Inactive Bamital-AC found in wininit file

[Inactive] Bamital-AC found in wininit file

Hi guys.

hope you can help with this.

I've recently been having problems with the windows taskbar constantly opening/closing and taking up to 70% of the CPU, before crashing altogether and taking the windows icons with it.

Anyway, NOD is reporting Bamital-AC found in file SysWOW64\Wininit.exe, and I have no idea if the 2 problems are related.

Either way, I'd like to remove this infection.

My logs are as follows (all run in safe mode if that makes a difference, due to "normal" windows crashing explorer:
------------------------------------------------------
MBAM:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5324

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

15/12/2010 23:22:54
mbam-log-2010-12-15 (23-22-54).txt

Scan type: Quick scan
Objects scanned: 152220
Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------------------
DDR Log

DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Craig at 23:37:20.35 on 15/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.6143.4811 [GMT 0:00]

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Craig\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
uRun: [OscarEditor] "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum
uRun: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Pando Media Booster] "C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe "
mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe "
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe "
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe "
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe "
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\Skype4COM.dll
TB-X64: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe "
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe "
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.rlfans.com/viewforum.php?f=28
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: IE View Lite: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3} - %profile%\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-12-13 69152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 1389400]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-7-14 22408]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-5-27 34032]
S1 RapportKE64;RapportKE64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-3 63472]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-3 56816]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-26 203776]
S2 ASKService;ASKService;C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe [2009-10-26 464264]
S2 ASKUpgrade;ASKUpgrade;C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-10-26 234888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-5-14 731840]
S2 EmmaDevMgmtSvc;Emma Device Management;C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe [2010-6-3 403064]
S2 EmmaUpdMgmtSvc;Emma Update Management;C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe [2010-6-3 193656]
S2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2009-5-14 121152]
S2 FlexService;Remote Connections Service;C:\Program Files (x86)\RapidBIT\cisvc.exe [2009-5-17 41984]
S2 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2010-5-27 90112]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
S2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-11-26 289792]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2010-5-27 13352]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17440]
S3 RapportLaunService;Rapport Launching Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-3 526320]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-7 1255736]

=============== Created Last 30 ================

2010-12-16 05:19:40 -------- d-----w- C:\Boot
2010-12-15 22:14:37 -------- d-----w- C:\Windows\LastGood.Tmp
2010-12-15 21:21:02 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-15 19:26:46 -------- d-----w- C:\$UPGRADE.~OS
2010-12-14 20:39:19 -------- d-----w- C:\Users\Craig\AppData\Roaming\Malwarebytes
2010-12-14 20:39:14 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-14 20:39:14 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-14 20:39:11 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-14 20:39:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-13 22:11:45 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2010-12-13 22:11:42 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-12-13 22:10:40 -------- d-----w- C:\Users\Craig\AppData\Local\Sunbelt Software
2010-12-13 21:13:29 -------- dc-h--w- C:\PROGRA~3\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-12 12:21:24 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2010-12-10 10:23:30 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C8FF2229-2228-4B50-9DDD-720049530FD2}\mpengine.dll
2010-12-09 18:41:09 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2010-12-09 18:41:07 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2010-11-30 15:28:23 -------- d-----w- C:\Program Files (x86)\Iceberg Interactive
2010-11-30 15:19:17 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-11-30 15:19:17 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2010-11-30 15:19:17 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-11-30 15:19:16 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-11-30 15:19:16 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-11-30 15:19:03 8192 ----a-w- C:\Windows\System32\drivers\ASACPI.sys
2010-11-30 09:31:14 -------- d-----w- C:\PROGRA~3\PokerAcademyPro2
2010-11-30 09:30:29 -------- d-----w- C:\Users\Craig\AppData\Roaming\PokerAcademyPro2
2010-11-30 09:27:16 -------- d-----w- C:\Program Files (x86)\PokerAcademyPro2
2010-11-28 16:24:55 -------- d-----w- C:\My Web Sites
2010-11-26 04:20:20 8120320 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-11-26 03:19:32 21610496 ----a-w- C:\Windows\System32\atio6axx.dll
2010-11-26 03:02:08 16702976 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-11-26 02:58:22 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-11-26 02:58:12 550400 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-11-26 02:54:58 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-11-26 02:54:48 478720 ----a-w- C:\Windows\System32\atieclxx.exe
2010-11-26 02:54:12 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-11-26 02:53:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-11-26 02:52:42 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-11-26 02:52:36 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-11-26 02:52:26 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-11-26 02:52:20 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-11-26 02:52:16 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-11-26 02:52:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-11-26 02:49:04 4066816 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-11-26 02:30:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-11-26 02:30:20 4122624 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-11-26 02:30:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-11-26 02:30:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-11-26 02:30:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-11-26 02:29:58 6815232 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-11-26 02:29:52 3217408 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-11-26 02:28:44 5441024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-11-26 02:24:06 5258240 ----a-w- C:\Windows\System32\atiumd64.dll
2010-11-26 02:22:26 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-11-26 02:17:28 351232 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-11-26 02:17:20 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-11-26 02:17:08 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-11-26 02:17:04 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-11-26 02:17:04 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-11-26 02:17:00 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-11-26 02:16:54 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-11-26 02:16:46 289792 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-11-26 02:15:58 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-11-26 02:15:52 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-11-26 02:15:42 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-11-26 02:15:00 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-11-17 12:04:32 115216 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

==================== Find3M ====================

2010-11-26 02:57:08 648704 ----a-w- C:\Windows\System32\aticfx64.dll
2010-11-26 02:40:14 4794368 ----a-w- C:\Windows\System32\atidxx64.dll
2010-11-26 02:24:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-11-26 02:16:04 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-10-21 18:45:13 9325056 ----a-w- C:\Users\Craig\FahCore_a3.exe
2010-10-19 10:41:44 270720 ----a-w- C:\Windows\System32\MpSigStub.exe

============= FINISH: 23:37:45.53 ===============
------------------------------------------------------
DDR Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 23/10/2009 00:18:09
System Uptime: 15/12/2010 23:00:54 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | M4A79T Deluxe
Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3210/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 1397 GiB total, 381.889 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 234 GiB total, 66.481 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: ATK0110 ACPI UTILITY
Device ID: ACPI\ATK0110\1010110
Manufacturer: ATK
Name: ATK0110 ACPI UTILITY
PNP Device ID: ACPI\ATK0110\1010110
Service: MTsensor

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ehdrv
Device ID: ROOT\LEGACY_EHDRV\0000
Manufacturer:
Name: ehdrv
PNP Device ID: ROOT\LEGACY_EHDRV\0000
Service: ehdrv

==== System Restore Points ===================

RP186: 30/11/2010 13:13:30 - Windows Update
RP187: 30/11/2010 15:19:25 - Device Driver Package Install: ATK System devices
RP188: 03/12/2010 22:55:06 - Windows Update
RP189: 07/12/2010 20:59:15 - Windows Update
RP190: 09/12/2010 18:40:05 - Installed DirectX
RP191: 09/12/2010 18:40:51 - Installed DirectX
RP192: 09/12/2010 20:06:22 - Installed DirectX
RP193: 10/12/2010 10:23:10 - Windows Update
RP194: 12/12/2010 12:19:38 - Windows Update

==== Installed Programs ======================

"Nero SoundTrax Help
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Advertising Center
ATI Catalyst Registration
BBC iPlayer Desktop
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
CloneCD
CloneDVD2
DolbyFiles
EasyBCD 1.7.2
Emma Core
Farm Frenzy 3
Folding@home-gpu
GSkype 1.5
Guild Wars
HydraVision
ImagXpress
ImgBurn
Java(TM) 6 Update 16
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MOUSE Editor
Movie Templates - Starter Kit
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
Notepad++
Orb
Orb Runtime libraries
Pando Media Booster
Poker Academy Pro 2
Poker Simulator 1.3
RapidBIT Suite
Rapport
RealPlayer
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
SEMC OMSI Module
Skype Toolbars
Skypeâ„¢ 4.2
Sony Ericsson PC Companion 1.60.13
Sony Ericsson PC Suite 6.011.00
SopCast 3.2.4
SoundTrax
SSC Service Utility v4.30
System Requirements Lab
The Lord of the Rings FREE Trial
The Lord of the Rings Onlineâ„¢: Mines of Moriaâ„¢ v02.02.03.8041
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb976884)
Update Service
Veetle TV 0.9.18
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.4
VMware Workstation
Vuze
Vuze Toolbar
Winamp
Winamp Detector Plug-in
Winamp Toolbar

==== End Of File ===========================

------------------------------------------------------

 

GMER Log:
------------------------------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-16 20:39:38
Windows 6.1.7600
Running: e3x5wcxc.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0008f4003f4a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0008f4003f4a (not active ControlSet)

---- EOF - GMER 1.0.15 ----
------------------------------------------------------
MBR Check
------------------------------------------------------
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 129):
0x02249000 \SystemRoot\system32\ntoskrnl.exe
0x02200000 \SystemRoot\system32\hal.dll
0x00BC7000 \SystemRoot\system32\kdcom.dll
0x00CB0000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CBD000 \SystemRoot\system32\PSHED.dll
0x00CD1000 \SystemRoot\system32\CLFS.SYS
0x00D2F000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DEF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EBE000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F15000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F1E000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F28000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F5B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F68000 \SystemRoot\System32\drivers\partmgr.sys
0x00F7D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F92000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FEE000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E10000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E2A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E33000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E5D000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00E68000 \SystemRoot\system32\drivers\fltmgr.sys
0x01050000 \SystemRoot\system32\drivers\fileinfo.sys
0x01064000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01200000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01079000 \SystemRoot\System32\Drivers\msrpc.sys
0x013A3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010D7000 \SystemRoot\System32\Drivers\cng.sys
0x013BD000 \SystemRoot\System32\drivers\pcw.sys
0x013CE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014FD000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x014D5000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x0114A000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01196000 \SystemRoot\System32\drivers\rdyboost.sys
0x013D8000 \SystemRoot\System32\Drivers\mup.sys
0x014ED000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01000000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x013EA000 \SystemRoot\system32\DRIVERS\disk.sys
0x011D0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x015EF000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x02A1F000 \SystemRoot\System32\Drivers\Null.SYS
0x02A28000 \SystemRoot\System32\Drivers\Beep.SYS
0x02A52000 \SystemRoot\System32\drivers\vga.sys
0x02A60000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02A85000 \SystemRoot\System32\drivers\watchdog.sys
0x02A95000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02A9E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02AA9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02ABA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02AD8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02AE5000 \SystemRoot\system32\drivers\afd.sys
0x02B6F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02BB4000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02BBF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02BC8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02BEE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02CFC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02D4D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02D59000 \SystemRoot\system32\drivers\csc.sys
0x02DDC000 \SystemRoot\System32\Drivers\dfsc.sys
0x02C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02C26000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02C4A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x02CA0000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x02CDE000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x07043000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x07099000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x070AA000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x070B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x070E2000 \SystemRoot\system32\DRIVERS\fdc.sys
0x070EF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x070F8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x07109000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x07119000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x07124000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0713A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0715E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0716A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x07199000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x071B4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x071D5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x071EF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x07000000 \SystemRoot\system32\DRIVERS\termdd.sys
0x07014000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x07023000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x07032000 \SystemRoot\system32\DRIVERS\VClone.sys
0x074A3000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x074D2000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x074DE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x074E0000 \SystemRoot\system32\DRIVERS\ks.sys
0x07523000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x07527000 \SystemRoot\system32\DRIVERS\umbus.sys
0x07539000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x07593000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x075A8000 \SystemRoot\system32\DRIVERS\udfs.sys
0x07400000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0741D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0741F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0743A000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x07446000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07454000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0746D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07476000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07483000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x07491000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x02CE9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02A00000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x02A0C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x02A2F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x02A42000 \SystemRoot\System32\drivers\Dxapi.sys
0x00500000 \SystemRoot\System32\drivers\dxg.sys
0x006E0000 \SystemRoot\System32\TSDDD.dll
0x009E0000 \SystemRoot\System32\framebuf.dll
0x0849D000 \SystemRoot\system32\drivers\WudfPf.sys
0x084BE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x084DC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x084F4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08521000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0856F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x774B0000 \Windows\System32\ntdll.dll
0x47FE0000 \Windows\System32\smss.exe
0xFF7D0000 \Windows\System32\apisetschema.dll

Processes (total 30):
0 System Idle Process
4 System
------------------------------------------------------
VirusTotal report on SysWOW64\Wininit.exe
------------------------------------------------------
Antivirus Version Last Update Result
AhnLab-V3 2010.12.16.00 2010.12.15 -
AntiVir 7.11.0.45 2010.12.15 TR/Spy.96256.33
Antiy-AVL 2.0.3.7 2010.12.16 Trojan/Win32.Patched.gen
Avast 4.8.1351.0 2010.12.15 Win32:Bamital-AE
Avast5 5.0.677.0 2010.12.15 Win32:Bamital-AE
AVG 9.0.0.851 2010.12.16 Win32/Patched
BitDefender 7.2 2010.12.16 Trojan.Patched.GM
CAT-QuickHeal 11.00 2010.12.16 Trojan.Patched.JW
ClamAV 0.96.4.0 2010.12.16 Trojan.Patched-155
Command 5.2.11.5 2010.12.16 W32/Bamital.C
Comodo 7079 2010.12.16 TrojWare.Win32.Patched.kl
DrWeb 5.0.2.03300 2010.12.16 Win32.Dat.12
Emsisoft 5.1.0.1 2010.12.16 Trojan.Win32.Patched!IK
eSafe 7.0.17.0 2010.12.15 -
eTrust-Vet 36.1.8043 2010.12.15 Win32/Bamital.AP
F-Prot 4.6.2.117 2010.12.16 W32/Bamital.C
F-Secure 9.0.16160.0 2010.12.16 Trojan.Patched.GM
Fortinet 4.2.254.0 2010.12.15 W32/Pached.KL!tr
GData 21 2010.12.16 Trojan.Patched.GM
Ikarus T3.1.1.90.0 2010.12.16 Trojan.Win32.Patched
Jiangmin 13.0.900 2010.12.16 -
K7AntiVirus 9.73.3258 2010.12.15 Virus
Kaspersky 7.0.0.125 2010.12.16 Trojan.Win32.Patched.kl
McAfee 5.400.0.1158 2010.12.16 W32/Bamital.a
McAfee-GW-Edition 2010.1C 2010.12.15 Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft 1.6402 2010.12.16 Virus:Win32/Bamital.F
NOD32 5706 2010.12.15 Win32/Bamital.EL
Norman 6.06.12 2010.12.15 W32/Patched.AJ
nProtect 2010-12-16.01 2010.12.16 Trojan.Patched.GM
Panda 10.0.2.7 2010.12.15 W32/Patched.AC
PCTools 7.0.3.5 2010.12.16 Virus.Bamital
Prevx 3.0 2010.12.16 -
Rising 22.78.03.02 2010.12.16 Trojan.Win32.Generic.5240EE9F
Sophos 4.60.0 2010.12.16 Troj/Patched-O
SUPERAntiSpyware 4.40.0.1006 2010.12.16 -
Symantec 20101.3.0.103 2010.12.16 Trojan.Bamital!inf
TheHacker 6.7.0.1.101 2010.12.15 -
TrendMicro 9.120.0.1004 2010.12.15 PE_PATCHED.SMC
TrendMicro-HouseCall 9.120.0.1004 2010.12.16 PE_PATCHED.SMC
VBA32 3.12.14.2 2010.12.14 -
VIPRE 7674 2010.12.16 Virus.Win32.Bamital.c (v)
ViRobot 2010.12.16.4203 2010.12.16 Win32.Patched.AF
VirusBuster 13.6.96.0 2010.12.15 Trojan.Bamital.Gen.3


Additional information
Show all
MD5 : e9dbd2c7bf2226ab08bf1af93c6acad2
SHA1 : 53a11ab30524f63b8951c9bfaffb99031be8a112
SHA256: 07c82f574c75ead466adbede4c67ba669473f8bb03be2ff005970b9eb47641a2
ssdeep: 1536:AGDwCs1vXHQ19f7gimiMoQqmokUuXYz2C/6gBoBZyoZLB//cVU2n:AG8Cs1vk576o+XzMo
BZyoZLdcPn
File size : 96256 bytes
First seen: 2010-12-16 07:20:18
Last seen : 2010-12-16 07:20:18
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Start-Up Application
original name: WinInit.exe
internal name: WinInit
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x4DC8
timedatestamp....: 0x4A5BC50F (Mon Jul 13 23:36:47 2009)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x13B7B, 0x13C00, 6.33, 30347c847fc1312a5ad6497c4d4031a6
.data, 0x15000, 0x8D4, 0x800, 1.62, f7a5b83b22b50ef2bb97fee4c7db73d4
.rsrc, 0x16000, 0x18F8, 0x1A00, 3.89, f83307e1a9d24d061a924f2b8eaceeb1
.reloc, 0x18000, 0x14C4, 0x1600, 6.65, f39439410d625e3fc948d59ac7234abc

[[ 8 import(s) ]]
USER32.dll: SetWindowStationUser, SwitchDesktopWithFade, LoadLocalFonts, SetWindowsHookExW, RegisterLogonProcess, SetProcessWindowStation, CreateDesktopW, CloseDesktop, CloseWindowStation, SetUserObjectSecurity, SwitchDesktop, UpdatePerUserSystemParameters, RecordShutdownReason, GetAsyncKeyState, ExitWindowsEx, UnhookWindowsHookEx, SetThreadDesktop, CreateWindowStationW
msvcrt.dll: _vsnwprintf, _wcsicmp, memcpy, memmove, wcschr, __getmainargs, _cexit, _exit, _XcptFilter, _ismbblead, exit, _acmdln, _initterm, _amsg_exit, __setusermatherr, __p__commode, __p__fmode, __set_app_type, _except_handler4_common, _terminate@@YAXXZ, _controlfp, memset, wcsstr
ntdll.dll: RtlNtStatusToDosError, RtlInitUnicodeString, NtShutdownSystem, RtlDeregisterWaitEx, RtlFreeHeap, RtlAllocateHeap, EtwEventEnabled, EtwEventWrite, EtwEventUnregister, EtwEventRegister, NtOpenProcessToken, RtlRemovePrivileges, NtClose, EtwUnregisterTraceGuids, EtwRegisterTraceGuidsW, EtwGetTraceLoggerHandle, EtwGetTraceEnableLevel, EtwGetTraceEnableFlags, EtwTraceMessage, RtlRegisterWait, RtlDestroyEnvironment, NtSetValueKey, NtReplyPort, NtCreateKey, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, NtAllocateLocallyUniqueId, TpSimpleTryPost, RtlFreeSid, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlUnhandledExceptionFilter, NtQueryInformationProcess, NtQuerySystemInformation, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlCompareUnicodeString, NtPrivilegeObjectAuditAlarm, EtwEventWriteEndScenario, EtwEventWriteStartScenario, EtwEventActivityIdControl, NtPrivilegeCheck, NtOpenThreadToken, RtlAllocateAndInitializeSid, RtlInitializeCriticalSection, NtQueryInformationToken, RtlSetEnvironmentVariable, RtlQueryEnvironmentVariable_U, RtlInitUnicodeStringEx, RtlCreateEnvironment, NtCreateEvent, RtlAdjustPrivilege, NtSystemDebugControl, NtCompleteConnectPort
API_MS_Win_Core_LocalRegistry_L1_1_0.dll: RegDeleteValueW, RegQueryValueExA, RegQueryInfoKeyA, RegQueryInfoKeyW, RegEnumValueW, RegGetValueW, RegQueryValueExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey
RPCRT4.dll: RpcBindingFree, RpcStringBindingParseW, RpcBindingToStringBindingW, RpcBindingServerFromClient, RpcRevertToSelf, RpcImpersonateClient, RpcServerInqCallAttributesW, RpcServerListen, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcExceptionFilter, RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, RpcStringFreeW, RpcServerInqBindings, UuidFromStringW, RpcEpRegisterW, RpcServerUnregisterIf, RpcEpUnregister, RpcBindingVectorFree, NdrAsyncServerCall, RpcServerTestCancel, RpcAsyncAbortCall, I_RpcBindingIsClientLocal, NdrAsyncClientCall, RpcBindingCopy, RpcBindingCreateW, RpcBindingBind, RpcServerUseProtseqW, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcAsyncCompleteCall, RpcBindingUnbind, NdrClientCall2, NdrServerCall2, I_RpcExceptionFilter, RpcBindingSetAuthInfoExW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcMgmtIsServerListening
KERNEL32.dll: SetEvent, CreateTimerQueueTimer, SetErrorMode, GetTickCount, GetWindowsDirectoryW, FindFirstFileW, FindClose, HeapSetInformation, CreateProcessW, InterlockedExchange, CreateThread, SleepEx, GetCurrentProcessId, SetThreadExecutionState, Sleep, ResetEvent, WaitForSingleObject, QueueUserWorkItem, WaitForSingleObjectEx, HeapFree, HeapAlloc, HeapDestroy, HeapCreate, LoadLibraryW, GetProcAddress, GetFileAttributesW, SetTimerQueueTimer, OpenProcess, GetModuleHandleW, CreateRemoteThread, ResumeThread, DeleteTimerQueueTimer, RegDeleteTreeW, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, LoadLibraryExA, InterlockedCompareExchange, DelayLoadFailureHook, MoveFileExW, LocalSize, LocalReAlloc, FindFirstVolumeW, GetDriveTypeW, DeleteFileW, FindNextVolumeW, FindVolumeClose, lstrcmpiW, GetShortPathNameW, CreateFileW, LocalAlloc, ReadFile, CreateDirectoryW, LocalFree, SetLastError, lstrlenW, GetVersionExW, CreateEventW, GetDateFormatW, GetTimeFormatW, FileTimeToSystemTime, SystemTimeToFileTime, GetLocalTime, LockResource, LoadResource, FindResourceExW, GetProcessHeap, FreeLibrary, GetComputerNameW, SetEnvironmentVariableW, GetLastError, GetCurrentProcess, SetPriorityClass, GetCurrentThread, SetThreadPriority, GetExitCodeProcess, CloseHandle, WaitForMultipleObjectsEx, ExpandEnvironmentStringsW
API_MS_Win_Security_LSALookup_L1_1_0.dll: LookupAccountSidLocalW
profapi.dll: -
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 80896
CompanyName: Microsoft Corporation
EntryPoint: 0x4dc8
FileDescription: Windows Start-Up Application
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 94 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileVersionNumber: 6.1.7600.16385
ImageVersion: 6.1
InitializedDataSize: 14848
InternalName: WinInit
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 187.7
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.1
ObjectFileType: Executable application
OriginalFilename: WinInit.exe
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 6.1.7600.16385
ProductVersionNumber: 6.1.7600.16385
Subsystem: Windows GUI
SubsystemVersion: 6.1
TimeStamp: 2009:07:14 01:36:47+02:00
UninitializedDataSize: 0

 

ComboFix ran OK, but complained of NOD and Ad-Aware running, even though I had killed both from Task Manager.

It does seem to have corrected both Wininit and explorer.exe, which will (hopefully) get rid of the problems.

Obviously, I'll leave that to your better judgement, based on the output log:
------------------------------------------------------------------------
ComboFix 10-12-16.02 - Craig 17/12/2010 7:16.1.4 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.6143.3288 [GMT 0:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe68AA.dll
c:\users\Craig\fah6.exe
c:\users\Craig\FahCore_a3.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-17 07:19 . 2010-12-17 07:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-16 05:19 . 2010-12-16 05:19 -------- d-----w- C:\Boot
2010-12-15 22:15 . 2010-12-15 22:15 -------- d-----w- c:\programdata\ATI
2010-12-15 19:26 . 2010-12-15 20:24 -------- d-----w- C:\$UPGRADE.~OS
2010-12-14 20:39 . 2010-12-14 20:39 -------- d-----w- c:\users\Craig\AppData\Roaming\Malwarebytes
2010-12-14 20:39 . 2010-12-14 20:39 -------- d-----w- c:\programdata\Malwarebytes
2010-12-14 20:39 . 2010-11-29 17:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-14 20:39 . 2010-12-16 05:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-14 20:39 . 2010-11-29 17:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-13 22:11 . 2010-12-03 09:05 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-13 22:11 . 2010-12-13 22:11 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-13 22:10 . 2010-12-13 22:10 -------- d-----w- c:\users\Craig\AppData\Local\Sunbelt Software
2010-12-13 21:13 . 2010-12-16 05:16 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-12 12:21 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-12-10 10:23 . 2010-11-10 05:35 8199504 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8FF2229-2228-4B50-9DDD-720049530FD2}\mpengine.dll
2010-12-09 18:41 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2010-12-09 18:41 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2010-11-30 15:28 . 2010-11-30 15:28 -------- d-----w- c:\program files (x86)\Iceberg Interactive
2010-11-30 15:19 . 2001-09-05 04:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2010-11-30 15:19 . 2001-09-05 04:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-11-30 15:19 . 2001-09-05 04:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-11-30 15:19 . 2002-07-25 10:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-11-30 15:19 . 2001-09-05 04:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-11-30 15:19 . 2009-03-09 15:08 8192 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2010-11-30 09:31 . 2010-12-16 05:16 -------- d-----w- c:\programdata\PokerAcademyPro2
2010-11-30 09:30 . 2010-12-16 05:17 -------- d-----w- c:\users\Craig\AppData\Roaming\PokerAcademyPro2
2010-11-30 09:27 . 2010-12-16 05:16 -------- d-----w- c:\program files (x86)\PokerAcademyPro2
2010-11-28 16:24 . 2010-11-28 16:26 -------- d-----w- C:\My Web Sites
2010-11-26 04:20 . 2010-11-26 04:20 8120320 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-11-26 03:19 . 2010-11-26 03:19 21610496 ----a-w- c:\windows\system32\atio6axx.dll
2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-11-26 02:54 . 2010-11-26 02:54 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2010-11-26 02:54 478720 ----a-w- c:\windows\system32\atieclxx.exe
2010-11-26 02:54 . 2010-11-26 02:54 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2010-11-26 02:53 . 2010-11-26 02:53 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-11-26 02:52 . 2010-11-26 02:52 423424 ----a-w- c:\windows\system32\atipdl64.dll
2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52 16384 ----a-w- c:\windows\system32\atimuixx.dll
2010-11-26 02:52 . 2010-11-26 02:52 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-11-26 02:49 . 2010-11-26 02:49 4066816 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-11-26 02:30 . 2010-11-26 02:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-11-26 02:29 . 2010-11-26 02:29 6815232 ----a-w- c:\windows\system32\aticaldd64.dll
2010-11-26 02:29 . 2010-11-26 02:29 3217408 ----a-w- c:\windows\system32\atiumd6a.dll
2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-11-26 02:24 . 2010-11-26 02:24 5258240 ----a-w- c:\windows\system32\atiumd64.dll
2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17 351232 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-11-26 02:17 . 2010-11-26 02:17 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 31744 ----a-w- c:\windows\system32\atig6txx.dll
2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 289792 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-11-26 02:15 . 2010-11-26 02:15 37888 ----a-w- c:\windows\system32\atiu9p64.dll
2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-11-26 02:15 . 2010-11-26 02:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\atimpc64.dll
2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2010-11-17 12:04 . 2010-11-17 12:04 115216 ----a-w- c:\windows\system32\drivers\AtihdW76.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-26 02:57 . 2010-08-26 02:00 648704 ----a-w- c:\windows\system32\aticfx64.dll
2010-11-26 02:40 . 2009-07-13 21:59 4794368 ----a-w- c:\windows\system32\atidxx64.dll
2010-11-26 02:24 . 2010-08-26 01:27 58880 ----a-w- c:\windows\system32\coinst.dll
2010-11-26 02:16 . 2010-08-26 01:20 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2010-10-19 10:41 . 2009-10-22 23:35 270720 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 18:40 333192 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor "= "c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2009-06-16 3317248]
"Sony Ericsson PC Suite "= "c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Pando Media Booster "= "c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-10-15 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray "= "c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"SunJavaUpdateSched "= "c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-11-20 149280]
"VirtualCloneDrive "= "c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe "= "c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-02-18 198160]
"vmware-tray "= "c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]
"WinampAgent "= "c:\program files (x86)\Winamp\winampa.exe" [2010-01-12 37888]
"ATICustomerCare "= "c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"StartCCC "= "c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FlexService;Remote Connections Service;c:\program files (x86)\RapidBIT\cisvc.exe [2009-05-17 41984]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-05-27 13352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1255736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 69152]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 134024]
S1 RapportKE64;RapportKE64;c:\program files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-03 63472]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-03 56816]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 ASKService;ASKService;c:\program files (x86)\AskBarDis\bar\bin\AskService.exe [2008-12-09 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-05-14 731840]
S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe [2010-06-03 403064]
S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe [2010-06-03 193656]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 121152]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 80944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2010-12-03 17440]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 22408]
S3 RapportLaunService;Rapport Launching Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-03 526320]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-05-27 34032]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2692520]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"Skytel "= "c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-23 1833504]
"Launch LgDeviceAgent "= "c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LCDMon "= "c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"Launch LGDCore "= "c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs "=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.rlfans.com/viewforum.php?f=28
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: IE View Lite: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3} - %profile%\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker3 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir "= "c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\ "
"DataDir "= "ESET\\ESET NOD32 Antivirus\\ "
"EditionName "=" "
"InstallDir "= "c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ "
"LanguageId "=dword:00000409
"PackageTag "=dword:6090e758
"ProductBase "=dword:00000000
"ProductCode "= "{66F644DA-4ED8-4D03-83D2-A7156AA562BC} "
"ProductName "= "ESET NOD32 Antivirus "
"ProductType "= "eav "
"ProductVersion "= "4.0.437.0 "
"UniqueId "= "008F935B4AE21A1E "
"ScannerBuild "=dword:0000133a
"ScannerVersionId "=dword:00000ff3
"ScannerVersion "= "Open window for status. "
"FixId "=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\GSkype\GSkype.exe
c:\program files (x86)\Skype\Phone\Skype.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-12-17 07:33:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-17 07:33

Pre-Run: 408,987,045,888 bytes free
Post-Run: 420,914,491,392 bytes free

- - End Of File - - EEEBE854EB6DE444D98D561B72D62DEB
------------------------------------------------------------------

 

Thanks a lot Broni.

NOD has indeed stopped complaining, and even better, Windows has been running for about 8 hours without the taskbar crashing.

Here's the log:

ComboFix 10-12-16.05 - Craig 17/12/2010 17:55:51.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.6143.3844 [GMT 0:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
Command switches used :: c:\users\Craig\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\AskBarDis
c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
c:\program files (x86)\AskBarDis\bar\bin\askPopStp.dll
c:\program files (x86)\AskBarDis\bar\bin\AskService.exe
c:\program files (x86)\AskBarDis\bar\bin\AskSplash.exe
c:\program files (x86)\AskBarDis\bar\bin\AskTBApp.exe
c:\program files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files (x86)\AskBarDis\bar\bin\psvince.dll
c:\program files (x86)\AskBarDis\bar\Settings\AskLogo.ico
c:\program files (x86)\AskBarDis\bar\Settings\config.dat
c:\program files (x86)\AskBarDis\bar\Settings\config.dat.bak
c:\program files (x86)\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files (x86)\AskBarDis\unins000.dat
c:\program files (x86)\AskBarDis\unins000.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ASKService
-------\Service_ASKUpgrade


((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-17 18:09 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{902B10A6-133E-4342-8ADB-8AE380A9A4A0}\mpengine.dll
2010-12-17 18:01 . 2010-12-17 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-16 05:19 . 2010-12-16 05:19 -------- d-----w- C:\Boot
2010-12-15 22:15 . 2010-12-15 22:15 -------- d-----w- c:\programdata\ATI
2010-12-15 19:26 . 2010-12-15 20:24 -------- d-----w- C:\$UPGRADE.~OS
2010-12-14 20:39 . 2010-12-14 20:39 -------- d-----w- c:\users\Craig\AppData\Roaming\Malwarebytes
2010-12-14 20:39 . 2010-12-14 20:39 -------- d-----w- c:\programdata\Malwarebytes
2010-12-14 20:39 . 2010-11-29 17:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-14 20:39 . 2010-12-16 05:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-14 20:39 . 2010-11-29 17:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-13 22:11 . 2010-12-03 09:05 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-13 22:11 . 2010-12-13 22:11 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-13 22:10 . 2010-12-13 22:10 -------- d-----w- c:\users\Craig\AppData\Local\Sunbelt Software
2010-12-13 21:13 . 2010-12-16 05:16 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-12 12:21 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-12-09 18:41 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2010-12-09 18:41 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2010-11-30 15:28 . 2010-11-30 15:28 -------- d-----w- c:\program files (x86)\Iceberg Interactive
2010-11-30 15:19 . 2001-09-05 04:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2010-11-30 15:19 . 2001-09-05 04:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-11-30 15:19 . 2001-09-05 04:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-11-30 15:19 . 2002-07-25 10:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-11-30 15:19 . 2001-09-05 04:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-11-30 15:19 . 2009-03-09 15:08 8192 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2010-11-30 09:31 . 2010-12-16 05:16 -------- d-----w- c:\programdata\PokerAcademyPro2
2010-11-30 09:30 . 2010-12-16 05:17 -------- d-----w- c:\users\Craig\AppData\Roaming\PokerAcademyPro2
2010-11-30 09:27 . 2010-12-16 05:16 -------- d-----w- c:\program files (x86)\PokerAcademyPro2
2010-11-28 16:24 . 2010-11-28 16:26 -------- d-----w- C:\My Web Sites
2010-11-26 04:20 . 2010-11-26 04:20 8120320 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-11-26 03:19 . 2010-11-26 03:19 21610496 ----a-w- c:\windows\system32\atio6axx.dll
2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-11-26 02:54 . 2010-11-26 02:54 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2010-11-26 02:54 478720 ----a-w- c:\windows\system32\atieclxx.exe
2010-11-26 02:54 . 2010-11-26 02:54 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2010-11-26 02:53 . 2010-11-26 02:53 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-11-26 02:52 . 2010-11-26 02:52 423424 ----a-w- c:\windows\system32\atipdl64.dll
2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52 16384 ----a-w- c:\windows\system32\atimuixx.dll
2010-11-26 02:52 . 2010-11-26 02:52 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-11-26 02:49 . 2010-11-26 02:49 4066816 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-11-26 02:30 . 2010-11-26 02:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-11-26 02:29 . 2010-11-26 02:29 6815232 ----a-w- c:\windows\system32\aticaldd64.dll
2010-11-26 02:29 . 2010-11-26 02:29 3217408 ----a-w- c:\windows\system32\atiumd6a.dll
2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-11-26 02:24 . 2010-11-26 02:24 5258240 ----a-w- c:\windows\system32\atiumd64.dll
2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17 351232 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-11-26 02:17 . 2010-11-26 02:17 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 31744 ----a-w- c:\windows\system32\atig6txx.dll
2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 289792 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-11-26 02:15 . 2010-11-26 02:15 37888 ----a-w- c:\windows\system32\atiu9p64.dll
2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-11-26 02:15 . 2010-11-26 02:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\atimpc64.dll
2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-26 02:57 . 2010-08-26 02:00 648704 ----a-w- c:\windows\system32\aticfx64.dll
2010-11-26 02:40 . 2009-07-13 21:59 4794368 ----a-w- c:\windows\system32\atidxx64.dll
2010-11-26 02:24 . 2010-08-26 01:27 58880 ----a-w- c:\windows\system32\coinst.dll
2010-11-26 02:16 . 2010-08-26 01:20 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2010-11-17 12:04 . 2010-11-17 12:04 115216 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2010-10-19 10:41 . 2009-10-22 23:35 270720 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-12-17_07.30.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2010-12-17 07:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2010-12-17 18:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2010-12-17 18:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-17 07:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-17 07:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-17 18:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-22 23:12 . 2010-12-17 18:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-22 23:12 . 2010-12-17 07:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-22 23:12 . 2010-12-17 18:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-22 23:12 . 2010-12-17 07:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-17 18:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-17 07:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-22 23:20 . 2010-12-17 07:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-22 23:20 . 2010-12-17 18:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-22 23:20 . 2010-12-17 07:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-22 23:20 . 2010-12-17 18:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:12 . 2010-12-17 07:49 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2010-12-15 22:02 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor "= "c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2009-06-16 3317248]
"Sony Ericsson PC Suite "= "c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Pando Media Booster "= "c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-10-15 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray "= "c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"SunJavaUpdateSched "= "c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-11-20 149280]
"VirtualCloneDrive "= "c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe "= "c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-02-18 198160]
"vmware-tray "= "c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]
"WinampAgent "= "c:\program files (x86)\Winamp\winampa.exe" [2010-01-12 37888]
"ATICustomerCare "= "c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"StartCCC "= "c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FlexService;Remote Connections Service;c:\program files (x86)\RapidBIT\cisvc.exe [2009-05-17 41984]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-05-27 13352]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2010-12-03 17440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1255736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 69152]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 134024]
S1 RapportKE64;RapportKE64;c:\program files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-03 63472]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-03 56816]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-05-14 731840]
S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe [2010-06-03 403064]
S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe [2010-06-03 193656]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 121152]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 80944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 22408]
S3 RapportLaunService;Rapport Launching Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-03 526320]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-05-27 34032]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix "= "c:\combofix\CF7090.cfxxe" [X]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2692520]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"Skytel "= "c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-23 1833504]
"Launch LgDeviceAgent "= "c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LCDMon "= "c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"Launch LGDCore "= "c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.rlfans.com/viewforum.php?f=28
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: IE View Lite: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3} - %profile%\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files (x86)\AskBarDis\unins000.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker3 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir "= "c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\ "
"DataDir "= "ESET\\ESET NOD32 Antivirus\\ "
"EditionName "=" "
"InstallDir "= "c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ "
"LanguageId "=dword:00000409
"PackageTag "=dword:6090e758
"ProductBase "=dword:00000000
"ProductCode "= "{66F644DA-4ED8-4D03-83D2-A7156AA562BC} "
"ProductName "= "ESET NOD32 Antivirus "
"ProductType "= "eav "
"ProductVersion "= "4.0.437.0 "
"UniqueId "= "008F935B4AE21A1E "
"ScannerBuild "=dword:0000133a
"ScannerVersionId "=dword:00000ff3
"ScannerVersion "= "Open window for status. "
"FixId "=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
.
**************************************************************************
.
Completion time: 2010-12-17 18:14:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-17 18:14
ComboFix2.txt 2010-12-17 07:33

Pre-Run: 420,521,451,520 bytes free
Post-Run: 420,085,620,736 bytes free

- - End Of File - - 456F06D650BE80ABB96AAED7AE5772B1

 

OTL.TXT


OTL logfile created on: 12/17/2010 9:12:27 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Craig\Desktop\Bamital Removal
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 70.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.26 Gb Total Space | 391.16 Gb Free Space | 27.99% Space Free | Partition Type: NTFS
Drive D: | 2.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 233.75 Gb Total Space | 66.48 Gb Free Space | 28.44% Space Free | Partition Type: NTFS

Computer Name: CRAEL-BECK | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/17 19:02:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\Bamital Removal\OTL.exe
PRC - [2010/12/11 12:15:18 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/11 12:15:17 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/15 20:26:34 | 002,969,496 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010/10/03 22:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/02/18 23:04:21 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/12 20:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009/11/20 09:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009/11/20 08:12:39 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/10/22 04:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/10/22 03:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 03:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/10/22 03:59:24 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2009/06/17 11:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/06/16 06:00:14 | 003,317,248 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
PRC - [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007/10/15 12:38:18 | 000,172,032 | ---- | M] (Xsysstar) -- C:\Program Files (x86)\GSkype\GSkype.exe


========== Modules (SafeList) ==========

MOD - [2010/12/17 19:02:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\Bamital Removal\OTL.exe
MOD - [2010/10/03 22:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/16 03:10:58 | 000,193,536 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Win32Share.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP)
SRV:64bit: - [2010/11/26 02:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/05/14 14:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2010/12/03 09:05:32 | 001,389,400 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/03 22:43:48 | 000,526,320 | ---- | M] (Trusteer Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe -- (RapportLaunService)
SRV - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/06/03 17:33:16 | 000,403,064 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe -- (EmmaDevMgmtSvc)
SRV - [2010/06/03 17:33:16 | 000,193,656 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe -- (EmmaUpdMgmtSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/22 04:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 03:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 03:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 02:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 13:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/17 05:16:24 | 000,041,984 | --S- | M] (BitMicro Software Corporation) [Auto | Stopped] -- C:\Program Files (x86)\RapidBIT\cisvc.exe -- (FlexService)
SRV - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/03 09:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/26 04:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/11/26 04:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/26 02:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/17 12:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/27 20:14:15 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010/05/27 20:13:50 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010/05/27 20:13:50 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2009/12/17 22:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/10/22 04:01:10 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009/10/22 04:01:04 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2009/10/22 04:00:58 | 000,068,144 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009/10/22 04:00:56 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009/10/22 02:47:50 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009/10/21 23:13:28 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009/10/21 23:13:28 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/09/30 14:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/09 21:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/14 14:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/14 14:49:56 | 000,121,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/05/14 14:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/05/14 14:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/05/05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/09 15:08:14 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007/02/16 00:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2010/12/03 09:05:35 | 000,017,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010/10/03 22:43:50 | 000,056,816 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys -- (RapportPG64)
DRV - [2010/10/03 22:43:48 | 000,063,472 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys -- (RapportKE64)
DRV - [2009/10/12 13:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007/02/16 00:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 CC DB 16 69 74 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://forums.rlfans.com/viewforum.php?f=28 "
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/16 05:15:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/16 05:15:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/12/16 05:15:21 | 000,000,000 | ---D | M]

[2009/10/23 17:27:13 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions
[2010/12/17 21:03:58 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\extensions
[2010/12/16 05:17:30 | 000,000,000 | ---D | M] (thechatterbox.cc Toolbar) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}
[2010/12/16 05:17:30 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/12/16 05:17:30 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/12/16 05:17:31 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/12/16 05:17:31 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/12/16 05:17:31 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/12/16 05:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/12/16 05:17:31 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2010/12/16 05:17:30 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\extensions\vshare@toolbar
[2010/12/14 00:40:41 | 000,002,205 | ---- | M] () -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\searchplugins\usniff.xml
[2010/09/04 23:36:19 | 000,001,196 | ---- | M] () -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\nuvrlg4b.default\searchplugins\winamp-search.xml
[2010/12/17 07:46:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/16 05:15:44 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/12 20:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/04/15 20:58:23 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/15 20:58:23 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/15 20:58:23 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/15 20:58:23 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/10 16:52:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/07/20 21:58:11 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/17 21:01:15 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\Bamital Removal
[2010/12/17 18:14:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/17 18:10:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/12/17 17:53:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/17 07:15:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/17 07:15:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/17 07:15:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/17 07:15:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/17 07:12:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/16 05:19:40 | 000,000,000 | ---D | C] -- C:\Boot
[2010/12/15 23:47:20 | 000,000,000 | ---D | C] -- C:\Users\Craig\Documents\Windows Taskbar Error
[2010/12/15 22:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/12/15 19:26:46 | 000,000,000 | ---D | C] -- C:\$UPGRADE.~OS
[2010/12/14 20:39:19 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\Malwarebytes
[2010/12/14 20:39:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/14 20:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/14 20:39:11 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/14 20:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/13 22:11:45 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/12/13 22:11:42 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/12/13 22:10:40 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\Sunbelt Software
[2010/12/13 21:13:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/12/10 00:31:59 | 000,000,000 | ---D | C] -- C:\Users\Craig\Documents\Copperman Consulting
[2010/11/30 15:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iceberg Interactive
[2010/11/30 09:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PokerAcademyPro2
[2010/11/30 09:30:29 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\PokerAcademyPro2
[2010/11/30 09:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerAcademyPro2
[2010/11/28 16:24:55 | 000,000,000 | ---D | C] -- C:\My Web Sites
[2010/11/26 02:54:48 | 000,478,720 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/11/26 02:54:12 | 000,203,776 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/11/26 02:53:00 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/11/26 02:52:20 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/17 19:13:48 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/17 19:13:48 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/17 19:10:38 | 000,800,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/17 19:10:38 | 000,678,834 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/17 19:10:38 | 000,131,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/17 19:06:16 | 000,290,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/17 19:06:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/17 19:06:06 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/16 04:15:05 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/12/15 22:15:30 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Onlineâ„¢ - FREE for 10 Days!.lnk
[2010/12/15 19:28:19 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$
[2010/12/15 19:03:54 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/12/15 19:03:54 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/12/14 20:39:14 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/13 22:11:42 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/12/13 21:13:28 | 000,001,166 | ---- | M] () -- C:\Users\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/13 21:13:28 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/08 06:04:01 | 000,007,168 | ---- | M] () -- C:\Users\Craig\queue.dat
[2010/12/08 06:03:50 | 000,000,256 | ---- | M] () -- C:\Users\Craig\client.cfg
[2010/12/03 09:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/11/30 15:29:20 | 000,002,274 | ---- | M] () -- C:\Users\Craig\Desktop\Poker Simulator.lnk
[2010/11/30 09:27:46 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Poker Academy Pro 2.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/26 02:58:26 | 000,121,776 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/11/26 02:54:48 | 000,478,720 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/11/26 02:54:12 | 000,203,776 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/11/26 02:53:00 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/11/26 02:52:20 | 000,016,384 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/11/26 02:27:22 | 000,667,648 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/11/26 02:24:38 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010/11/26 02:22:04 | 000,667,648 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/11/23 02:06:30 | 000,022,305 | ---- | M] () -- C:\Windows\atiogl.xml
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/17 07:15:34 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/17 07:15:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/17 07:15:34 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/17 07:15:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/17 07:15:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/16 04:15:03 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK
[2010/12/15 22:15:30 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Onlineâ„¢ - FREE for 10 Days!.lnk
[2010/12/15 21:20:29 | 536,223,743 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/15 19:28:19 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$
[2010/12/15 19:03:21 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/12/15 19:03:21 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/12/14 20:39:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/13 21:13:28 | 000,001,166 | ---- | C] () -- C:\Users\Craig\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/13 21:13:28 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/04 22:06:10 | 000,000,000 | ---- | C] () -- C:\Users\Craig\FAHlog2.txt
[2010/11/30 15:29:20 | 000,002,274 | ---- | C] () -- C:\Users\Craig\Desktop\Poker Simulator.lnk
[2010/11/30 15:19:03 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\ASACPI.sys
[2010/11/30 09:27:46 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Poker Academy Pro 2.lnk
[2010/11/26 02:58:26 | 000,121,776 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/11/26 02:27:22 | 000,667,648 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/11/26 02:22:04 | 000,667,648 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/11/23 02:06:30 | 000,022,305 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/08/25 14:58:59 | 000,000,017 | ---- | C] () -- C:\Users\Craig\AppData\Local\resmon.resmoncfg
[2010/07/09 17:29:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/02/06 14:54:36 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/11/29 14:42:12 | 000,015,872 | ---- | C] () -- C:\Windows\AsTaskSched.dll
[2009/11/29 14:42:10 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/11/15 01:32:20 | 000,000,190 | ---- | C] () -- C:\Users\Craig\AppData\Roaming\default.rss
[2009/10/25 23:46:05 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/10/23 06:57:57 | 000,000,093 | ---- | C] () -- C:\Users\Craig\AppData\Local\fusioncache.dat
[2009/10/23 06:54:42 | 000,785,642 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/12/16 05:17:24 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Azureus
[2009/12/30 00:18:01 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/09/06 18:55:47 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/16 05:17:27 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Folding@home-gpu
[2010/12/16 05:17:27 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\GetRightToGo
[2010/04/10 15:46:11 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\ImgBurn
[2010/12/16 05:17:31 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Notepad++
[2010/12/16 05:17:31 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\PokerAcademyPro2
[2010/02/06 14:49:12 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\SlySoft
[2010/05/27 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Sony
[2010/12/16 05:17:33 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\SystemRequirementsLab
[2010/05/09 02:09:35 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Trusteer
[2010/12/16 05:17:34 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Turbine
[2010/12/16 05:17:34 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\uTorrent
[2009/07/14 05:08:49 | 000,019,716 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/12/15 19:28:19 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$
[2010/07/10 19:40:04 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/12/17 19:06:05 | 000,013,749 | ---- | M] () -- C:\aaw7boot.log
[2010/07/10 16:52:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/27 19:38:04 | 000,000,212 | ---- | M] () -- C:\BcBtRmv.log
[2010/07/10 16:47:20 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[2010/07/10 16:47:20 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/12/16 04:15:05 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/12/17 18:14:23 | 000,025,157 | ---- | M] () -- C:\ComboFix.txt
[2010/07/10 16:52:43 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/17 19:06:06 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 16:52:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/07/10 16:52:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 12:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/17 19:06:07 | 2146,623,487 | -HS- | M] () -- C:\pagefile.sys
[2009/06/17 15:51:23 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log
[2009/06/17 16:04:45 | 000,000,057 | ---- | M] () -- C:\splash.idx
[2008/11/19 14:13:04 | 000,005,552 | -H-- | M] () -- C:\version

< %systemroot%\Fonts\*.com >
[2009/07/14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/07/14 05:01:14 | 000,000,442 | -HS- | M] () -- C:\ProgramData\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/23 06:27:50 | 000,000,221 | -HS- | M] () -- C:\Users\Craig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 06:31:46 | 000,000,402 | -HS- | M] () -- C:\Users\Craig\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/14 22:34:19 | 000,000,043 | -HS- | M] () -- C:\ProgramData\.zreglib

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/17 21:05:56 | 000,049,152 | -HS- | M] () -- C:\Users\Craig\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

OTL Extras logfile created on: 12/17/2010 9:12:27 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Craig\Desktop\Bamital Removal
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 70.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.26 Gb Total Space | 391.16 Gb Free Space | 27.99% Space Free | Partition Type: NTFS
Drive D: | 2.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 233.75 Gb Total Space | 66.48 Gb Free Space | 28.44% Space Free | Partition Type: NTFS

Computer Name: CRAEL-BECK | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{33CF8D2C-0430-2949-FD8F-695C97C472C5}" = ccc-utility64
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{54A0FF28-05C4-81E3-3CC1-13D0C2519EFF}" = ATI Catalyst Install Manager
"{66F644DA-4ED8-4D03-83D2-A7156AA562BC}" = ESET NOD32 Antivirus
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B3012F41-D8C7-5ABD-05D1-3EF39D9ACC22}" = WMV9/VC-1 Video Playback
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"{2337a56a-9a45-4556-98d2-5e6d21e6a0eb}" = Nero 9
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{34BDF3BF-AA61-42E7-8818-C16A304910FC}" = Emma Core
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6A90C837-054E-44AE-B9BD-1B1F87986BBC}" = Folding@home-gpu
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8F6FE1DC-E868-B38A-07E5-897508745128}" = ccc-core-static
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B3491D28-DCF7-0D3E-1B3F-28E6FCDE659F}" = HydraVision
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BEA6BE31-4A1F-7FA2-B861-CBC0AC535731}" = Catalyst Control Center InstallProxy
"{C5F4A58B-0729-4F9C-9AA5-54008EEE8CFB}" = RapidBIT Suite
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3D867DD-6C81-E695-4FFE-BE921DF44931}" = Catalyst Control Center Graphics Previews Common
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F08A1CA0-55A7-8244-3A05-7431447CE9BA}" = CCC Help English
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = The Lord of the Rings Online™: Mines of Moria™ v02.02.03.8041
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Vuze Toolbar
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EasyBCD" = EasyBCD 1.7.2
"Farm Frenzy 3" = Farm Frenzy 3
"Guild Wars" = Guild Wars
"ImgBurn" = ImgBurn
"InstallShield_{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Notepad++" = Notepad++
"Orb" = Orb
"Poker Simulator 1.3" = Poker Simulator 1.3
"PokerAcademyPro2" = Poker Academy Pro 2
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"SEMC OMSI Module" = SEMC OMSI Module
"SopCast" = SopCast 3.2.4
"SSC Service Utility_is1" = SSC Service Utility v4.30
"ST6UNST #1" = GSkype 1.5
"STANDARD" = Microsoft Office Standard 2007
"SystemRequirementsLab" = System Requirements Lab
"Update Service" = Update Service
"Veetle TV" = Veetle TV 0.9.18
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"VMware_Workstation" = VMware Workstation
"Vuze" = Vuze
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >