Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen of Death


  • This topic is locked This topic is locked
17 replies to this topic

#1 Tauni

Tauni

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Massachusetts
  • Local time:07:47 PM

Posted 13 April 2011 - 06:24 PM

I recently started experiencing the Blue Screen of Death, when I click on links in google and yahoo search they are all redirected. I also get pop up tabs for random ads and virus scans... AND log showing SEVERAL missing system files which I believe may be just a false read due to a virus... I have tried and uninstalled NUMEROUS anti spyware/adware programs with no result... Still having issues.... I have a Hijack this log form a scan I just did... Please let me know what might be wrong please.

Logfile of HijackThis v1.99.1
Scan saved at 7:20:24 PM, on 4/13/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\YouTube Downloader\YouTubeDownloader.exe
C:\Program Files (x86)\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: RuneScape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\prxtbRun2.dll
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: BHO Project - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - (no file)
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files (x86)\ChameleonTom\wit4ie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: RuneScape - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\prxtbRun2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: RuneScape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\prxtbRun2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Flash Movie Extractor Scout LITE - {52E09520-459A-4C34-96C2-F07B35FCD921} - C:\Program Files (x86)\Flash Movie Extractor Scout LITE\flashextract.exe
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra button: Flash Movie Extractor Scout LITE - {7FC02908-5227-4812-948F-D089FE5F25EB} - C:\Program Files (x86)\Flash Movie Extractor Scout LITE\flashextract.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.facebook.com
O15 - Trusted Zone: http://www.fubar.com
O15 - Trusted Zone: http://www.perfectworld.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate1ca89da10e54308) (gupdate1ca89da10e54308) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)


Thanx for taking time to look this over for me.

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 23 April 2011 - 06:36 AM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Tauni

Tauni
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Massachusetts
  • Local time:07:47 PM

Posted 23 April 2011 - 05:43 PM

I ran both scans as requested. I ran OTL 3 times only got 1 log. I ran GMER which only had a few option boxes available for checking all others were disabled. After scanning it came up blank. I am also running 64 bit windows but I tried anyway... I also ran a DDS scan but did not post log. If you want DDS Log let me know.

Here is the only log I have its the OTL log. I have no idea what other log I was supposed to get from OTL.

I am posting it on next reply because for some reason it is cutting it off short when it posts...

Edited by Tauni, 23 April 2011 - 05:54 PM.


#4 Tauni

Tauni
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Massachusetts
  • Local time:07:47 PM

Posted 23 April 2011 - 05:56 PM

OTL logfile created on: 4/23/2011 5:49:05 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Shawty\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 28.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 43.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 30.33 Gb Free Space | 22.15% Space Free | Partition Type: NTFS

Computer Name: SHAWTYS-PC | User Name: Shawty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/23 16:48:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shawty\Desktop\OTL.exe
PRC - [2011/04/15 07:20:46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/28 17:13:56 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/01 20:11:16 | 002,803,200 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files (x86)\DAP\DAP.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe


========== Modules (SafeList) ==========

MOD - [2011/04/23 16:48:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shawty\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 21:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/07/22 12:04:18 | 000,083,912 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe -- (CPMService)
SRV:64bit: - [2009/08/06 00:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 08:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/04/09 14:04:52 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2011/04/09 14:01:03 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/02/28 17:13:56 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/09 14:17:53 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/04/09 14:17:52 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/04/09 14:17:09 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011/04/07 17:26:24 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/04/02 22:40:13 | 000,860,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/21 04:40:06 | 000,259,808 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cumon.sys -- (cumon)
DRV:64bit: - [2010/07/16 02:24:42 | 000,022,888 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\evdd.sys -- (Evdd)
DRV:64bit: - [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/29 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/16 07:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2007/06/29 16:31:54 | 000,677,376 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2009/03/25 23:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e627&r=273611090805l0344z195r48n23248
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e627&r=273611090805l0344z195r48n23248
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\prxtbRun2.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.jzip.com
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\URLSearchHook: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\prxtbRun2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/11/30 07:13:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2011/04/11 23:14:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com [2010/06/24 14:10:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/15 07:20:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/15 07:25:33 | 000,000,000 | ---D | M]

[2011/04/12 19:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shawty\AppData\Roaming\Mozilla\Extensions
[2011/04/23 13:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shawty\AppData\Roaming\Mozilla\Firefox\Profiles\it6yrjuy.default\extensions
[2011/04/15 18:57:36 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Shawty\AppData\Roaming\Mozilla\Firefox\Profiles\it6yrjuy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/04/12 19:19:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Shawty\AppData\Roaming\Mozilla\Firefox\Profiles\it6yrjuy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/04/12 19:20:31 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Shawty\AppData\Roaming\Mozilla\Firefox\Profiles\it6yrjuy.default\extensions\personas@christopher.beard
[2011/04/23 13:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/06 12:07:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/06/24 14:10:42 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\PROGRAM FILES (X86)\AUTOCOMPLETEPRO\SUPPORT@PREDICTAD.COM
[2009/12/01 20:11:15 | 000,000,000 | ---D | M] (Download Accelerator Plus Integration) -- C:\PROGRAM FILES (X86)\DAP\DAPFIREFOX
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No CLSID value found.
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - File not found
O2 - BHO: (RuneScape Toolbar) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\prxtbRun2.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (RuneScape Toolbar) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\prxtbRun2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\Toolbar\WebBrowser: (RuneScape Toolbar) - {A8864317-E18B-4292-99D9-E6E65AB905D3} - C:\Program Files (x86)\Runescape\prxtbRun2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Flash Movie Extractor Scout LITE - {52E09520-459A-4C34-96C2-F07B35FCD921} - C:\Program Files (x86)\Flash Movie Extractor Scout LITE\flashextract.exe ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Flash Movie Extractor Scout LITE - {7FC02908-5227-4812-948F-D089FE5F25EB} - C:\Program Files (x86)\Flash Movie Extractor Scout LITE\flashextract.exe ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: fubar.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: perfectworld.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: yahoo.com ([m.www] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.29 66.189.0.30
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bbe0529c-2b2c-11df-a28e-002622670f7b}\Shell - "" = AutoRun
O33 - MountPoints2\{bbe0529c-2b2c-11df-a28e-002622670f7b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe - (Philips)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk - C:\Windows\Installer\{038A524F-58DB-438A-8391-8F7F0CA14B9E}\Icon038A524F.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: AVG9_TRAY - hkey= - key= - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Search Protection - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SelectRebates - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: Windows Mobile-based device management - hkey= - key= - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: YSearchProtection - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - ac3filter.acm File not found
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/23 16:48:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Shawty\Desktop\OTL.exe
[2011/04/15 07:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/04/14 11:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dialpad Communications
[2011/04/14 11:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DialpadChameleon
[2011/04/14 11:11:37 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dialpad Communications
[2011/04/12 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\Mozilla
[2011/04/12 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Local\Mozilla
[2011/04/12 19:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/04/12 11:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HijackThis
[2011/04/11 22:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011/04/11 22:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2011/04/11 18:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/04/11 18:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/11 17:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/04/10 18:12:45 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Local\Threat Expert
[2011/04/10 16:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/04/10 16:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/04/10 16:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2011/04/10 16:44:41 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\PC Tools
[2011/04/10 16:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/10 16:03:50 | 000,000,000 | ---D | C] -- C:\Users\Shawty\Documents\Computer Health Logs
[2011/04/10 15:55:32 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\ParetoLogic
[2011/04/10 15:55:32 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\DriverCure
[2011/04/10 15:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/04/10 15:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2011/04/10 10:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inet 2000spyware Removal Tool
[2011/04/10 10:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inet 2000spyware Removal Tool
[2011/04/10 10:22:08 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Local\AVG Security Toolbar
[2011/04/10 09:31:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/04/09 23:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2011/04/09 23:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/04/09 23:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/04/09 23:15:36 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\Malwarebytes
[2011/04/09 23:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/09 23:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/09 14:17:52 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2011/04/09 14:09:55 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/04/09 12:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/04/09 12:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011/04/09 12:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011/04/09 12:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/04/08 20:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/08 19:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/08 19:44:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/04/08 11:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/04/08 11:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/04/07 17:26:24 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/04/03 14:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/04/02 23:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2011/04/02 23:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/04/02 23:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/04/02 23:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/04/02 23:25:49 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\DAEMON Tools Lite
[2011/04/02 22:40:13 | 000,860,656 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2011/04/02 22:39:31 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\DAEMON Tools
[2011/04/01 11:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Movie Extractor Scout LITE
[2011/04/01 11:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Movie Extractor Scout LITE
[2011/03/29 14:32:44 | 000,000,000 | ---D | C] -- C:\Users\Shawty\Documents\My NEW Cover Letters and Resumes
[2011/03/29 13:45:39 | 000,000,000 | ---D | C] -- C:\Users\Shawty\Documents\Bus Schedules
[2011/03/28 19:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZSoft
[2011/03/28 19:05:38 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZSoft
[2011/03/28 19:05:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZSoft
[2011/03/28 18:38:17 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\ErrorExpert
[2011/03/28 13:28:23 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Local\fontviewer
[2011/03/28 13:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontViewer
[2011/03/28 13:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FontViewer
[2011/03/27 20:41:22 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\Jasc
[2011/03/27 12:03:08 | 000,000,000 | ---D | C] -- C:\Users\Shawty\Documents\Stuff To Go Thru
[2011/03/26 16:30:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2011/03/26 16:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011/03/26 16:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2011/03/26 14:27:44 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\ICQ
[2011/03/26 14:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.4
[2011/03/26 13:58:52 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\mIRC
[2011/03/25 19:46:43 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SwiftKit
[2011/03/25 19:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SwiftKit
[2011/03/25 19:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SwiftKit
[2011/03/25 19:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDYNE
[2011/03/25 13:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2011/03/25 13:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Weather Channel FW
[2011/03/25 13:27:00 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Local\The Weather Channel
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/23 17:12:15 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/23 16:48:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shawty\Desktop\OTL.exe
[2011/04/23 16:42:04 | 000,625,664 | ---- | M] () -- C:\Users\Shawty\Desktop\dds.scr
[2011/04/23 13:39:05 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\COMODO System Cleaner Update.job
[2011/04/23 13:17:08 | 000,000,129 | ---- | M] () -- C:\Users\Shawty\jagex_runescape_preferences2.dat
[2011/04/23 12:12:12 | 000,000,034 | ---- | M] () -- C:\Users\Shawty\jagex_runescape_preferences.dat
[2011/04/23 08:58:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/23 08:58:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/23 08:48:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/23 08:48:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/23 08:46:59 | 1406,177,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/22 22:06:50 | 304,884,943 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/22 08:35:06 | 000,016,662 | ---- | M] () -- C:\Users\Shawty\AppData\Roaming\wklnhst.dat
[2011/04/19 19:17:59 | 000,007,602 | ---- | M] () -- C:\Users\Shawty\AppData\Local\resmon.resmoncfg
[2011/04/19 17:07:36 | 000,471,040 | ---- | M] () -- C:\Users\Shawty\Desktop\hprprfr.wps
[2011/04/19 14:29:44 | 000,017,920 | ---- | M] () -- C:\Users\Shawty\Desktop\Online Resume - General Employment.wps
[2011/04/15 07:25:40 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/14 18:59:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/14 18:59:24 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/14 18:59:24 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/14 11:22:27 | 000,085,514 | ---- | M] () -- C:\Windows\DialpadChameleon Uninstaller.exe
[2011/04/14 11:22:26 | 000,001,065 | ---- | M] () -- C:\Users\Shawty\Desktop\DialpadChameleon.lnk
[2011/04/13 10:30:32 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011/04/12 19:08:21 | 000,001,972 | ---- | M] () -- C:\Users\Shawty\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/12 19:08:21 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/12 11:46:35 | 000,001,483 | ---- | M] () -- C:\Users\Shawty\Desktop\HijackThis.exe - Shortcut.lnk
[2011/04/11 22:50:39 | 000,001,620 | ---- | M] () -- C:\Users\Shawty\Desktop\DivX Movies.lnk
[2011/04/10 16:16:01 | 000,012,322 | -HS- | M] () -- C:\Users\Shawty\AppData\Local\jbh27swk8608knbyp822
[2011/04/10 16:16:01 | 000,012,322 | -HS- | M] () -- C:\ProgramData\jbh27swk8608knbyp822
[2011/04/10 04:38:10 | 000,000,036 | ---- | M] () -- C:\Users\Shawty\AppData\Local\housecall.guid.cache
[2011/04/09 14:17:53 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2011/04/09 14:17:52 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2011/04/09 14:17:52 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2011/04/09 14:17:09 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2011/04/09 14:05:00 | 074,417,471 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/04/09 14:04:52 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2011/04/07 17:26:24 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/04/02 22:40:13 | 000,860,656 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2011/04/01 11:50:59 | 000,001,204 | ---- | M] () -- C:\Users\Shawty\Desktop\Flash Movie Extractor Scout LITE.lnk
[2011/03/29 18:13:59 | 000,001,137 | ---- | M] () -- C:\Users\Shawty\Desktop\Universal Gift Collector.lnk
[2011/03/29 12:10:36 | 008,722,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/28 19:05:41 | 000,001,158 | ---- | M] () -- C:\Users\Shawty\Desktop\ZSoft Uninstaller.lnk
[2011/03/26 17:14:05 | 000,000,206 | ---- | M] () -- C:\Users\Shawty\Desktop\ICQ Games.url
[2011/03/26 16:28:54 | 000,001,857 | ---- | M] () -- C:\Users\Shawty\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.4.lnk
[2011/03/26 16:28:54 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011/03/25 20:02:42 | 000,001,016 | ---- | M] () -- C:\Users\Shawty\Desktop\SwiftKit.lnk
[2011/03/25 13:27:17 | 000,001,266 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2011/03/25 05:53:19 | 000,001,443 | ---- | M] () -- C:\Users\Shawty\Desktop\uTorrent.exe - Shortcut.lnk
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/23 16:45:29 | 000,301,568 | ---- | C] () -- C:\Users\Shawty\Desktop\gmer.exe
[2011/04/23 16:41:51 | 000,625,664 | ---- | C] () -- C:\Users\Shawty\Desktop\dds.scr
[2011/04/19 17:07:35 | 000,471,040 | ---- | C] () -- C:\Users\Shawty\Desktop\hprprfr.wps
[2011/04/19 14:29:44 | 000,017,920 | ---- | C] () -- C:\Users\Shawty\Desktop\Online Resume - General Employment.wps
[2011/04/18 10:14:27 | 000,000,129 | ---- | C] () -- C:\Users\Shawty\jagex_runescape_preferences2.dat
[2011/04/18 10:13:06 | 000,000,034 | ---- | C] () -- C:\Users\Shawty\jagex_runescape_preferences.dat
[2011/04/15 07:25:40 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/15 07:25:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/14 11:11:39 | 000,085,514 | ---- | C] () -- C:\Windows\DialpadChameleon Uninstaller.exe
[2011/04/14 11:11:39 | 000,001,065 | ---- | C] () -- C:\Users\Shawty\Desktop\DialpadChameleon.lnk
[2011/04/12 19:08:21 | 000,001,972 | ---- | C] () -- C:\Users\Shawty\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/12 19:08:21 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/12 11:46:35 | 000,001,483 | ---- | C] () -- C:\Users\Shawty\Desktop\HijackThis.exe - Shortcut.lnk
[2011/04/11 22:50:39 | 000,001,620 | ---- | C] () -- C:\Users\Shawty\Desktop\DivX Movies.lnk
[2011/04/10 16:13:44 | 000,012,322 | -HS- | C] () -- C:\Users\Shawty\AppData\Local\jbh27swk8608knbyp822
[2011/04/10 16:13:44 | 000,012,322 | -HS- | C] () -- C:\ProgramData\jbh27swk8608knbyp822
[2011/04/10 04:38:10 | 000,000,036 | ---- | C] () -- C:\Users\Shawty\AppData\Local\housecall.guid.cache
[2011/04/07 17:23:41 | 304,884,943 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/01 11:50:59 | 000,001,204 | ---- | C] () -- C:\Users\Shawty\Desktop\Flash Movie Extractor Scout LITE.lnk
[2011/03/28 19:05:41 | 000,001,158 | ---- | C] () -- C:\Users\Shawty\Desktop\ZSoft Uninstaller.lnk
[2011/03/26 17:14:05 | 000,000,206 | ---- | C] () -- C:\Users\Shawty\Desktop\ICQ Games.url
[2011/03/26 16:28:54 | 000,001,857 | ---- | C] () -- C:\Users\Shawty\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.4.lnk
[2011/03/26 16:28:54 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011/03/25 19:46:43 | 000,001,016 | ---- | C] () -- C:\Users\Shawty\Desktop\SwiftKit.lnk
[2011/03/25 13:27:17 | 000,001,266 | ---- | C] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2011/03/25 05:53:19 | 000,001,443 | ---- | C] () -- C:\Users\Shawty\Desktop\uTorrent.exe - Shortcut.lnk
[2011/03/17 15:01:56 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010/11/19 00:30:13 | 000,144,768 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/10/26 20:25:45 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI
[2010/08/04 16:53:56 | 000,016,662 | ---- | C] () -- C:\Users\Shawty\AppData\Roaming\wklnhst.dat
[2010/07/18 22:01:25 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/20 12:35:51 | 000,000,004 | ---- | C] () -- C:\Users\Shawty\AppData\Roaming\5FFE9A
[2010/05/20 12:35:50 | 000,870,128 | ---- | C] () -- C:\Users\Shawty\AppData\Roaming\mcs.rma
[2010/04/23 20:41:37 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/03/18 02:20:54 | 000,000,157 | ---- | C] () -- C:\Users\Shawty\AppData\Roaming\mainhst.zgh
[2010/02/18 06:26:19 | 000,005,120 | ---- | C] () -- C:\Users\Shawty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/12 20:28:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/05 00:27:31 | 000,000,287 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/29 00:43:48 | 000,007,602 | ---- | C] () -- C:\Users\Shawty\AppData\Local\resmon.resmoncfg
[2009/08/21 21:42:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/01/20 16:13:57 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\acccore
[2011/04/11 23:13:51 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\AVG9
[2011/03/17 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\BitLord
[2011/03/26 22:18:38 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\BitTorrent
[2010/03/08 00:47:00 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/02 22:39:31 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\DAEMON Tools
[2011/04/13 11:40:23 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\DAEMON Tools Lite
[2011/04/10 15:55:32 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\DriverCure
[2011/03/28 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\ErrorExpert
[2011/02/07 14:17:05 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\GetRightToGo
[2010/04/01 09:47:27 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\GoodSync
[2010/02/23 04:55:36 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\GrabPro
[2011/02/06 03:46:44 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\gtk-2.0
[2011/03/28 10:58:57 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\ICQ
[2011/03/27 20:41:22 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\Jasc
[2010/02/25 15:02:29 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\Orbit
[2011/04/10 15:55:32 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\ParetoLogic
[2010/08/15 18:29:22 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\PlayFirst
[2011/02/06 03:42:29 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\Python-Eggs
[2011/02/06 03:17:02 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\Radical Software Ltd
[2009/11/29 08:15:26 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\SoundSpectrum
[2010/08/04 16:54:00 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\Template
[2009/12/07 03:52:16 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\WildTangent
[2010/03/19 20:36:45 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\ZipGenius
[2011/03/28 08:31:36 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2010/09/01 21:12:55 | 000,000,036 | ---- | M] () -- C:\alrt_204.data
[2009/08/21 22:40:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2010/12/28 07:44:56 | 629,145,600 | -H-- | M] () -- C:\fileimage.dat
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/04/23 08:46:59 | 1406,177,280 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2009/12/27 04:12:14 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03

Edited by Tauni, 23 April 2011 - 06:02 PM.


#5 Tauni

Tauni
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Massachusetts
  • Local time:07:47 PM

Posted 23 April 2011 - 05:59 PM

I tried editing 3 times but report was cut off short... I am attacing complete log so you have ALL information... I D K why it wont allow rest to post...

Edited by Tauni, 23 April 2011 - 06:04 PM.


#6 Tauni

Tauni
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Massachusetts
  • Local time:07:47 PM

Posted 23 April 2011 - 06:06 PM

I am attaching the COMPLETE OTL log here because it keeps cutting it off short when i post it no matter how many times I edit i even broke reply into my comments and posted log seperately... Hope you get this ok...


OTL logfile created on: 4/23/2011 5:49:05 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Shawty\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 28.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 43.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 30.33 Gb Free Space | 22.15% Space Free | Partition Type: NTFS

Computer Name: SHAWTYS-PC | User Name: Shawty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/23 16:48:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shawty\Desktop\OTL.exe
PRC - [2011/04/15 07:20:46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/28 17:13:56 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/01 20:11:16 | 002,803,200 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files (x86)\DAP\DAP.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe


========== Modules (SafeList) ==========

MOD - [2011/04/23 16:48:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shawty\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 21:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/07/22 12:04:18 | 000,083,912 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe -- (CPMService)
SRV:64bit: - [2009/08/06 00:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 08:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/04/09 14:04:52 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2011/04/09 14:01:03 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/02/28 17:13:56 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/09 14:17:53 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/04/09 14:17:52 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/04/09 14:17:09 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011/04/07 17:26:24 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/04/02 22:40:13 | 000,860,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/21 04:40:06 | 000,259,808 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cumon.sys -- (cumon)
DRV:64bit: - [2010/07/16 02:24:42 | 000,022,888 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\evdd.sys -- (Evdd)
DRV:64bit: - [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/29 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/16 07:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2007/06/29 16:31:54 | 000,677,376 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2009/03/25 23:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e627&r=273611090805l0344z195r48n23248
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e627&r=273611090805l0344z195r48n23248
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\prxtbRun2.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.jzip.com
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\URLSearchHook: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\prxtbRun2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/11/30 07:13:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2011/04/11 23:14:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com [2010/06/24 14:10:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/15 07:20:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/15 07:25:33 | 000,000,000 | ---D | M]

[2011/04/12 19:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shawty\AppData\Roaming\Mozilla\Extensions
[2011/04/23 13:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shawty\AppData\Roaming\Mozilla\Firefox\Profiles\it6yrjuy.default\extensions
[2011/04/15 18:57:36 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Shawty\AppData\Roaming\Mozilla\Firefox\Profiles\it6yrjuy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/04/12 19:19:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Shawty\AppData\Roaming\Mozilla\Firefox\Profiles\it6yrjuy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/04/12 19:20:31 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Shawty\AppData\Roaming\Mozilla\Firefox\Profiles\it6yrjuy.default\extensions\personas@christopher.beard
[2011/04/23 13:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/06 12:07:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/06/24 14:10:42 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\PROGRAM FILES (X86)\AUTOCOMPLETEPRO\SUPPORT@PREDICTAD.COM
[2009/12/01 20:11:15 | 000,000,000 | ---D | M] (Download Accelerator Plus Integration) -- C:\PROGRAM FILES (X86)\DAP\DAPFIREFOX
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No CLSID value found.
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - File not found
O2 - BHO: (RuneScape Toolbar) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\prxtbRun2.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (RuneScape Toolbar) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\prxtbRun2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..\Toolbar\WebBrowser: (RuneScape Toolbar) - {A8864317-E18B-4292-99D9-E6E65AB905D3} - C:\Program Files (x86)\Runescape\prxtbRun2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Flash Movie Extractor Scout LITE - {52E09520-459A-4C34-96C2-F07B35FCD921} - C:\Program Files (x86)\Flash Movie Extractor Scout LITE\flashextract.exe ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Flash Movie Extractor Scout LITE - {7FC02908-5227-4812-948F-D089FE5F25EB} - C:\Program Files (x86)\Flash Movie Extractor Scout LITE\flashextract.exe ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: fubar.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: perfectworld.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1188104682-2351754983-976304524-1001\..Trusted Domains: yahoo.com ([m.www] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.29 66.189.0.30
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bbe0529c-2b2c-11df-a28e-002622670f7b}\Shell - "" = AutoRun
O33 - MountPoints2\{bbe0529c-2b2c-11df-a28e-002622670f7b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe - (Philips)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk - C:\Windows\Installer\{038A524F-58DB-438A-8391-8F7F0CA14B9E}\Icon038A524F.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: AVG9_TRAY - hkey= - key= - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Search Protection - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SelectRebates - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: Windows Mobile-based device management - hkey= - key= - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: YSearchProtection - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - ac3filter.acm File not found
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/23 16:48:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Shawty\Desktop\OTL.exe
[2011/04/15 07:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/04/14 11:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dialpad Communications
[2011/04/14 11:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DialpadChameleon
[2011/04/14 11:11:37 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dialpad Communications
[2011/04/12 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\Mozilla
[2011/04/12 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Local\Mozilla
[2011/04/12 19:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/04/12 11:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HijackThis
[2011/04/11 22:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011/04/11 22:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2011/04/11 18:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/04/11 18:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/11 17:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/04/10 18:12:45 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Local\Threat Expert
[2011/04/10 16:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/04/10 16:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/04/10 16:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2011/04/10 16:44:41 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\PC Tools
[2011/04/10 16:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/10 16:03:50 | 000,000,000 | ---D | C] -- C:\Users\Shawty\Documents\Computer Health Logs
[2011/04/10 15:55:32 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\ParetoLogic
[2011/04/10 15:55:32 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\DriverCure
[2011/04/10 15:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/04/10 15:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2011/04/10 10:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inet 2000spyware Removal Tool
[2011/04/10 10:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inet 2000spyware Removal Tool
[2011/04/10 10:22:08 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Local\AVG Security Toolbar
[2011/04/10 09:31:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/04/09 23:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2011/04/09 23:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/04/09 23:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/04/09 23:15:36 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\Malwarebytes
[2011/04/09 23:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/09 23:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/09 14:17:52 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2011/04/09 14:09:55 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/04/09 12:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/04/09 12:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011/04/09 12:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011/04/09 12:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/04/08 20:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/08 19:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/08 19:44:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/04/08 11:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/04/08 11:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/04/07 17:26:24 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/04/03 14:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/04/02 23:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2011/04/02 23:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/04/02 23:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/04/02 23:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/04/02 23:25:49 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\DAEMON Tools Lite
[2011/04/02 22:40:13 | 000,860,656 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2011/04/02 22:39:31 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\DAEMON Tools
[2011/04/01 11:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Movie Extractor Scout LITE
[2011/04/01 11:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Movie Extractor Scout LITE
[2011/03/29 14:32:44 | 000,000,000 | ---D | C] -- C:\Users\Shawty\Documents\My NEW Cover Letters and Resumes
[2011/03/29 13:45:39 | 000,000,000 | ---D | C] -- C:\Users\Shawty\Documents\Bus Schedules
[2011/03/28 19:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZSoft
[2011/03/28 19:05:38 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZSoft
[2011/03/28 19:05:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZSoft
[2011/03/28 18:38:17 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\ErrorExpert
[2011/03/28 13:28:23 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Local\fontviewer
[2011/03/28 13:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontViewer
[2011/03/28 13:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FontViewer
[2011/03/27 20:41:22 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\Jasc
[2011/03/27 12:03:08 | 000,000,000 | ---D | C] -- C:\Users\Shawty\Documents\Stuff To Go Thru
[2011/03/26 16:30:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2011/03/26 16:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011/03/26 16:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2011/03/26 14:27:44 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\ICQ
[2011/03/26 14:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.4
[2011/03/26 13:58:52 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\mIRC
[2011/03/25 19:46:43 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SwiftKit
[2011/03/25 19:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SwiftKit
[2011/03/25 19:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SwiftKit
[2011/03/25 19:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDYNE
[2011/03/25 13:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2011/03/25 13:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Weather Channel FW
[2011/03/25 13:27:00 | 000,000,000 | ---D | C] -- C:\Users\Shawty\AppData\Local\The Weather Channel
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/23 17:12:15 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/23 16:48:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shawty\Desktop\OTL.exe
[2011/04/23 16:42:04 | 000,625,664 | ---- | M] () -- C:\Users\Shawty\Desktop\dds.scr
[2011/04/23 13:39:05 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\COMODO System Cleaner Update.job
[2011/04/23 13:17:08 | 000,000,129 | ---- | M] () -- C:\Users\Shawty\jagex_runescape_preferences2.dat
[2011/04/23 12:12:12 | 000,000,034 | ---- | M] () -- C:\Users\Shawty\jagex_runescape_preferences.dat
[2011/04/23 08:58:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/23 08:58:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/23 08:48:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/23 08:48:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/23 08:46:59 | 1406,177,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/22 22:06:50 | 304,884,943 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/22 08:35:06 | 000,016,662 | ---- | M] () -- C:\Users\Shawty\AppData\Roaming\wklnhst.dat
[2011/04/19 19:17:59 | 000,007,602 | ---- | M] () -- C:\Users\Shawty\AppData\Local\resmon.resmoncfg
[2011/04/19 17:07:36 | 000,471,040 | ---- | M] () -- C:\Users\Shawty\Desktop\hprprfr.wps
[2011/04/19 14:29:44 | 000,017,920 | ---- | M] () -- C:\Users\Shawty\Desktop\Online Resume - General Employment.wps
[2011/04/15 07:25:40 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/14 18:59:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/14 18:59:24 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/14 18:59:24 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/14 11:22:27 | 000,085,514 | ---- | M] () -- C:\Windows\DialpadChameleon Uninstaller.exe
[2011/04/14 11:22:26 | 000,001,065 | ---- | M] () -- C:\Users\Shawty\Desktop\DialpadChameleon.lnk
[2011/04/13 10:30:32 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011/04/12 19:08:21 | 000,001,972 | ---- | M] () -- C:\Users\Shawty\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/12 19:08:21 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/12 11:46:35 | 000,001,483 | ---- | M] () -- C:\Users\Shawty\Desktop\HijackThis.exe - Shortcut.lnk
[2011/04/11 22:50:39 | 000,001,620 | ---- | M] () -- C:\Users\Shawty\Desktop\DivX Movies.lnk
[2011/04/10 16:16:01 | 000,012,322 | -HS- | M] () -- C:\Users\Shawty\AppData\Local\jbh27swk8608knbyp822
[2011/04/10 16:16:01 | 000,012,322 | -HS- | M] () -- C:\ProgramData\jbh27swk8608knbyp822
[2011/04/10 04:38:10 | 000,000,036 | ---- | M] () -- C:\Users\Shawty\AppData\Local\housecall.guid.cache
[2011/04/09 14:17:53 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2011/04/09 14:17:52 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2011/04/09 14:17:52 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2011/04/09 14:17:09 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2011/04/09 14:05:00 | 074,417,471 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/04/09 14:04:52 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2011/04/07 17:26:24 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/04/02 22:40:13 | 000,860,656 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2011/04/01 11:50:59 | 000,001,204 | ---- | M] () -- C:\Users\Shawty\Desktop\Flash Movie Extractor Scout LITE.lnk
[2011/03/29 18:13:59 | 000,001,137 | ---- | M] () -- C:\Users\Shawty\Desktop\Universal Gift Collector.lnk
[2011/03/29 12:10:36 | 008,722,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/28 19:05:41 | 000,001,158 | ---- | M] () -- C:\Users\Shawty\Desktop\ZSoft Uninstaller.lnk
[2011/03/26 17:14:05 | 000,000,206 | ---- | M] () -- C:\Users\Shawty\Desktop\ICQ Games.url
[2011/03/26 16:28:54 | 000,001,857 | ---- | M] () -- C:\Users\Shawty\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.4.lnk
[2011/03/26 16:28:54 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011/03/25 20:02:42 | 000,001,016 | ---- | M] () -- C:\Users\Shawty\Desktop\SwiftKit.lnk
[2011/03/25 13:27:17 | 000,001,266 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2011/03/25 05:53:19 | 000,001,443 | ---- | M] () -- C:\Users\Shawty\Desktop\uTorrent.exe - Shortcut.lnk
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/23 16:45:29 | 000,301,568 | ---- | C] () -- C:\Users\Shawty\Desktop\gmer.exe
[2011/04/23 16:41:51 | 000,625,664 | ---- | C] () -- C:\Users\Shawty\Desktop\dds.scr
[2011/04/19 17:07:35 | 000,471,040 | ---- | C] () -- C:\Users\Shawty\Desktop\hprprfr.wps
[2011/04/19 14:29:44 | 000,017,920 | ---- | C] () -- C:\Users\Shawty\Desktop\Online Resume - General Employment.wps
[2011/04/18 10:14:27 | 000,000,129 | ---- | C] () -- C:\Users\Shawty\jagex_runescape_preferences2.dat
[2011/04/18 10:13:06 | 000,000,034 | ---- | C] () -- C:\Users\Shawty\jagex_runescape_preferences.dat
[2011/04/15 07:25:40 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/15 07:25:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/14 11:11:39 | 000,085,514 | ---- | C] () -- C:\Windows\DialpadChameleon Uninstaller.exe
[2011/04/14 11:11:39 | 000,001,065 | ---- | C] () -- C:\Users\Shawty\Desktop\DialpadChameleon.lnk
[2011/04/12 19:08:21 | 000,001,972 | ---- | C] () -- C:\Users\Shawty\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/12 19:08:21 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/12 11:46:35 | 000,001,483 | ---- | C] () -- C:\Users\Shawty\Desktop\HijackThis.exe - Shortcut.lnk
[2011/04/11 22:50:39 | 000,001,620 | ---- | C] () -- C:\Users\Shawty\Desktop\DivX Movies.lnk
[2011/04/10 16:13:44 | 000,012,322 | -HS- | C] () -- C:\Users\Shawty\AppData\Local\jbh27swk8608knbyp822
[2011/04/10 16:13:44 | 000,012,322 | -HS- | C] () -- C:\ProgramData\jbh27swk8608knbyp822
[2011/04/10 04:38:10 | 000,000,036 | ---- | C] () -- C:\Users\Shawty\AppData\Local\housecall.guid.cache
[2011/04/07 17:23:41 | 304,884,943 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/01 11:50:59 | 000,001,204 | ---- | C] () -- C:\Users\Shawty\Desktop\Flash Movie Extractor Scout LITE.lnk
[2011/03/28 19:05:41 | 000,001,158 | ---- | C] () -- C:\Users\Shawty\Desktop\ZSoft Uninstaller.lnk
[2011/03/26 17:14:05 | 000,000,206 | ---- | C] () -- C:\Users\Shawty\Desktop\ICQ Games.url
[2011/03/26 16:28:54 | 000,001,857 | ---- | C] () -- C:\Users\Shawty\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.4.lnk
[2011/03/26 16:28:54 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011/03/25 19:46:43 | 000,001,016 | ---- | C] () -- C:\Users\Shawty\Desktop\SwiftKit.lnk
[2011/03/25 13:27:17 | 000,001,266 | ---- | C] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2011/03/25 05:53:19 | 000,001,443 | ---- | C] () -- C:\Users\Shawty\Desktop\uTorrent.exe - Shortcut.lnk
[2011/03/17 15:01:56 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010/11/19 00:30:13 | 000,144,768 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/10/26 20:25:45 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI
[2010/08/04 16:53:56 | 000,016,662 | ---- | C] () -- C:\Users\Shawty\AppData\Roaming\wklnhst.dat
[2010/07/18 22:01:25 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/20 12:35:51 | 000,000,004 | ---- | C] () -- C:\Users\Shawty\AppData\Roaming\5FFE9A
[2010/05/20 12:35:50 | 000,870,128 | ---- | C] () -- C:\Users\Shawty\AppData\Roaming\mcs.rma
[2010/04/23 20:41:37 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/03/18 02:20:54 | 000,000,157 | ---- | C] () -- C:\Users\Shawty\AppData\Roaming\mainhst.zgh
[2010/02/18 06:26:19 | 000,005,120 | ---- | C] () -- C:\Users\Shawty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/12 20:28:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/05 00:27:31 | 000,000,287 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/29 00:43:48 | 000,007,602 | ---- | C] () -- C:\Users\Shawty\AppData\Local\resmon.resmoncfg
[2009/08/21 21:42:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/01/20 16:13:57 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\acccore
[2011/04/11 23:13:51 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\AVG9
[2011/03/17 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\BitLord
[2011/03/26 22:18:38 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\BitTorrent
[2010/03/08 00:47:00 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/02 22:39:31 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\DAEMON Tools
[2011/04/13 11:40:23 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\DAEMON Tools Lite
[2011/04/10 15:55:32 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\DriverCure
[2011/03/28 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\ErrorExpert
[2011/02/07 14:17:05 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\GetRightToGo
[2010/04/01 09:47:27 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\GoodSync
[2010/02/23 04:55:36 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\GrabPro
[2011/02/06 03:46:44 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\gtk-2.0
[2011/03/28 10:58:57 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\ICQ
[2011/03/27 20:41:22 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\Jasc
[2010/02/25 15:02:29 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\Orbit
[2011/04/10 15:55:32 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\ParetoLogic
[2010/08/15 18:29:22 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\PlayFirst
[2011/02/06 03:42:29 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\Python-Eggs
[2011/02/06 03:17:02 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\Radical Software Ltd
[2009/11/29 08:15:26 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\SoundSpectrum
[2010/08/04 16:54:00 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\Template
[2009/12/07 03:52:16 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\WildTangent
[2010/03/19 20:36:45 | 000,000,000 | ---D | M] -- C:\Users\Shawty\AppData\Roaming\ZipGenius
[2011/03/28 08:31:36 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2010/09/01 21:12:55 | 000,000,036 | ---- | M] () -- C:\alrt_204.data
[2009/08/21 22:40:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2010/12/28 07:44:56 | 629,145,600 | -H-- | M] () -- C:\fileimage.dat
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/04/23 08:46:59 | 1406,177,280 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2009/12/27 04:12:14 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/02/16 15:37:55 | 000,000,700 | -H-- | M] () -- C:\IPH.PH
[2011/04/23 08:47:02 | 1874,907,136 | -HS- | M] () -- C:\pagefile.sys
[2009/08/21 21:50:54 | 000,002,051 | ---- | M] () -- C:\RHDSetup.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[3 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5

< End of report >

Attached Files

  • Attached File  OTL.Txt   114.5KB   1 downloads

Edited by etavares, 24 April 2011 - 10:12 AM.
Add OTL log


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 24 April 2011 - 10:21 AM

Hello, Tauni.

Some viruses try to make it difficult to fix and do cut off logs like this. Thanks for attaching it instead.


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case ). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.


Conduit Toolbar Warning"

I see you have the a Conduit toolbar installed. This often is recognized as trackware and I recommend you remove it.

If you would like to remove it, please go to add/Remove Programs and uninstall Runescape, Zynga Community.


Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 2


In your reply, please also let me know if you are still being redirected, and if it is just one browser (Internet Explorer or Firefox), or both.



etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 27 April 2011 - 05:34 PM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Tauni

Tauni
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Massachusetts
  • Local time:07:47 PM

Posted 27 April 2011 - 05:48 PM

Yes I am... I tried to run combo fix but it keeps saying didn't install correctly... Everytime I try to re-install it has error that it didnt install correctly...

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 27 April 2011 - 05:57 PM

What's the exact error you are getting? The virus may be blocking this, but we have other approaches we can use.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 Tauni

Tauni
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Massachusetts
  • Local time:07:47 PM

Posted 28 April 2011 - 09:49 AM

Welll the error apparently had to do with AVG... I uninstalled AVG and it ran fine... After running it deleted alot of files and folders associated with Auto Complete Pro... After i tried clicking links from yahoo search and nothing is being redirected as of this moment... I will let you know if that changes... Here is the complete log file...

ComboFix 11-04-27.03 - Shawty 04/28/2011 10:10:29.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.940 [GMT -4:00]
Running from: c:\users\Shawty\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\AcRemoteUpdate.exe
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\TaskScheduler.dll
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
C:\tmp.tmp
C:\tmp2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 )))))))))))))))))))))))))))))))
.
.
2011-04-25 00:09 . 2011-04-25 00:09 -------- d-----w- c:\program files (x86)\MediaJoin
2011-04-25 00:08 . 2011-04-25 00:08 -------- d-----w- c:\users\Shawty\AppData\Roaming\Seven Zip
2011-04-24 03:51 . 2011-04-24 03:51 -------- d-----w- C:\31d192d85fcbe2829a13
2011-04-24 03:45 . 2011-04-24 03:45 -------- d-----w- C:\b5946dc5614972eef7d0969b9b82
2011-04-24 03:42 . 2011-02-23 05:15 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-24 02:36 . 2011-04-24 02:35 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\REN6400.tmp
2011-04-24 01:16 . 2011-02-03 01:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\REN202D.tmp
2011-04-15 11:24 . 2011-04-24 03:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-04-14 15:11 . 2011-04-14 15:22 85514 ----a-w- c:\windows\DialpadChameleon Uninstaller.exe
2011-04-14 15:11 . 2011-04-14 15:42 -------- d-----w- c:\program files (x86)\DialpadChameleon
2011-04-12 23:03 . 2011-04-12 22:30 19416 ----a-w- c:\program files (x86)\Mozilla Firefox\nstBF53.tmp\xpcom.dll
2011-04-12 02:50 . 2011-04-12 02:50 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-04-11 22:36 . 2011-04-11 22:36 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2011-04-11 22:36 . 2011-04-11 22:36 -------- d-----w- c:\programdata\Kaspersky Lab
2011-04-11 22:20 . 2011-04-11 22:20 -------- d-----w- C:\kleaner.tmp
2011-04-11 21:50 . 2011-04-12 03:06 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-04-10 22:12 . 2011-04-10 22:12 -------- d-----w- c:\users\Shawty\AppData\Local\Threat Expert
2011-04-10 20:44 . 2011-04-10 20:48 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-04-10 20:44 . 2011-04-11 03:56 -------- d-----w- c:\program files (x86)\Spyware Doctor
2011-04-10 20:44 . 2011-04-10 20:44 -------- d-----w- c:\users\Shawty\AppData\Roaming\PC Tools
2011-04-10 20:44 . 2011-04-10 20:44 -------- d-----w- c:\programdata\PC Tools
2011-04-10 19:55 . 2011-04-10 19:55 -------- d-----w- c:\users\Shawty\AppData\Roaming\ParetoLogic
2011-04-10 19:55 . 2011-04-10 19:55 -------- d-----w- c:\users\Shawty\AppData\Roaming\DriverCure
2011-04-10 19:53 . 2011-04-10 20:46 -------- d-----w- c:\programdata\ParetoLogic
2011-04-10 19:53 . 2011-04-10 19:53 -------- d-----w- c:\program files (x86)\ParetoLogic
2011-04-10 14:43 . 2011-04-11 03:56 -------- d-----w- c:\program files (x86)\Inet 2000spyware Removal Tool
2011-04-10 14:22 . 2011-04-10 14:22 -------- d-----w- c:\users\Shawty\AppData\Local\AVG Security Toolbar
2011-04-10 13:31 . 2011-04-10 21:15 -------- d--h--w- c:\programdata\Common Files
2011-04-10 03:17 . 2011-04-12 03:14 -------- d-----w- c:\program files (x86)\STOPzilla!
2011-04-10 03:17 . 2011-04-12 03:04 -------- d-----w- c:\programdata\STOPzilla!
2011-04-10 03:17 . 2011-04-12 03:03 -------- d-----w- c:\program files (x86)\Common Files\iS3
2011-04-10 03:15 . 2011-04-10 03:15 -------- d-----w- c:\users\Shawty\AppData\Roaming\Malwarebytes
2011-04-10 03:15 . 2011-04-12 03:04 -------- d-----w- c:\programdata\Malwarebytes
2011-04-10 03:15 . 2011-04-12 03:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-09 18:09 . 2011-04-28 13:56 -------- d-----w- C:\$AVG
2011-04-09 16:47 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-04-09 16:47 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2011-04-09 16:46 . 2011-04-09 16:46 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-04-09 16:46 . 2011-04-12 00:08 -------- d-----w- c:\program files (x86)\Winamp
2011-04-09 16:15 . 2011-04-12 03:13 -------- d-----w- c:\program files (x86)\Real
2011-04-09 00:04 . 2011-04-12 03:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-08 23:44 . 2011-04-09 13:18 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-04-08 23:44 . 2011-04-09 13:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-08 15:17 . 2011-04-12 03:13 -------- d-----w- c:\program files\DivX
2011-04-08 15:14 . 2011-04-12 03:13 -------- d-----w- c:\programdata\DivX
2011-04-07 21:26 . 2011-04-07 21:26 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-06 02:54 . 2011-04-06 02:54 -------- d-----w- c:\users\Public\Recorded TV
2011-04-03 18:27 . 2011-04-15 11:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-04-03 03:27 . 2011-04-08 01:21 -------- d-----w- c:\program files (x86)\DAEMON Tools Toolbar
2011-04-03 03:26 . 2011-04-07 21:26 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-04-03 03:25 . 2011-04-03 03:25 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-04-03 03:25 . 2011-04-13 15:40 -------- d-----w- c:\users\Shawty\AppData\Roaming\DAEMON Tools Lite
2011-04-03 02:40 . 2011-04-03 02:40 860656 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-03 02:39 . 2011-04-03 02:39 -------- d-----w- c:\users\Shawty\AppData\Roaming\DAEMON Tools
2011-04-02 22:20 . 2011-04-02 23:02 -------- d-----w- c:\users\Public\For Kevin
2011-04-01 15:50 . 2011-04-01 15:50 -------- d-----w- c:\program files (x86)\Flash Movie Extractor Scout LITE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-19 18:01 . 2009-12-04 18:47 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-19 18:01 . 2009-12-04 18:46 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-19 18:00 . 2011-03-13 17:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-13 14:31 . 2009-12-19 03:53 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-13 14:31 . 2010-07-29 19:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-14 14:19 . 2011-03-14 14:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-4\Microsoft.MediaCenter.Sports.UI.dll
2011-03-13 17:07 . 2009-12-06 22:41 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-09 15:26 . 2009-12-04 18:46 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files (x86)\Runescape\prxtbRun2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Runescape\prxtbRun2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files (x86)\Runescape\prxtbRun2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R0 CFRMD;CFRMD; [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [x]
R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [x]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100119.001\IDSvia64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca89da10e54308;Google Update Service (gupdate1ca89da10e54308);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-31 133104]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1007020.00B\SYMNDISV.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CPMService;COMODO Programs Manager Service;c:\program files\COMODO\COMODO Programs Manager\CPMService.exe [2010-07-22 83912]
S0 cumon;cumon;c:\windows\system32\drivers\cumon.sys [x]
S0 Evdd;Evdd;c:\windows\system32\drivers\evdd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-24 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files (x86)\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 20:41]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-31 05:28]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-31 05:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-08-06 828960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{52E09520-459A-4C34-96C2-F07B35FCD921} - c:\program files (x86)\Flash Movie Extractor Scout LITE\flashextract.exe
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
IE: {{7FC02908-5227-4812-948F-D089FE5F25EB} - c:\program files (x86)\Flash Movie Extractor Scout LITE\flashextract.exe
FF - ProfilePath - c:\users\Shawty\AppData\Roaming\Mozilla\Firefox\Profiles\it6yrjuy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Download Accelerator Plus Integration: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files (x86)\DAP\DAPFireFox
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-AutocompletePro2_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash8g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash8g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash8g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash8g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash8g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-28 10:27:36
ComboFix-quarantined-files.txt 2011-04-28 14:27
.
Pre-Run: 19,549,048,832 bytes free
Post-Run: 19,230,961,664 bytes free
.
- - End Of File - - 425C309A5AF10D845F1AD5C5500CC3C4

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 28 April 2011 - 05:00 PM

Hello, Tauni.

Sorry about that...If I had seen any reference to AVG in your logs, I would have warned you. There should have been a popup with Combofix, but maybe this version didn't have it. There is no way to disable AVG properly to enable Combofix to run, unfortunately. It's best to temporarily uninstall it, and install another A/V, or run combofix, then reinstall AVG.




Step 1

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. We can reinstall it when we're done with CF. Please let me know if you do uninstall it.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

File::
C:\Users\Shawty\AppData\Local\jbh27swk8608knbyp822
C:\ProgramData\jbh27swk8608knbyp822
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 2


Now, are you getting popups or the blue screen errors anymore? Or have those stopped as well?

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 01 May 2011 - 01:12 PM

still there?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 Tauni

Tauni
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Massachusetts
  • Local time:07:47 PM

Posted 01 May 2011 - 01:35 PM

Yes.. I lost everything could not reboot system kept in a reboot cycle would not even boot into safe mode... tried everything to recover it but could not... Now I have done a factory restore and my mission now is trying to retrieve all my lost music, images, videos, and documents from the FAT partition if that is even possible... I am trying to find a way without paying 69 dollars for software to do it...

Edited by Tauni, 01 May 2011 - 01:36 PM.


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 01 May 2011 - 02:01 PM

That's unfortunate, if you had told me that, we have other tools that we could have recovered your data and stopped the reboot cycle.

The good news is that we can guarantee you are 100% clean of infection at this point, but factory restores typically restores the partition structure and file system as it was on day 1 when you purchased it. Recovery software might be able to get something out of it, but maybe not. It all depends if the information was written over as part of the restore or afterwards. The more you install, save or use your computer, the less likely you will be able to recovery anything.

PC INSPECTOR is freeware that claims it can do this.
TeskDisk may be able to help as well.

Unfortunately, I'm not familiar with either software, but I know they have been recommended my some of my colleagues.

I did have luck using DiskInternals a while back myself. It was very pricey, but it did the job well.

Hope that helps.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users