1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cannot shift RLVKLNG.exe MSVCR71.exe

Discussion in 'Virus & Other Malware Removal' started by Jason-m, Apr 14, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Jason-m

    Jason-m Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    9
    Had a relevant knowledge problem recently, everytime i bootup i antimalware bytes asks me if i want to quarantine the following files c\programfiles\relevantknowledge\MSVCR71.exe and RLVKLNG.exe, i have used superantispyware ( now removed ) and antimalwarebytes but the problem still keeps happening, the relevant knowledge folder is not in c program files so i am guessing this is a registry entry that i need to delete, can anyone help me with a log and anything i else i need to do to remove it..?

    Thanks

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 14:44:47, on 14/04/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Hijackthis\TrendMicro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing)
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091203144706
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-Us/wlscctrl2.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: lxcj_device - Unknown owner - C:\Windows\system32\lxcjcoms.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10260 bytes
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under the Custom Scan box paste this in


      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /90
      CREATERESTOREPOINT

    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.
     
  3. Jason-m

    Jason-m Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    9
    Hello.
    Thanks for the reply and your help..

    I d/loaded to the desktop clicked run and the followed your instructions, it only saved a OTL.txt file though.
    Here it is..

    OTL logfile created on: 16/04/2010 12:37:52 - Run 2
    OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Jason\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.45 Gb Total Space | 125.85 Gb Free Space | 44.24% Space Free | Partition Type: NTFS
    Drive D: | 13.54 Gb Total Space | 2.36 Gb Free Space | 17.43% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HOMEPC
    Current User Name: Jason
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Minimal
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe File not found
    PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe File not found
    PRC - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
    SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
    SRV:64bit: - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
    SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
    SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
    SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
    SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
    SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
    SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
    SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
    SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
    SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
    SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
    SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
    SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
    SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
    SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
    SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
    SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
    SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
    SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
    SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
    SRV:64bit: - (vvdsvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
    SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
    SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
    SRV:64bit: - (lxcj_device) -- C:\Windows\SysNative\lxcjcoms.exe ( )
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
    SRV - (vvdsvc) -- C:\Windows\SysWOW64\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
    SRV - (VSS) -- C:\Windows\Vss [2009/07/14 04:20:14 | 000,000,000 | ---D | M]
    SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 04:20:14 | 000,000,000 | ---D | M]
    SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
    SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
    SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
    SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (HPSLPSVC) -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
    SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
    SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..extensions.enabledItems: [email protected]:2.0
    FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3

    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/05 18:16:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/11 14:28:07 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/11 18:57:06 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/15 12:39:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

    [2010/01/06 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
    [2009/10/28 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2010/04/16 12:09:18 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions
    [2010/01/06 19:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
    [2010/03/28 20:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions\staged-xpis
    [2010/03/28 20:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions\[email protected]
    [2010/04/11 21:52:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/03/16 12:38:04 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/03/16 12:38:04 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/03/16 12:38:04 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/03/16 12:38:04 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2009/10/27 16:07:21 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.binweevils.com
    O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
    O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091203144706 (PhotoboxPhotowaysUploader5 Control)
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-Us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\Shell\AutoRun\command - "" = L:\WD SmartWare.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/14 04:20:14 | 000,000,000 | ---D | M]
    NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
    NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
    NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
    NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
    NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
    NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
    NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
    OTL cannot create restorepoints on Vista OSs!

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/04/16 12:30:53 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
    [2010/04/14 19:06:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\New folder
    [2010/04/14 14:43:53 | 000,000,000 | ---D | C] -- C:\Hijackthis
    [2010/04/14 14:10:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\ImgBurn
    [2010/04/14 14:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
    [2010/04/13 19:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
    [2010/04/13 19:05:29 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
    [2010/04/13 16:23:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Timesheets
    [2010/04/12 16:04:46 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2010/04/12 16:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2010/04/12 16:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2010/04/11 21:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/04/11 21:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2010/04/11 18:56:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\vlc
    [2010/04/11 16:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/04/11 16:20:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\SUPERAntiSpyware.com
    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 14 Days ==========

    [2010/04/16 12:39:20 | 003,407,872 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT
    [2010/04/16 12:30:54 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
    [2010/04/16 12:19:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1651461192-4009384162-1331592290-1000UA.job
    [2010/04/16 12:03:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/04/16 08:19:00 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1651461192-4009384162-1331592290-1000Core.job
    [2010/04/16 08:13:46 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/04/16 08:13:46 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/04/16 08:10:31 | 003,755,768 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/04/16 08:10:31 | 001,658,618 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/04/16 08:10:31 | 000,004,526 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/04/16 08:05:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/04/16 08:05:35 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
    [2010/04/15 22:01:40 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
    [2010/04/15 22:01:25 | 007,428,378 | -H-- | M] () -- C:\Users\Jason\AppData\Local\IconCache.db
    [2010/04/15 12:43:07 | 000,011,293 | ---- | M] () -- C:\Users\Jason\Desktop\Weekly Shift.docx
    [2010/04/15 12:05:48 | 000,019,016 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
    [2010/04/14 14:43:54 | 000,002,955 | ---- | M] () -- C:\Users\Jason\Desktop\HiJackThis.lnk
    [2010/04/14 14:42:45 | 001,401,344 | ---- | M] () -- C:\HijackThis.msi
    [2010/04/12 16:04:46 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2010/04/12 16:00:30 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
    [2010/04/12 10:18:57 | 000,007,168 | ---- | M] () -- C:\Windows\SysWow64\drivers\utq3ntez.sys
    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/04/14 14:43:54 | 000,002,955 | ---- | C] () -- C:\Users\Jason\Desktop\HiJackThis.lnk
    [2010/04/14 14:42:44 | 001,401,344 | ---- | C] () -- C:\HijackThis.msi
    [2010/04/12 16:00:45 | 000,019,016 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
    [2010/04/12 16:00:30 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
    [2010/04/12 10:18:21 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\utq3ntez.sys
    [2010/02/09 20:53:17 | 000,000,632 | RHS- | C] () -- C:\Users\Jason\ntuser.pol
    [2010/02/08 18:49:04 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
    [2010/01/30 15:43:20 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
    [2010/01/30 12:17:49 | 000,000,000 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ab_bl.sig
    [2009/12/27 10:08:31 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
    [2009/12/26 13:47:56 | 000,003,584 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/12/23 23:08:07 | 000,000,020 | ---- | C] () -- C:\Windows\NNS.INI
    [2009/12/12 22:11:37 | 000,023,034 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/12/01 17:31:04 | 000,000,140 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\wklnhst.dat
    [2009/11/07 10:06:21 | 000,000,083 | ---- | C] () -- C:\Windows\VSWizard.ini
    [2009/10/26 14:14:16 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
    [2009/10/26 14:13:28 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
    [2009/10/26 14:13:18 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
    [2009/10/26 12:35:29 | 003,407,872 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT
    [2009/10/26 12:35:29 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
    [2009/10/26 12:35:29 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
    [2009/10/26 12:35:29 | 000,262,144 | -HS- | C] () -- C:\Users\Jason\ntuser.dat.LOG1
    [2009/10/26 12:35:29 | 000,065,536 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
    [2009/10/26 12:35:29 | 000,000,020 | -HS- | C] () -- C:\Users\Jason\ntuser.ini
    [2009/10/26 12:35:29 | 000,000,000 | -HS- | C] () -- C:\Users\Jason\ntuser.dat.LOG2
    [2009/10/22 20:15:56 | 000,146,098 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
    [2009/10/22 20:01:22 | 004,426,841 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
    [2009/10/17 00:58:06 | 000,176,640 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
    [2009/10/17 00:57:06 | 000,117,760 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
    [2009/10/17 00:04:24 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
    [2009/10/17 00:04:08 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
    [2009/10/17 00:03:48 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
    [2009/10/17 00:03:44 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
    [2009/10/17 00:03:40 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
    [2009/10/16 23:10:10 | 000,256,512 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
    [2009/10/16 21:53:32 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
    [2009/10/16 21:53:20 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2009/10/16 20:40:42 | 000,849,136 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
    [2009/10/16 20:38:20 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2009/10/16 20:35:50 | 000,237,056 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
    [2009/10/16 20:08:54 | 000,557,469 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
    [2009/10/16 20:04:28 | 001,391,379 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
    [2009/07/15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
    [2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
    [2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
    [2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
    [2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
    [2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
    [2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
    [2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
    [2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
    [2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
    [2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
    [2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
    [2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
    [2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
    [2007/07/10 18:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

    ========== LOP Check ==========

    [2010/01/23 13:53:37 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2010/03/21 21:47:51 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\BitDefender
    [2009/10/26 13:42:27 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ESET
    [2010/04/02 09:36:12 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\EurekaLog
    [2010/04/14 14:15:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ImgBurn
    [2009/12/12 22:25:03 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\NewSoft
    [2010/03/20 14:14:31 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Samsung
    [2010/02/02 13:05:53 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Softland
    [2009/10/30 04:57:45 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Sports Interactive
    [2009/12/01 17:31:04 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Template
    [2009/10/26 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Thunderbird
    [2009/10/28 18:44:31 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\TomTom
    [2010/03/02 15:26:20 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Unity
    [2010/04/13 19:16:55 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\uTorrent
    [2009/11/24 18:14:10 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\WinBatch
    [2010/03/31 11:30:25 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
    [2010/02/22 05:25:34 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
    [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
    [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
    [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
    [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
    [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

    < MD5 for: EVENTLOG.DLL >
    [2010/03/21 22:03:39 | 000,001,024 | ---- | M] () MD5=231CD46A29C26A58BDE1C7146B702399 -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
    [2007/05/17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll

    < MD5 for: IASTORV.SYS >
    [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
    [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
    [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
    [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
    [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
    [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
    [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
    [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
    [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
    [2010/04/12 10:18:57 | 000,007,168 | ---- | M] () -- C:\Windows\SysWOW64\drivers\utq3ntez.sys

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:CB0AACC9
    < End of report >

     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    Note: make sure teatimer is disabled, so the fix will take effect.

    Run OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3
      FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O33 - MountPoints2\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\Shell - "" = AutoRun
      O33 - MountPoints2\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\Shell\AutoRun\command - "" = L:\WD SmartWare.exe -- File not found
      [2010/04/12 10:18:57 | 000,007,168 | ---- | M] () -- C:\Windows\SysWow64\drivers\utq3ntez.sys
      
      :Commands
      [resethosts]
      [emptyflash]
      [purity]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then post the OTL log


    NEXT


    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
     
  5. Jason-m

    Jason-m Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    9
    Hi, Thanks for your help again, i have followed your instructions, here are the 2 logs..

    OTL Log

    All processes killed
    ========== OTL ==========
    Prefs.js: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3 removed from extensions.enabledItems
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E19037A-12E3-4295-8915-ED48BC341614}\ not found.
    File C:\Program Files (x86)\RelevantKnowledge not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\ not found.
    File L:\WD SmartWare.exe not found.
    C:\Windows\SysWOW64\drivers\utq3ntez.sys moved successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jason
    ->Flash cache emptied: 162781 bytes

    User: Lewis
    ->Flash cache emptied: 42386 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jason
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 462461557 bytes
    ->Java cache emptied: 47322610 bytes
    ->FireFox cache emptied: 94958603 bytes
    ->Google Chrome cache emptied: 18494118 bytes
    ->Flash cache emptied: 0 bytes

    User: Lewis
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 14308384 bytes
    ->Java cache emptied: 12118620 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 438816 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 271668478 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13126295 bytes
    RecycleBin emptied: 17407161059 bytes

    Total Files Cleaned = 17,492.00 mb


    OTL by OldTimer - Version 3.2.1.1 log created on 04162010_214833

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    MBAM Log

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3998

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    16/04/2010 22:01:43
    mbam-log-2010-04-16 (22-01-43).txt

    Scan type: Quick scan
    Objects scanned: 114793
    Time elapsed: 4 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

    Files Infected:
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please do the following:

    **Vista users - right click on the IE icon and run as administrator

    Go here to run an online scanner from ESET.

    • Note: You will need to use Internet explorer for this scan
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
    • Copy and paste that log as a reply to this topic and also let me know how things are now.


    NEXT



    Please advise how your computer is running and if there are any outstanding issues
     
  7. Jason-m

    Jason-m Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    9
    Hi..

    Here is the log from ESET

    [email protected] as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    esets_scanner_update returned -1 esets_gle=53251
    esets_scanner_update returned -1 esets_gle=53251

    Have rebooted and Antimalware has not asked to quarantine the files
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    That ESET scan doesn't appear as if it scanned properly?

    Did it download the definitions and scan your system properly?

    Were there any infections found?

    Please post a fresh OTL log and advise if there are any outstanding issues.
     
  9. Jason-m

    Jason-m Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    9
    Hi..

    The Eset scan downloaded definitons, scanned and found 4 threats but that was all that was in the log..?
    I have rebooted and it didn't ask to quarantine the files but puzzled by the 4 threats found in ESET scan.
    Here is the OTL log

    OTL logfile created on: 17/04/2010 22:02:53 - Run 3
    OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Jason\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.45 Gb Total Space | 142.88 Gb Free Space | 50.23% Space Free | Partition Type: NTFS
    Drive D: | 13.54 Gb Total Space | 2.36 Gb Free Space | 17.43% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HOMEPC
    Current User Name: Jason
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe File not found
    PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe File not found
    PRC - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
    PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
    PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
    SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
    SRV:64bit: - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
    SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
    SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
    SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
    SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
    SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
    SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
    SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
    SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
    SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
    SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
    SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
    SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
    SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
    SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
    SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
    SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
    SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
    SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
    SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
    SRV:64bit: - (vvdsvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
    SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
    SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
    SRV:64bit: - (lxcj_device) -- C:\Windows\SysNative\lxcjcoms.exe ( )
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
    SRV - (vvdsvc) -- C:\Windows\SysWOW64\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
    SRV - (VSS) -- C:\Windows\Vss [2009/07/14 04:20:14 | 000,000,000 | ---D | M]
    SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 04:20:14 | 000,000,000 | ---D | M]
    SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
    SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
    SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
    SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (HPSLPSVC) -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
    SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
    SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)
    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (BDFM) -- C:\Windows\SysNative\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
    DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys (BitDefender LLC)
    DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
    DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
    DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
    DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
    DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
    DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
    DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
    DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
    DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
    DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
    DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
    DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
    DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
    DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
    DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
    DRV:64bit: - (vwifimp) -- C:\Windows\SysNative\drivers\vwifimp.sys (Microsoft Corporation)
    DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
    DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
    DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
    DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
    DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
    DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
    DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
    DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
    DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
    DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
    DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
    DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
    DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
    DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
    DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
    DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
    DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
    DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
    DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
    DRV:64bit: - (SRS_ViewSonic) -- C:\Windows\SysNative\drivers\SRS_ViewSonic_amd64.sys ()
    DRV:64bit: - (FlyUsb) -- C:\Windows\SysNative\drivers\FlyUsb.sys (LeapFrog)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
    DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
    DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
    DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
    DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
    DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/05 18:16:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/11 14:28:07 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/11 18:57:06 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/15 12:39:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

    [2010/01/06 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
    [2009/10/28 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2010/04/17 09:05:10 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions
    [2010/01/06 19:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
    [2010/03/28 20:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions\staged-xpis
    [2010/03/28 20:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions\[email protected]
    [2010/04/11 21:52:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/03/16 12:38:04 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/03/16 12:38:04 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/03/16 12:38:04 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/03/16 12:38:04 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/04/16 21:48:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
    O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091203144706 (PhotoboxPhotowaysUploader5 Control)
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-Us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/04/17 00:05:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2010/04/16 21:49:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\New folder (2)
    [2010/04/16 21:48:33 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/04/16 12:30:53 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
    [2010/04/14 14:43:53 | 000,000,000 | ---D | C] -- C:\Hijackthis
    [2010/04/14 14:10:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\ImgBurn
    [2010/04/14 14:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
    [2010/04/13 19:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
    [2010/04/13 18:23:09 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2010/04/13 18:23:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
    [2010/04/13 18:22:56 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2010/04/13 18:22:56 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
    [2010/04/13 18:22:43 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2010/04/13 18:22:43 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2010/04/13 18:22:42 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2010/04/13 18:22:34 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
    [2010/04/13 18:22:34 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
    [2010/04/13 16:23:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Timesheets
    [2010/04/12 16:04:46 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2010/04/12 16:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2010/04/12 16:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2010/04/11 21:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/04/11 21:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2010/04/11 21:52:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2010/04/11 21:52:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2010/04/11 21:52:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2010/04/11 18:56:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\vlc
    [2010/04/11 16:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/04/11 16:20:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\SUPERAntiSpyware.com
    [2010/04/02 09:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
    [2010/04/02 09:36:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\EurekaLog
    [2010/04/02 09:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF
    [2010/03/31 07:14:54 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
    [2010/03/31 07:14:53 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
    [2010/03/31 07:14:53 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
    [2010/03/31 07:14:53 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
    [2010/03/31 07:14:53 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
    [2010/03/31 07:14:52 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
    [2010/03/31 07:14:52 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
    [2010/03/31 07:14:52 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
    [2010/03/29 20:08:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\ATI
    [2010/03/29 20:08:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\ATI
    [2010/03/29 20:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2010/03/29 20:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
    [2010/03/29 20:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2010/03/29 20:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2010/03/29 20:03:04 | 000,000,000 | ---D | C] -- C:\ATI
    [2010/03/22 05:37:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes
    [2010/03/22 05:37:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/03/22 05:37:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/03/22 05:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/03/22 05:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/03/21 22:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
    [2010/03/21 21:47:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\BitDefender
    [2010/03/21 21:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
    [2010/03/20 14:42:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\NPS
    [2010/03/20 14:15:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers
    [2010/03/20 14:14:45 | 000,024,064 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
    [2010/03/20 14:14:45 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
    [2010/03/20 14:14:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My NPS Files
    [2010/03/20 14:14:31 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Samsung
    [2010/03/20 14:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
    [2010/03/20 14:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
    [2010/03/20 14:13:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
    [2010/03/20 14:10:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Downloaded Installations

    ========== Files - Modified Within 30 Days ==========

    [2010/04/17 22:04:50 | 003,407,872 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT
    [2010/04/17 21:44:40 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1651461192-4009384162-1331592290-1000UA.job
    [2010/04/17 21:44:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/04/17 08:19:03 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1651461192-4009384162-1331592290-1000Core.job
    [2010/04/16 22:10:26 | 000,011,274 | ---- | M] () -- C:\Users\Jason\Desktop\Weekly Shift.docx
    [2010/04/16 22:10:13 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/04/16 22:10:13 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/04/16 22:07:20 | 003,789,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/04/16 22:07:20 | 001,675,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/04/16 22:07:20 | 000,004,526 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/04/16 22:03:50 | 000,019,016 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
    [2010/04/16 22:02:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/04/16 22:02:36 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
    [2010/04/16 22:02:02 | 007,395,248 | -H-- | M] () -- C:\Users\Jason\AppData\Local\IconCache.db
    [2010/04/16 21:53:18 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
    [2010/04/16 21:48:34 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
    [2010/04/16 12:30:54 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
    [2010/04/14 14:43:54 | 000,002,955 | ---- | M] () -- C:\Users\Jason\Desktop\HiJackThis.lnk
    [2010/04/14 14:42:45 | 001,401,344 | ---- | M] () -- C:\HijackThis.msi
    [2010/04/12 16:04:46 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2010/04/01 14:35:22 | 000,347,336 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
    [2010/03/31 11:30:25 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
    [2010/03/30 13:08:14 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
    [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/03/21 22:35:45 | 000,000,132 | ---- | M] () -- C:\Windows\SysNative\rezumatenoi.dat
    [2010/03/21 22:03:42 | 000,102,720 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\drivers\bdhv.sys
    [2010/03/21 22:03:41 | 000,163,936 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\drivers\bdfm.sys
    [2010/03/21 21:50:35 | 000,000,850 | ---- | M] () -- C:\Windows\SysNative\ProductTweaks.xml
    [2010/03/21 21:50:35 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml

    ========== Files Created - No Company Name ==========

    [2010/04/14 14:43:54 | 000,002,955 | ---- | C] () -- C:\Users\Jason\Desktop\HiJackThis.lnk
    [2010/04/14 14:42:44 | 001,401,344 | ---- | C] () -- C:\HijackThis.msi
    [2010/04/12 16:00:45 | 000,019,016 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
    [2010/04/02 09:40:06 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\cpwmon64.dll
    [2010/03/31 16:22:55 | 000,011,274 | ---- | C] () -- C:\Users\Jason\Desktop\Weekly Shift.docx
    [2010/03/21 21:50:35 | 000,000,850 | ---- | C] () -- C:\Windows\SysNative\ProductTweaks.xml
    [2010/03/21 21:50:35 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
    [2010/02/09 20:53:17 | 000,000,632 | RHS- | C] () -- C:\Users\Jason\ntuser.pol
    [2010/02/08 18:49:04 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
    [2010/01/30 15:43:20 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
    [2010/01/30 12:17:49 | 000,000,000 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ab_bl.sig
    [2009/12/27 10:08:31 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
    [2009/12/26 13:47:56 | 000,003,584 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/12/23 23:08:07 | 000,000,020 | ---- | C] () -- C:\Windows\NNS.INI
    [2009/12/12 22:11:37 | 000,023,034 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/12/01 17:31:04 | 000,000,140 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\wklnhst.dat
    [2009/11/07 10:06:21 | 000,000,083 | ---- | C] () -- C:\Windows\VSWizard.ini
    [2009/10/26 14:14:16 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
    [2009/10/26 14:13:28 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
    [2009/10/26 14:13:18 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
    [2009/10/26 12:35:29 | 003,407,872 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT
    [2009/10/26 12:35:29 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
    [2009/10/26 12:35:29 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
    [2009/10/26 12:35:29 | 000,262,144 | -HS- | C] () -- C:\Users\Jason\ntuser.dat.LOG1
    [2009/10/26 12:35:29 | 000,065,536 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
    [2009/10/26 12:35:29 | 000,000,020 | -HS- | C] () -- C:\Users\Jason\ntuser.ini
    [2009/10/26 12:35:29 | 000,000,000 | -HS- | C] () -- C:\Users\Jason\ntuser.dat.LOG2
    [2009/10/22 20:15:56 | 000,146,098 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
    [2009/10/22 20:01:22 | 004,426,841 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
    [2009/10/17 00:58:06 | 000,176,640 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
    [2009/10/17 00:57:06 | 000,117,760 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
    [2009/10/17 00:04:24 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
    [2009/10/17 00:04:08 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
    [2009/10/17 00:03:48 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
    [2009/10/17 00:03:44 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
    [2009/10/17 00:03:40 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
    [2009/10/16 23:10:10 | 000,256,512 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
    [2009/10/16 21:53:32 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
    [2009/10/16 21:53:20 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2009/10/16 20:40:42 | 000,849,136 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
    [2009/10/16 20:38:20 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2009/10/16 20:35:50 | 000,237,056 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
    [2009/10/16 20:08:54 | 000,557,469 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
    [2009/10/16 20:04:28 | 001,391,379 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
    [2009/07/15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
    [2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
    [2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
    [2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
    [2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
    [2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
    [2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
    [2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
    [2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
    [2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
    [2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
    [2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
    [2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
    [2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
    [2007/07/10 18:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:CB0AACC9
    < End of report >
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    The ESET scan should allow you to save a log which would list those files found, can you please try it again and save a log of the scan.

    Please do the following:


    Press the windows key + R to open a run box, copy paste the following into the open run box >OK

    Go Start > Run and copy/paste the following single-line command into the Run box and click OK:


    NEXT


    Visit ADOBEand download the latest version of Acrobat Reader (version 9.3)
    Having the latest updates ensures there are no security vulnerabilities in your system.


    NEXT



    Go to windows key + R to open a run box > copy/paste the following text into the open run box > javacpl.cpl
    > Press Enter > Select the Update tab > Click Update now


    How is the computer running? Are there any outstanding issues?
     
  11. Jason-m

    Jason-m Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    9
    Did the first steps but when i paste javacpl.cpl
    i get windows cannot find javacpl.cpl
     
  12. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please do it this way then

    Java&#8482; 6 Update 19 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
    An update should begin; > follow the prompts.


    Now is the computer running? Are there any outstanding issues?
     
  13. Jason-m

    Jason-m Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    9
    Have updated Java, rebooted and it has not asked to qurantine the items, fingers crossed its gone....thanks for all the time and help you have given..
     
  14. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    The items found by ESET haven't been addressed yet.

    Were you able to note down what they were?

    If not please rescan, see if you can save the log this time, if not, please note what the infections were so I can see if they need to be deleted or are False Positives.

    How is the computer running?
     
  15. Jason-m

    Jason-m Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    9
    Hello have rescanned with ESET and it found 4 threats again but they are not the relevant knowledge problem they have been on my pc for years

    :\Tools\DBOX2\FlashFXP.v3.4.Build.1140.Final.WinALL.Regged-VDOWN\vd-fxp34.zip a variant of Win32/HackTool.Patcher.A application
    C:\Tools\Movie Tools\Nero 9 with serial\nero9.iso Win32/Toolbar.AskSBar application
    C:\Tools\System Tools\Old Tools\Nod32 3.0.621.0 Finally with a fix\NOD32_v3_FiX_1.1-TemDono.exe Win32/HackAV.AJ application
    C:\Tools\System Tools\Old Tools\RegistryFix v3.0 + Key\registryfix.exe a variant of Win32/Adware.ErrorClean application

    PC has been rebooted a few times now and not once has it asked for the relevant files to be quarantined, everything seems to be running fine apart from everythime i click a link in explorer now the screen flashes black
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/916829

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice