGIX Screenshare
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{325CEECA-0C31-4BB3-B1A9-8032611FB991}" = MAGIX 3D Maker (embedded MSI)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35136603-8297-4A0B-AF84-DA5DE9F8D9BA}_is1" = Microsoft Installer
"{380EFE58-0FC6-46B8-B757-E5D619E5728C}" = Fitness Frenzy
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{465692CB-7EF5-40A7-B07F-DC4DAB7416FC}" = MAGIX PhotoStory on CD & DVD 9 deluxe Download Version
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B955039-FDD1-497C-8522-5AD592F16131}" = MAGIX Xtreme Photo Designer 6
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{607169F0-07F6-4797-99D2-D5E7C4715E20}" = Mega Manager
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62B9E29A-BC60-4829-8724-100ACFF7E63D}" = IObit Toolbar v4.3
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.4.3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7A0FBAED-EEDF-4EA5-A2A7-38027D804319}" = DMshell
"{801B0DDA-94C2-4C5A-87BA-F2BED2D5AE77}" = MAGIX PC Check & Tuning 2011 Download Version
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{889D7767-A186-4ED4-A7D9-FC6ECDG2A82C}_is1" = PC Booster Version 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{929709C5-C179-4DC9-8FD7-757FC955EC2E}" = MAGIX Speed 2 (MSI)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931099E3-8F73-4028-A780-02C738176152}" = VideoCharge Studio
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Software
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D2EEBE5E-8F6A-45C3-8554-8BAB4444F463}_is1" = Quick Hide IP version 1.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF80E056-3F24-4C02-8F1B-C247E42A59BF}" = SRS HD Audio Lab
"{E084C471-FA8F-4468-93F1-25B3A13ED942}" = YoutubeMovieMaker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E30037F1-29B8-4A98-B673-C47C27641793}" = MSI Q-Face
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.15 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Ashampoo WinOptimizer 2010 Advanced_is1" = Ashampoo WinOptimizer 2010 Advanced
"Audio Editor Master_is1" = Audio Editor Master v5.4.1.226
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bus Driver" = Bus Driver 1.0
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"ClassicPro" = ClassicPro© v1.15
"conduitEngine" = Conduit Engine
"Counter-Strike Xtreme V5" = Counter-Strike Xtreme V5
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"DivX Setup.divx.com" = DivX Setup
"DMshell" = DMshell
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DreamMaker" = DreamMaker
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"Freemake Video Converter_is1" = Freemake Video Converter version 1.1.11
"Game Booster_is1" = Game Booster
"GameSpy Arcade" = GameSpy Arcade
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Internet Download Accelerator_is1" = Internet Download Accelerator version 5.8
"Internet Download Manager" = Internet Download Manager
"JDownloader" = JDownloader
"Magic Farm_is1" = Magic Farm
"MAGIX_MSI_Fotos_auf_CD_DVD_9_dlx" = MAGIX PhotoStory on CD & DVD 9 deluxe Download Version
"MAGIX_MSI_PC_Check_Tuning_2011" = MAGIX PC Check & Tuning 2011 Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Memory Washer_is1" = Memory Washer 7.1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mirro Player 1.0" = Mirro Player 1.0
"Mod Call of Duty V4 - Modern Warfare 2" = Mod Call of Duty V4 - Modern Warfare 2
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Firefox 4.0b10 (x86 en-US)" = Mozilla Firefox 4.0b10 (x86 en-US)
"ObjectDock Plus 2" = ObjectDock Plus 2
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"Patch de Players Alternativos - Spetnaz - Russia" = Patch de Players Alternativos - Spetnaz - Russia
"Photodex Presenter" = Photodex Presenter
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"ProShow Gold" = ProShow Gold
"Speccy" = Speccy
"Tony Hawk's Pro Skater 3_is1" = Tony Hawk's Pro Skater 3 v1.01
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"UltraISO_is1" = UltraISO Premium V9.36
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.1.6
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Wondershare DVD Slideshow Builder_is1" = Wondershare DVD Slideshow Builder(Build 6.0.2.27)
"World Riddles - Seven Wonders_is1" = World Riddles - Seven Wonders
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Widget Engine" = Yahoo! Widgets
 
[COLOR=#e56717]========== HKEY_USERS Uninstall List ==========[/COLOR]
 
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Megakey" = Megakey
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
 
[COLOR=#e56717]========== Last 10 Event Log Errors ==========[/COLOR]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
 

My Computer

OS
Windows 7 Ultimate x32
If you can't just do a reinstall, how about a system restore to a point before this started? Otherwise I would listen to the other posters here (especially yowanvista - he's helped me out immensely)
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
MSI GE72VR Apache Pro-416
OS
Windows 10x64 Build 1709
CPU
Intel i7 7700HQ Kaby Lake
Motherboard
Micro-Star Intl. MS-179B (U3C1)
Memory
16 GB DDR4 @2400
Graphics Card(s)
Nvidia Geforce GTX 1060
Screen Resolution
1920x1080 120Hz
Hard Drives
256 GB Nvme M.2 SSD

1TB HDD@7200
Cooling
Cooler Blast 4
Keyboard
Steel Series
Antivirus
Bit Defender Free
Browser
Edge
yes i hav that system control manager..n always running..
Click to expand...
I am not able to find much information about that program, but I see nothing that suggests that it is compatible with Windows 7.

Reading the description of the program and the error messages in the attach.txt log you posted earlier lends me to recommend that you uninstall that program.

======================

What can you tell me about these files?

Code: 
c:\program files\superantispyware\keygen.exe
c:\windows\prefetch\crack.exe-0dad9529.pf
======================

Upload files for scanning
I'd like you to check a file/some files for malware.


c:\program files\superantispyware\keygen.exe
c:\windows\prefetch\crack.exe-0dad9529.pf
Click to expand...
  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Repeat for all files on the list.


======================

Please post the following for my review:


  • The contents of C:\ComboFix.txt
  • The contents of C:\Qoobox\ComboFix-quarantined-files.txt
  • The VirusTotal or Jotti results
  • Also please tell me what the make and model of this computer is
 

My Computer

Computer Manufacturer/Model Number
Dell Studio 15
OS
Windows 7 Ultimate 64 bit
yowanvista said:
soulz said:
yowanvista said:
The Log above mentions Uniblue software and TuneUP Utilities, be aware that these are very large cause of errors and usually cause problematic situations, most of these end up messing up with the system. These programs are actually useless in Windows 7

Fix any errors caused by these software by running SFC
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Your last resort is a http://www.sevenforums.com/tutorials/3413-repair-install.html
Click to expand...

sory but im using a notebook so i hav no cd/dvd rom..even a externel one so any other sugestion..:(
Click to expand...
Did you run SFC? Remove all these 'system tuners'(TuneUP, Uniblue, Winoptimizer etc...) as they seemed to have messed up the whole system
Click to expand...

Yes i that sfc/scannow n there corrupted file n i verify it..n it is okey to uninistall all the system tweak n reg cleaner with revo uninstaller..
 

My Computer

OS
Windows 7 Ultimate x32
You're computer may be infected. Please follow the instructions in my last post.
 

My Computer

Computer Manufacturer/Model Number
Dell Studio 15
OS
Windows 7 Ultimate 64 bit
Carolyn said:
You're computer may be infected. Please follow the instructions in my last post.
Click to expand...


sorry but that program u mention in last post refer to that..the system tweak n reg cleaner or system control manager..it is okey to me to uninstall all the syetem tweak n reg cleaner with revo uninstaller
 

My Computer

OS
Windows 7 Ultimate x32
combofix.txt

ComboFix 11-03-10.02 - avflink 12/03/2011 10:24:03.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.60.1033.18.1013.484 [GMT 8:00]
Running from: c:\users\avflink\Documents\aIDM\Programs\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe
c:\users\avflink\AppData\Roaming\Microsoft\Windows\Templates\cdkeys.txt
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-12 to 2011-03-12 )))))))))))))))))))))))))))))))
.
.
2011-03-12 02:38 . 2011-03-12 02:59 -------- d-----w- c:\users\avflink\AppData\Local\temp
2011-03-12 02:38 . 2011-03-12 02:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-12 02:38 . 2011-03-12 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-12 00:16 . 2011-03-12 00:16 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-03-11 02:02 . 2011-03-11 02:02 -------- d-----w- c:\program files\ESET
2011-03-10 16:17 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-10 16:17 . 2011-03-10 16:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2011-03-10 16:17 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-10 05:52 . 2011-03-10 05:52 -------- d-----w- c:\users\avflink\AppData\Roaming\SUPERAntiSpyware.com
2011-03-10 05:52 . 2011-03-10 05:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-10 05:52 . 2011-03-10 05:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-07 07:50 . 2011-03-07 07:50 -------- d-----w- c:\users\avflink\AppData\Local\stub
2011-03-05 16:41 . 2011-03-05 16:41 -------- d-----w- c:\users\avflink\AppData\Local\ODUI
2011-03-05 16:38 . 2011-03-05 16:38 -------- dc-h--w- c:\programdata\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2011-03-05 16:13 . 2011-03-05 16:13 -------- d-----w- c:\users\avflink\AppData\Roaming\Stardock
2011-03-05 07:37 . 2011-03-05 12:42 -------- d-----w- c:\programdata\PC Tools
2011-03-04 20:49 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF6C4425-582F-4916-BFD2-D3A0E5960256}\mpengine.dll
2011-03-04 13:01 . 2011-03-04 13:01 -------- d-----w- c:\programdata\Start Orb Manager
2011-03-04 13:01 . 2009-10-31 05:45 2030592 ----a-w- c:\windows\explorer_backup.exe
2011-03-04 11:57 . 2011-03-04 11:57 -------- d-----w- c:\program files\nCube
2011-03-04 07:21 . 2011-03-11 13:17 -------- d-----w- c:\programdata\WinZip
2011-03-02 05:16 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-03-02 05:13 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-03-01 15:24 . 2011-03-01 15:24 -------- d-----w- c:\users\avflink\AppData\Local\Winamp Toolbar
2011-03-01 05:26 . 2011-03-12 02:41 -------- d-----w- c:\windows\system32\wbem\repository
2011-02-28 07:41 . 2011-03-01 05:18 -------- d-----w- c:\users\avflink\AppData\Local\SRS Labs
2011-02-28 07:41 . 2011-02-28 07:41 -------- d-----w- c:\programdata\SRS Labs
2011-02-28 07:08 . 2011-02-28 07:08 98304 ----a-w- c:\program files\Windows Media Player\wmpband.dll
2011-02-27 03:35 . 2011-02-27 03:35 -------- d-----w- c:\users\avflink\AppData\Roaming\Activision
2011-02-27 03:35 . 2011-02-27 03:35 -------- d-----w- c:\programdata\Activision
2011-02-26 01:01 . 2011-02-26 01:01 -------- d-----w- c:\users\avflink\New folder
2011-02-23 12:04 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 09:59 . 2011-03-11 11:08 -------- d-----w- c:\users\avflink\AppData\Roaming\IDM
2011-02-23 09:59 . 2011-02-23 09:59 -------- d-----w- c:\program files\Internet Download Manager
2011-02-23 08:58 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 08:58 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 09:49 . 2011-03-01 05:14 -------- d-----w- c:\program files\Feedback Tool
2011-02-21 16:19 . 2010-06-07 06:59 57904 ----a-w- c:\windows\system32\wbload.dll
2011-02-21 16:19 . 2008-04-26 07:14 42672 ----a-w- c:\windows\system32\wbsys.dll
2011-02-21 12:53 . 2011-02-21 12:51 131584 ----a-w- c:\windows\system32\sndrec32.exe
2011-02-18 09:19 . 2011-02-18 09:19 -------- d-----w- c:\programdata\ParetoLogic
2011-02-18 09:18 . 2011-02-18 09:18 -------- d-----w- c:\programdata\Cached Installations
2011-02-17 00:50 . 2011-02-18 08:47 -------- d-----w- c:\users\avflink\AppData\Local\Dexter the Game
2011-02-17 00:38 . 2011-03-01 05:14 -------- d-----w- c:\program files\Icarus Studios, Inc
2011-02-14 09:59 . 2011-02-14 09:59 -------- d-----w- c:\users\avflink\AppData\Roaming\Lonely Troops
2011-02-14 09:53 . 2011-02-14 09:53 -------- d-----w- c:\programdata\Funny Bear Studio
2011-02-14 09:38 . 2011-03-03 15:25 -------- d-----w- c:\programdata\FarmFrenzy2
2011-02-14 09:37 . 2011-03-03 15:28 -------- d-----w- c:\program files\MyPlayCity.com
2011-02-12 07:15 . 2011-02-12 07:15 -------- d-----w- c:\programdata\Wondershare
2011-02-12 07:12 . 2011-03-01 05:15 -------- d-----w- c:\program files\Wondershare
2011-02-12 00:21 . 2011-03-01 05:14 -------- d-----w- c:\program files\IObit Toolbar
2011-02-12 00:21 . 2011-02-12 00:21 -------- d-----w- c:\program files\Application Updater
2011-02-11 15:52 . 2011-02-11 15:52 -------- d-----w- c:\program files\Memory Washer
2011-02-10 14:51 . 2011-03-01 05:14 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-02-10 14:51 . 2011-03-01 05:14 -------- d-----w- c:\program files\Common Files\SRS Labs
2011-02-10 14:51 . 2011-03-01 05:15 -------- d-----w- c:\program files\SRS Labs
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 03:10 . 2010-06-24 03:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 10:27 . 2010-08-14 00:37 22032896 ----a-w- c:\windows\system32\imageres.dll
2011-02-03 05:45 . 2011-02-09 05:34 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 09:11 . 2010-06-01 17:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-25 10:40 . 2011-02-01 14:37 85768 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-01-07 07:27 . 2011-02-09 05:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 05:36 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:37 . 2011-02-09 05:36 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38 . 2011-02-09 05:37 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38 . 2011-02-09 05:37 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38 . 2011-02-09 05:37 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38 . 2011-02-09 05:37 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38 . 2011-02-09 05:37 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 05:37 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38 . 2011-02-09 05:37 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36 . 2011-02-09 05:37 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36 . 2011-02-09 05:37 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34 . 2011-02-09 05:37 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29 . 2011-02-09 05:36 541184 ----a-w- c:\windows\system32\kerberos.dll
.
.
------- Sigcheck -------
.
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[-] 2009-10-31 . A58FEBE1AFC2D72E803AFAD51BA4F3AF . 2131456 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[-] 2009-10-31 . 980572BCDB38D1E54DF473D2C6F8CE62 . 2131456 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2009-02-16 1882136]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2009-02-16 22:44 1882136 ----a-w- c:\program files\ToggleEN\tbTogg.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 07:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:16 64000 ----a-w- c:\users\avflink\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-29 07:26 3908192 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 22:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-12-31 03:53 2349080 ----a-w- c:\program files\free-downloads.net\tbfree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2010-09-26 09:31 141568 ----a-w- c:\progra~1\DAP\dapieloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2009-02-16 1882136]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2009-02-16 1882136]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-01-25 10:40 67680 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MegakeyUpdater"="c:\users\avflink\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe" [2011-01-13 64000]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-07-21 198864]
"SRSHDAudioLab"="c:\program files\SRS Labs\SRS HD Audio Lab\HDAL.exe" [2010-12-01 546816]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-10 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-21 2068480]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
.
c:\users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-3-6 4142448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-12 91136]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 15:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-22 20:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2009-07-22 21:40 83336 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 16:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Q-Face agent]
2008-12-16 01:52 20792 ----a-w- c:\program files\MSI\MSI Q-Face\WebTest.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;c:\program files\MAGIX\PC_Check_Tuning_2011_Download_Version\MXSAS.exe [2010-11-18 196096]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLASHSYS;FLASHSYS; [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [2010-05-10 22328]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [2010-05-10 25912]
R3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [2010-05-10 16696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-04-28 3555568]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [2009-01-18 3567]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [2010-09-13 12592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-01 1343400]
S0 DiskSec;Magix Volume Filter Driver; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-10 420920]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSIB717.tmp [2010-12-05 86016]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-01-25 85768]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\DRIVERS\MSILiveVirtualCamera.sys [2007-01-29 449408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-10-26 322664]
S3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2010-07-02 384752]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-09 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2011-01-23 06:11]
.
2011-03-09 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2011-01-23 08:19]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=93.86.162.100:8080;ftp=93.86.162.100:8080;https=93.86.162.100:8080;
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Capture Web Page - c:\users\avflink\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download ALL with IDA - c:\program files\IDA\idaieall.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download remotely with IDA - c:\program files\IDA\remdown.htm
IE: Download with IDA - c:\program files\IDA\idaie.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fetch to Megaupload - c:\users\avflink\AppData\Local\Megamedia\Megakey\MegaUpload.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
LSP: c:\programdata\Megamedia\Megakey\msadm.dll
TCP: {593B376E-676F-48D9-A12E-62FDA99F37BD} = 202.188.0.133,202.188.1.5
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\avflink\AppData\Roaming\Mozilla\Firefox\Profiles\2czp8mth.Firefox3\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://malaysia.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: XJZ Survey Remover: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Add N Edit Cookies: {038dc421-b19e-4711-a218-1fd10de9163b} - %profile%\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\DAP\DAPFireFox
FF - Ext: MegaKey: {1D3DB383-DB45-45b2-9F46-91218CA2CBCB} - c:\users\avflink\AppData\Local\Megamedia\Megakey\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB}
FF - Ext: IDM CC: [email protected] - c:\users\avflink\AppData\Roaming\IDM\idmmzcc3
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSIB717.tmp\" -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44164FB2-EE55-C560-BF4F-B823942BC67E}*]
"hanbphdeelogcmga"=hex:6b,61,69,6a,65,6c,69,6a,68,67,63,6c,6c,6f,66,67,65,6a,
62,70,69,69,00,00
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAFA642D-4D62-DB26-5DAF-71AAF11AE732}*]
@Allowed: (Read) (RestrictedCode)
"fapbpmemdgdd"=hex:66,61,6b,62,64,67,66,6a,67,69,6d,6a,00,ff
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F990C899-1F76-80FE-6C7F-7E26270AD21D}*]
@Allowed: (Read) (RestrictedCode)
"abnmkilkelhdamplholbichklefeaponif"=hex:6b,61,6f,64,6e,69,67,64,64,6d,64,6f,
62,63,70,61,67,6a,64,63,64,69,00,00
"palcalmfpmeldhbkjibjlcceondpkjll"=hex:6b,61,6f,64,6e,69,67,64,64,6d,64,6f,62,
63,70,61,67,6a,64,63,64,69,00,00
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000_Classes\CLSID\{09fad736-a6cd-4ebb-bdf0-6bbbdc9ba508}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000103
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,e6,4e,41,10,c4,2c,98,b2,df,7b,ad,34,74,cf,94,30,42,2d,58,8e,14,1a,\
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):32,2c,b5,c1,19,04,09,26,8b,fd,65,d8,69,74,64,d8,e8,bf,40,43,81,
1f,19,5e,00,3f,32,91,f3,95,0f,d4,43,83,8c,b1,7e,9d,2d,96,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000_Classes\CLSID\{64f0b0da-4b97-4504-94d4-ff83482c0658}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000038
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):c5,99,62,4a,07,f0,eb,2e,eb,ec,0e,eb,2f,46,06,65,6f,97,c8,38,72,
c4,83,f4,bf,d5,f9,fd,5c,b9,be,4c,f2,96,b8,03,3b,eb,2b,48,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3244)
c:\program files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2011-03-12 11:04:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-12 03:04
ComboFix2.txt 2011-03-11 12:24
.
Pre-Run: 31,885,910,016 bytes free
Post-Run: 31,832,518,656 bytes free
.
- - End Of File - - 176DEC84EE1A00C72122BE4579113B3F

==========
combofix-quarantined-file.txt

2011-03-12 01:37:09 . 2011-02-26 15:11:26 175,104 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe.vir
2011-03-12 00:27:10 . 2011-03-12 00:38:45 5,263 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Microsoft\Windows\Templates\cdkeys.txt.vir
2011-03-11 12:21:31 . 2011-03-11 12:21:31 478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-GetAmped2_US.reg.dat
2011-03-11 12:21:30 . 2011-03-11 12:21:30 1,258 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Dexter The Game.reg.dat
2011-03-11 12:19:00 . 2011-03-11 12:19:00 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-My Web Search Bar Search Scope Monitor.reg.dat
2011-03-11 12:18:46 . 2011-03-11 12:18:46 434 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-WBSrv.reg.dat
2011-03-11 12:17:31 . 2011-03-11 12:17:31 168 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-cacaoweb.reg.dat
2011-03-11 12:17:30 . 2011-03-11 12:17:30 166 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793}.reg.dat
2011-03-11 12:17:29 . 2011-03-11 12:17:29 166 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}.reg.dat
2011-03-11 12:17:09 . 2011-03-11 12:17:09 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2011-03-11 12:04:45 . 2011-03-11 12:04:45 1,128 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MyWebSearchService.reg.dat
2011-03-11 12:04:12 . 2011-03-12 02:34:16 7,672 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-03-11 11:52:31 . 2011-03-12 02:24:03 274 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-03-01 04:24:23 . 2011-03-01 04:24:28 1,724 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\00094C6A.bin.vir
2011-03-01 04:24:22 . 2011-03-01 04:24:23 1,620 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\00094A0A.bmp.vir
2011-03-01 04:24:21 . 2011-03-01 04:24:22 215 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\000943A4.vir
2011-03-01 04:24:21 . 2011-03-01 04:24:21 1,024 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\History\search3.vir
2011-03-01 04:24:21 . 2011-03-01 04:24:20 56,521 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm.vir
2011-03-01 04:24:15 . 2011-03-01 04:24:20 56,521 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\00092C9B.vir
2011-01-30 09:07:23 . 2011-01-30 09:07:23 0 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\cacaoweb\ad1873C64B.ad.vir
2011-01-30 05:55:14 . 2011-01-30 06:03:42 27 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\cacaoweb\adstorage.db.vir
2011-01-30 05:55:14 . 2011-01-30 09:07:44 25 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\cacaoweb\storage.db.vir
2011-01-30 05:55:09 . 2011-01-30 06:03:37 346,864 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\cacaoweb\cacaoweb.exe.vir
2011-01-28 09:36:34 . 2011-01-28 09:36:34 726,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 24 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\s_pid.dat.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 12,782 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 7,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\WB.ICO.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 7,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\SMILEY.ICO.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 10,134 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\PSS.ICO.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 7,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\MFC.ICO.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 7,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\CM.ICO.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 56,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\REVERSI.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 66,726 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\CHESS.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 56,438 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 113,081 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 243,509 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 149,817 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 155,471 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 43,287 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 122,747 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\MAID.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 272,367 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 129,559 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 106,998 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\FISH.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 71,675 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\DOG.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 301,118 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 87,778 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 330,710 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 89,655 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 3,844 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR.vir
2011-01-28 06:19:31 . 2011-01-28 06:19:29 32,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\f3PSSavr.scr.vir
2011-01-28 06:19:30 . 2011-01-28 06:19:30 28,762 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir
2011-01-28 06:19:30 . 2011-01-28 06:19:30 796,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir
2011-01-28 06:19:30 . 2011-01-28 06:19:30 77,913 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir
2011-01-28 06:19:30 . 2011-01-28 06:19:30 32,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 57,447 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 73,813 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 155,738 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 16,500 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 16,479 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 28,672 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 86,078 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 16,501 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 715 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 3,343 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 20,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 305 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 5,446 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 24,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 28,776 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 32,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 32,856 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 77,906 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 278,610 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 86,096 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 139,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 139,130 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 133 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST.vir
2010-12-29 14:22:43 . 2010-12-29 14:28:44 122 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi.vir
2010-12-29 14:22:43 . 2010-12-29 14:28:44 1,471 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi.vir
2010-12-29 14:22:42 . 2010-12-29 14:28:46 269 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Local\Temp\DDM\Settings\.ddr.vir
2010-12-29 14:22:20 . 2010-12-29 14:22:20 7,716,864 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp.vir
2010-12-29 08:23:25 . 2010-12-29 08:23:25 316 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk.vir
2010-12-29 08:23:25 . 2010-12-29 08:23:25 348 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk.vir
2010-12-29 08:23:25 . 2010-12-29 08:23:25 384 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk.vir
2010-12-29 08:03:34 . 2010-12-29 09:21:04 33 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr.vir
2010-12-29 08:03:31 . 2010-12-29 08:06:18 4,199,082 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx.vir
2010-12-11 07:16:00 . 2010-12-11 07:16:01 75,473 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\explorer\pic\Img1.jpeg.vir
2010-12-11 07:00:36 . 2010-12-11 07:00:36 100,941 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\explorer\pic\Img%.jpeg.vir
2010-12-11 07:00:36 . 2010-12-11 07:00:36 48 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\explorer\melt.txt.vir
2010-12-11 07:00:31 . 2010-12-11 07:00:31 4,499 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\explorer\cd.txt.vir
2010-12-11 07:00:30 . 2010-12-11 07:00:30 0 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\explorer\Decrypt.txt.vir
2010-11-21 01:25:53 . 2010-11-21 01:25:53 51 ----a-w- C:\Qoobox\Quarantine\C\autorun.inf.vir
2010-11-21 01:24:55 . 2011-03-09 03:10:58 53,248 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\chrtmp.vir
2009-07-13 23:34:20 . 2009-07-14 01:14:43 26,112 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\userinit.exe.vir
2006-02-26 23:40:21 . 2006-02-26 23:40:21 15 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\logs.dat.vir
2005-07-06 16:41:12 . 2005-07-06 16:41:12 98,343 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\14_43260.dll.vir
2005-07-06 16:41:12 . 2005-07-06 16:41:12 57,383 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\28_83260.dll.vir
========
this report from virustotal
c:\program files\superantispyware\keygen.exe
Antivirus Version Last Update Result AhnLab-V32011.03.15.022011.03.15-AntiVir7.11.4.2042011.03.15-Antiy-AVL2.0.3.72011.03.15-Avast4.8.1351.02011.03.14-Avast55.0.677.02011.03.14-BitDefender7.22011.03.15-CAT-QuickHeal11.002011.03.15-ClamAV0.96.4.02011.03.14-Commtouch5.2.11.52011.03.15-Comodo79872011.03.15-DrWeb5.0.2.033002011.03.15-Emsisoft5.1.0.22011.03.15HackTool.Win32.Ke!IKeSafe7.0.17.02011.03.14-eTrust-Vet36.1.82162011.03.15-F-Prot4.6.2.1172011.03.15-F-Secure9.0.16440.02011.03.14-Fortinet4.2.254.02011.03.15-GData212011.03.15-IkarusT3.1.1.97.02011.03.15HackTool.Win32.KeJiangmin13.0.9002011.03.15-K7AntiVirus9.93.41092011.03.15-Kaspersky7.0.0.1252011.03.15-McAfee5.400.0.11582011.03.15Artemis!F75852775406McAfee-GW-Edition2010.1C2011.03.15Artemis!F75852775406Microsoft1.66032011.03.15HackTool:Win32/KeygenNOD3259532011.03.14-Norman6.07.032011.03.14-nProtect2011-02-10.012011.02.15-Panda10.0.3.52011.03.14-PCTools7.0.3.52011.03.11-Prevx3.02011.03.15-Rising23.49.01.032011.03.15-Sophos4.63.02011.03.15-SUPERAntiSpyware4.40.0.10062011.03.15-Symantec20101.3.0.1032011.03.15WS.Reputation.1TheHacker6.7.0.1.1502011.03.15-TrendMicro9.200.0.10122011.03.15-TrendMicro-HouseCall9.200.0.10122011.03.15-VBA323.12.14.32011.03.14-VIPRE87082011.03.15-ViRobot2011.3.15.43572011.03.15-VirusBuster13.6.249.32011.03.14- Additional information
Show all
MD5 : f75852775406d209ed523458792f796d SHA1 : c366e4d6c8682f2603dce42504b63a6a310222ac SHA256: d93fade6e6e760d028bebd23335fcf0bf1c84dd8321c2e9f2a8024be7050f4b7 ssdeep: 6144:hRAjFBlDyLrM2/YuPIaE4IgxwZ/A4hOt2PNvuO:AlDyLrMDkQv6in File size : 266240 bytes First seen: 2010-01-02 22:12:18 Last seen : 2011-03-15 08:11:54 TrID:
UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%) sigcheck:
publisher....: AT4RE
copyright....:
product......:
description..: Prince _ AT4RE
original name:
internal name:
file version.: 2.0.0.0
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser packers (F-Prot): UPX packers (Kaspersky): UPX PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xD0DE0
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
UPX0, 0x1000, 0x93000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
UPX1, 0x94000, 0x3D000, 0x3D000, 7.92, eb83bc5a278dc67cbd3bdefc1215a1a1
.rsrc, 0xD1000, 0x4000, 0x3C00, 4.66, 2a436db29540a70cb46eeff7ad85fc20

[[ 9 import(s) ]]
KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
advapi32.dll: RegFlushKey
comctl32.dll: ImageList_Add
comdlg32.dll: ChooseColorA
gdi32.dll: SaveDC
ole32.dll: CoInitialize
oleaut32.dll: VariantCopy
user32.dll: GetDC
version.dll: VerQueryValueA
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 249856
Comments:
CompanyName: AT4RE
EntryPoint: 0xd0de0
FileDescription: Prince | AT4RE
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 260 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 2.0.0.0
FileVersionNumber: 1.0.0.0
ImageVersion: 0.0
InitializedDataSize: 16384
InternalName:
LanguageCode: English (U.S.)
LegalCopyright:
LegalTrademarks:
LinkerVersion: 2.25
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename:
PEType: PE32
ProductName:
ProductVersion: 1.0.0.0
ProductVersionNumber: 1.0.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1992:06:20 00:22:17+02:00
UninitializedDataSize: 602112
==============

c:\windows\prefetch\crack.exe-0dad9529.pf

Antivirus Version Last Update Result AhnLab-V32011.03.15.022011.03.15-AntiVir7.11.4.2042011.03.15-Antiy-AVL2.0.3.72011.03.15-Avast4.8.1351.02011.03.14-Avast55.0.677.02011.03.14-AVG10.0.0.11902011.03.14-BitDefender7.22011.03.15-CAT-QuickHeal11.002011.03.15-ClamAV0.96.4.02011.03.14-Commtouch5.2.11.52011.03.15-Comodo79872011.03.15-DrWeb5.0.2.033002011.03.15-Emsisoft5.1.0.22011.03.15-eSafe7.0.17.02011.03.14-eTrust-Vet36.1.82162011.03.15-F-Prot4.6.2.1172011.03.15-F-Secure9.0.16440.02011.03.14-Fortinet4.2.254.02011.03.15-GData212011.03.15-IkarusT3.1.1.97.02011.03.15-Jiangmin13.0.9002011.03.15-K7AntiVirus9.93.41092011.03.15-Kaspersky7.0.0.1252011.03.15-McAfee5.400.0.11582011.03.15-McAfee-GW-Edition2010.1C2011.03.15-Microsoft1.66032011.03.15-NOD3259532011.03.14-Norman6.07.032011.03.14-nProtect2011-02-10.012011.02.15-Panda10.0.3.52011.03.14-PCTools7.0.3.52011.03.11-Prevx3.02011.03.15-Rising23.49.01.032011.03.15-Sophos4.63.02011.03.15-SUPERAntiSpyware4.40.0.10062011.03.15-Symantec20101.3.0.1032011.03.15-TheHacker6.7.0.1.1502011.03.15-TrendMicro9.200.0.10122011.03.15-TrendMicro-HouseCall9.200.0.10122011.03.15-VBA323.12.14.32011.03.14-VIPRE87082011.03.15-ViRobot2011.3.15.43572011.03.15-VirusBuster13.6.249.32011.03.14- Additional information
Show all
MD5 : 53054225fd43e7c25352cdf9d2c2cf8e SHA1 : 44c7f419a5fb00c8c99faa76a2c6d0140dfdd7a9 SHA256: 5f4ec36d8df07eca9743bfed05b0e7e7d2420dd38eb26c77b4db113777b35763 ssdeep: 1536:xkLkexFGd3zVjK51v97sPF/IIVwaTi4Xb9pUfYzgCAFcn1zkecMn+5ju0l7K:SF06ILDpp
UfYz5AF6kW File size : 103018 bytes First seen: 2011-03-15 08:28:50 Last seen : 2011-03-15 08:28:50 TrID:
Unknown! sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned==========
the manufacture of this netobook is MICRO-STAR INTERNATIONAL CO.,LTD
the model of this notebook is u100 plus..
======
once again i ask can i uninstall all the system tweak n reg cleaner with revo uninstalle..i just afraid i mess up with system again..
 

My Computer

OS
Windows 7 Ultimate x32
sorry but that program u mention in last post refer to that..the system tweak n reg cleaner or system control manager..it is okey to me to uninstall all the syetem tweak n reg cleaner with revo uninstaller
Click to expand...
Please hold off on uninstalling those programs, or making any other changes to your computer for the time being.

ComboFix indicated that the system file userinit.exe was infected. I would like you to upload the quarantined file to VirusTotal and see if we can get some info regarding what infected your system.

Upload File for testing

Please go to Virustotal or jotti.org

Copy/paste this file and path into the white box at the top:
C:\Qoobox\Quarantine\C\Windows\System32\userinit.exe.vir
Click to expand...
Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.

===============

Please note:
The use of cracks and keygens, in addition to being illegal, is a likely cause of your computer becoming infected.

===============

Please tell me what the make and model of your computer is in your next reply.
 
Last edited:

My Computer

Computer Manufacturer/Model Number
Dell Studio 15
OS
Windows 7 Ultimate 64 bit
 

My Computer

OS
Windows 7 Ultimate x32
Interesting - userinit.exe.vir scans came back clean.

You're netbook will have a Recovery partition that can be used to restore it to the factory defaults. That will not format the hard drive - to do that you will need installation media from MSI and a USB Optical Drive or another computer with which to create a bootable Flash Drive.

Contact MSI - they should be able to provide instructions for restoring the computer, or provide you with the media (for a small charge).

You'll need to back up your personal files and folders before doing the restore.

How to Back Up Your Data

Before you transfer your files to your clean computer, follow Jacee's instructions and do an online scan with ESET to make certain they are not infected.

To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online
 

My Computer

Computer Manufacturer/Model Number
Dell Studio 15
OS
Windows 7 Ultimate 64 bit
Carolyn said:
Interesting - userinit.exe.vir scans came back clean.

You're netbook will have a Recovery partition that can be used to restore it to the factory defaults. That will not format the hard drive - to do that you will need installation media from MSI and a USB Optical Drive or another computer with which to create a bootable Flash Drive.

Contact MSI - they should be able to provide instructions for restoring the computer, or provide you with the media (for a small charge).

You'll need to back up your personal files and folders before doing the restore.

How to Back Up Your Data

Before you transfer your files to your clean computer, follow Jacee's instructions and do an online scan with ESET to make certain they are not infected.

To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online
Click to expand...

carolyn there no other way?
maybe i can do a rescue disk..
 

My Computer

OS
Windows 7 Ultimate x32
A rescue disk won't help here.
 

My Computer

Computer Manufacturer/Model Number
Dell Studio 15
OS
Windows 7 Ultimate 64 bit
Carolyn said:
A rescue disk won't help here.
Click to expand...

oww..it okey then..thank for all help u give to me carolyn..n all that respond n help me..thank you so much..love u all..(im not a gay!!):D...
 

My Computer

OS
Windows 7 Ultimate x32
You must log in or register to reply here.

Similar threads

Solved Help Please! All System Restore Points Are Gone.
Replies
4
Views
985
BILL 143
B
Solved Stuck on activation (help, please! Details below)
Replies
4
Views
2K
AeroTheBetta
A
Solved Stuck on windows error recovery screen. Please help.
Replies
4
Views
7K
Joeboring
J
Solved AVAST difference in quality Support. HELP PLEASE!
Replies
7
Views
11K
Mike Lynch
Mike Lynch
My system is basically dead - please help me revive it!
Replies
5
Views
3K
sluggerb
sluggerb
Back
Top